Certificate Server suddenly appear offline
Posted on 2012-03-16
We've got a 2003 PKI server - Enterpriser, and it have been up and running for a couple of years and have enrolled roughly 4000 certificates for users and computers.
We use this - among other things - as certificate server for computer certificates used with Network Policy Server and IAS for wireless.
Suddenly, NPS stopped authenticating clients because it couldn't check CRL.
BUt - when we open the CRL http link - we can read the CRL file.
The IAS server in the other site is collocated with PKI server - and that server authenticates clients, so we moved first sites wireless to authenticate through 2 site and it works.
But still - CRLs cannot be verified because server is offline (but it is not !!)
Revocation check skipped -- server offline
ERROR: Verifying leaf certificate revocation status returned The revocation func
tion was unable to check revocation because the revocation server was offline. 0
CertUtil: The revocation function was unable to check revocation because the rev
ocation server was offline.
CertUtil: -verify command completed successfully.