Certificate Server suddenly appear offline


We've got a 2003 PKI server - Enterpriser, and it have been up and running for a couple of years and have enrolled roughly 4000 certificates for users and computers.

We use this - among other things - as certificate server for computer certificates used with Network Policy Server and IAS for wireless.

Suddenly, NPS stopped authenticating clients because it couldn't check CRL.
BUt - when we open the CRL http link - we can read the CRL file.

The IAS server in the other site is collocated with PKI server - and that server authenticates clients, so we moved first sites wireless to authenticate through 2 site and it works.
But still - CRLs cannot be verified because server is offline (but it is not !!)

Any clues?

Revocation check skipped -- server offline

ERROR: Verifying leaf certificate revocation status returned The revocation func
tion was unable to check revocation because the revocation server was offline. 0
x80092013 (-2146885613)
CertUtil: The revocation function was unable to check revocation because the rev
ocation server was offline.

CertUtil: -verify command completed successfully.
LVL 22
Jakob DigranesSenior ConsultantAsked:
Who is Participating?
Leon FesterConnect With a Mentor IT Project Change ManagerCommented:
I've not seen this myself, but here is a lengthy discussion about troubleshooting Certificate Services.
Jakob DigranesSenior ConsultantAuthor Commented:
still no go - waiting for MS-support to get back to me
Jakob DigranesSenior ConsultantAuthor Commented:
while this never solved this - it's a good link for fixing CAs gone bad.
Jakob DigranesSenior ConsultantAuthor Commented:
Never solved. But the fix was - for others.
Just create a new PKI hierarchy - enroll new certs - decomission old non-working CA
All Courses

From novice to tech pro — start learning today.