Solved

Certificate Server suddenly appear offline

Posted on 2012-03-16
4
140 Views
Last Modified: 2016-04-02
Hi

We've got a 2003 PKI server - Enterpriser, and it have been up and running for a couple of years and have enrolled roughly 4000 certificates for users and computers.

We use this - among other things - as certificate server for computer certificates used with Network Policy Server and IAS for wireless.

Suddenly, NPS stopped authenticating clients because it couldn't check CRL.
BUt - when we open the CRL http link - we can read the CRL file.

The IAS server in the other site is collocated with PKI server - and that server authenticates clients, so we moved first sites wireless to authenticate through 2 site and it works.
But still - CRLs cannot be verified because server is offline (but it is not !!)

Any clues?

Revocation check skipped -- server offline

ERROR: Verifying leaf certificate revocation status returned The revocation func
tion was unable to check revocation because the revocation server was offline. 0
x80092013 (-2146885613)
CertUtil: The revocation function was unable to check revocation because the rev
ocation server was offline.

CertUtil: -verify command completed successfully.
0
Comment
Question by:Jakob Digranes
  • 3
4 Comments
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
ID: 37729558
I've not seen this myself, but here is a lengthy discussion about troubleshooting Certificate Services.
http://blogs.technet.com/b/askds/archive/2007/11/06/how-to-troubleshoot-certificate-enrollment-in-the-mmc-certificate-snap-in.aspx
0
 
LVL 21

Author Comment

by:Jakob Digranes
ID: 37885004
still no go - waiting for MS-support to get back to me
0
 
LVL 21

Author Closing Comment

by:Jakob Digranes
ID: 41532907
while this never solved this - it's a good link for fixing CAs gone bad.
0
 
LVL 21

Author Comment

by:Jakob Digranes
ID: 41532908
Never solved. But the fix was - for others.
Just create a new PKI hierarchy - enroll new certs - decomission old non-working CA
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question