Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Certificate Server suddenly appear offline

Posted on 2012-03-16
4
Medium Priority
?
187 Views
Last Modified: 2016-04-02
Hi

We've got a 2003 PKI server - Enterpriser, and it have been up and running for a couple of years and have enrolled roughly 4000 certificates for users and computers.

We use this - among other things - as certificate server for computer certificates used with Network Policy Server and IAS for wireless.

Suddenly, NPS stopped authenticating clients because it couldn't check CRL.
BUt - when we open the CRL http link - we can read the CRL file.

The IAS server in the other site is collocated with PKI server - and that server authenticates clients, so we moved first sites wireless to authenticate through 2 site and it works.
But still - CRLs cannot be verified because server is offline (but it is not !!)

Any clues?

Revocation check skipped -- server offline

ERROR: Verifying leaf certificate revocation status returned The revocation func
tion was unable to check revocation because the revocation server was offline. 0
x80092013 (-2146885613)
CertUtil: The revocation function was unable to check revocation because the rev
ocation server was offline.

CertUtil: -verify command completed successfully.
0
Comment
Question by:Jakob Digranes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 26

Accepted Solution

by:
Leon Fester earned 1500 total points
ID: 37729558
I've not seen this myself, but here is a lengthy discussion about troubleshooting Certificate Services.
http://blogs.technet.com/b/askds/archive/2007/11/06/how-to-troubleshoot-certificate-enrollment-in-the-mmc-certificate-snap-in.aspx
0
 
LVL 22

Author Comment

by:Jakob Digranes
ID: 37885004
still no go - waiting for MS-support to get back to me
0
 
LVL 22

Author Closing Comment

by:Jakob Digranes
ID: 41532907
while this never solved this - it's a good link for fixing CAs gone bad.
0
 
LVL 22

Author Comment

by:Jakob Digranes
ID: 41532908
Never solved. But the fix was - for others.
Just create a new PKI hierarchy - enroll new certs - decomission old non-working CA
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question