[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Replication Issue

Posted on 2011-10-27
10
Medium Priority
?
294 Views
Last Modified: 2012-12-26
I started getting this in one of the subdomain servers. Any ideas on how to fix it? Wasn't this supposed to be an automated task?

The certificate presented by the following domain controller for intersite replication was rejected because the certification authority is not trusted.
 
Domain controller:
jax1.jacksonville.healthcare.cns
Certification authority:
ADM1
 
Replication access has been denied to the domain controller listed above and the certificate has been discarded.
 
Additional Data
Error value:
0 The operation completed successfully.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:cnshealthcare
9 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 37041057
Do you use SMTP replication between DCs? Who is the issuer of certificate used on that/those DC(s)?

Regards,
Krzysztof
0
 
LVL 6

Expert Comment

by:infoplateform
ID: 37050389
The certificate presented by the specified domain controller for intersite replication was rejected because the certification authority is not trusted. Replication access was denied to the domain controller and the certificate was discarded. The name of the certificate authority does not match the name expected by the domain controller. This might be a malicious computer. Verify that the domain controller presenting the certificate is a trusted domain controller.

http://kb.prismmicrosys.com/evtpass/evtpages/EventId_1223_ActiveDirectory_42872.asp


0
 
LVL 1

Author Comment

by:cnshealthcare
ID: 37056323
Yes, SMTP is used, and the issuer is my ADM1 server (adm1.healthcare.cns). The server in questions is jax1.jacksonville.healthcare.cns.

0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 37056526
OK, so make sure on that server or in CA console if that certificate is not expired or if your CA service is up and running. This looks like there is no possibility to contact CA or CRL.

Can you verify event logs on your CA server for errors, please?

Krzysztof
0
 
LVL 1

Author Comment

by:cnshealthcare
ID: 37056726
Hey Krystztof,

the JAX1 domain controller certificate is expired. The CA Authority cert good until 2013, the CA is up and running and can be reached from JAX1.jacksonville.healthcare.cns. The CA shows no errors in the log.

I think I need to somehow renew the JAX certificate, however, it would not alow me. I had verified that ADM1 is added to the Trusted Root Certs in JAX1.

Thanks for your help!
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 37056768
OK, so if your CA server is still up and running with valid certificate, you ma try to follow this MS article and re-issue certs for your server
http://support.microsoft.com/kb/295281

do this for domain controller certificate

Krzysztof
0
 
LVL 1

Author Comment

by:cnshealthcare
ID: 37056820
When I try to request a cert from ADM1 (http://adm1.healthcare.cns/CertSrv), it says: "No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occured while accessing Active Directory."

AD is fine, I am thinking that the permission issue is more plausible since I had checked the templates on ADM1.
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 2000 total points
ID: 37056868
As I remember Domain Certificate cannot be issued from CA Web site. You need to do this in CA console and export to file then import it on appropriate server

So, you may try this time with these articles at
http://technet.microsoft.com/en-us/library/cc787009%28WS.10%29.aspx
http://technet.microsoft.com/en-us/library/cc785678%28WS.10%29.aspx


Krzysztof
0
 
LVL 26

Expert Comment

by:Pber
ID: 38720896
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question