Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Certificate Server suddenly appear offline

Posted on 2012-03-16
4
Medium Priority
?
196 Views
Last Modified: 2016-04-02
Hi

We've got a 2003 PKI server - Enterpriser, and it have been up and running for a couple of years and have enrolled roughly 4000 certificates for users and computers.

We use this - among other things - as certificate server for computer certificates used with Network Policy Server and IAS for wireless.

Suddenly, NPS stopped authenticating clients because it couldn't check CRL.
BUt - when we open the CRL http link - we can read the CRL file.

The IAS server in the other site is collocated with PKI server - and that server authenticates clients, so we moved first sites wireless to authenticate through 2 site and it works.
But still - CRLs cannot be verified because server is offline (but it is not !!)

Any clues?

Revocation check skipped -- server offline

ERROR: Verifying leaf certificate revocation status returned The revocation func
tion was unable to check revocation because the revocation server was offline. 0
x80092013 (-2146885613)
CertUtil: The revocation function was unable to check revocation because the rev
ocation server was offline.

CertUtil: -verify command completed successfully.
0
Comment
Question by:Jakob Digranes
  • 3
4 Comments
 
LVL 26

Accepted Solution

by:
Leon Fester earned 1500 total points
ID: 37729558
I've not seen this myself, but here is a lengthy discussion about troubleshooting Certificate Services.
http://blogs.technet.com/b/askds/archive/2007/11/06/how-to-troubleshoot-certificate-enrollment-in-the-mmc-certificate-snap-in.aspx
0
 
LVL 22

Author Comment

by:Jakob Digranes
ID: 37885004
still no go - waiting for MS-support to get back to me
0
 
LVL 22

Author Closing Comment

by:Jakob Digranes
ID: 41532907
while this never solved this - it's a good link for fixing CAs gone bad.
0
 
LVL 22

Author Comment

by:Jakob Digranes
ID: 41532908
Never solved. But the fix was - for others.
Just create a new PKI hierarchy - enroll new certs - decomission old non-working CA
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Loops Section Overview

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question