Solved

Certificate Server suddenly appear offline

Posted on 2012-03-16
4
133 Views
Last Modified: 2016-04-02
Hi

We've got a 2003 PKI server - Enterpriser, and it have been up and running for a couple of years and have enrolled roughly 4000 certificates for users and computers.

We use this - among other things - as certificate server for computer certificates used with Network Policy Server and IAS for wireless.

Suddenly, NPS stopped authenticating clients because it couldn't check CRL.
BUt - when we open the CRL http link - we can read the CRL file.

The IAS server in the other site is collocated with PKI server - and that server authenticates clients, so we moved first sites wireless to authenticate through 2 site and it works.
But still - CRLs cannot be verified because server is offline (but it is not !!)

Any clues?

Revocation check skipped -- server offline

ERROR: Verifying leaf certificate revocation status returned The revocation func
tion was unable to check revocation because the revocation server was offline. 0
x80092013 (-2146885613)
CertUtil: The revocation function was unable to check revocation because the rev
ocation server was offline.

CertUtil: -verify command completed successfully.
0
Comment
Question by:Jakob Digranes
  • 3
4 Comments
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
ID: 37729558
I've not seen this myself, but here is a lengthy discussion about troubleshooting Certificate Services.
http://blogs.technet.com/b/askds/archive/2007/11/06/how-to-troubleshoot-certificate-enrollment-in-the-mmc-certificate-snap-in.aspx
0
 
LVL 21

Author Comment

by:Jakob Digranes
ID: 37885004
still no go - waiting for MS-support to get back to me
0
 
LVL 21

Author Closing Comment

by:Jakob Digranes
ID: 41532907
while this never solved this - it's a good link for fixing CAs gone bad.
0
 
LVL 21

Author Comment

by:Jakob Digranes
ID: 41532908
Never solved. But the fix was - for others.
Just create a new PKI hierarchy - enroll new certs - decomission old non-working CA
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Server 2003 - GPO - User account with No password 8 46
Shadow copies windows server 2003 2 79
Bios changes 5 70
Event ID: 1202 / Source: SceCli 6 87
My previous article  (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html)detailed one possible method to get SCCM 2007 installed an…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now