Replication Issue

I started getting this in one of the subdomain servers. Any ideas on how to fix it? Wasn't this supposed to be an automated task?

The certificate presented by the following domain controller for intersite replication was rejected because the certification authority is not trusted.
 
Domain controller:
jax1.jacksonville.healthcare.cns
Certification authority:
ADM1
 
Replication access has been denied to the domain controller listed above and the certificate has been discarded.
 
Additional Data
Error value:
0 The operation completed successfully.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
LVL 1
cnshealthcareAsked:
Who is Participating?
 
Krzysztof PytkoConnect With a Mentor Senior Active Directory EngineerCommented:
As I remember Domain Certificate cannot be issued from CA Web site. You need to do this in CA console and export to file then import it on appropriate server

So, you may try this time with these articles at
http://technet.microsoft.com/en-us/library/cc787009%28WS.10%29.aspx
http://technet.microsoft.com/en-us/library/cc785678%28WS.10%29.aspx


Krzysztof
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Do you use SMTP replication between DCs? Who is the issuer of certificate used on that/those DC(s)?

Regards,
Krzysztof
0
 
infoplateformCommented:
The certificate presented by the specified domain controller for intersite replication was rejected because the certification authority is not trusted. Replication access was denied to the domain controller and the certificate was discarded. The name of the certificate authority does not match the name expected by the domain controller. This might be a malicious computer. Verify that the domain controller presenting the certificate is a trusted domain controller.

http://kb.prismmicrosys.com/evtpass/evtpages/EventId_1223_ActiveDirectory_42872.asp


0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
cnshealthcareAuthor Commented:
Yes, SMTP is used, and the issuer is my ADM1 server (adm1.healthcare.cns). The server in questions is jax1.jacksonville.healthcare.cns.

0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
OK, so make sure on that server or in CA console if that certificate is not expired or if your CA service is up and running. This looks like there is no possibility to contact CA or CRL.

Can you verify event logs on your CA server for errors, please?

Krzysztof
0
 
cnshealthcareAuthor Commented:
Hey Krystztof,

the JAX1 domain controller certificate is expired. The CA Authority cert good until 2013, the CA is up and running and can be reached from JAX1.jacksonville.healthcare.cns. The CA shows no errors in the log.

I think I need to somehow renew the JAX certificate, however, it would not alow me. I had verified that ADM1 is added to the Trusted Root Certs in JAX1.

Thanks for your help!
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
OK, so if your CA server is still up and running with valid certificate, you ma try to follow this MS article and re-issue certs for your server
http://support.microsoft.com/kb/295281

do this for domain controller certificate

Krzysztof
0
 
cnshealthcareAuthor Commented:
When I try to request a cert from ADM1 (http://adm1.healthcare.cns/CertSrv), it says: "No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occured while accessing Active Directory."

AD is fine, I am thinking that the permission issue is more plausible since I had checked the templates on ADM1.
0
 
PberSolutions ArchitectCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.