sblanken
asked on
Restore certificate on domain controller
Hi,
We accidentally deleted a certificate from our domain controller. When we add a new certificate from our Certificate Authority a new certificate is issued, but it gets removed randomly hours later. How can we restore the deleted certificate? Or could you help us find the reason why the new certificate gets removed automatically? The only related warning in the logs that we guess is related to this is:
Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.
Please help us asap, as our desktops fail to authenticate with our domain controller when the certificate is absent.
Thanks!
We accidentally deleted a certificate from our domain controller. When we add a new certificate from our Certificate Authority a new certificate is issued, but it gets removed randomly hours later. How can we restore the deleted certificate? Or could you help us find the reason why the new certificate gets removed automatically? The only related warning in the logs that we guess is related to this is:
Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.
Please help us asap, as our desktops fail to authenticate with our domain controller when the certificate is absent.
Thanks!
ASKER
Hi,
I did reboot but it was not auto enrolled although it should. When I add it manually, it is added fine but it gets removed within the day. Running the command:certutil -store my >certificates.txt I can see that the certificate is Archived although it expires in 2013. I have tried this for a couple of days and every day they get deleted (aroung 7PM). I can see in the certificates.txt file that there are multiple "domaincontroller" certificates (the one that interests us) but they are all archived!!
Thanks for your help.
Appreciate your time.
I did reboot but it was not auto enrolled although it should. When I add it manually, it is added fine but it gets removed within the day. Running the command:certutil -store my >certificates.txt I can see that the certificate is Archived although it expires in 2013. I have tried this for a couple of days and every day they get deleted (aroung 7PM). I can see in the certificates.txt file that there are multiple "domaincontroller" certificates (the one that interests us) but they are all archived!!
Thanks for your help.
Appreciate your time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
we contacted Microsoft support, and they explained the superseeding template issue to us
How are you going about adding the new certificate?
Try the following while on the DC on which the certificate was deleted:
start\run
mmc
file add\remove snap-in
add
certificates
add
select computer account next
local computer finish
close
ok
expand the certificates (local computer) and personal
right click on the certificates under the personal category
select all tasks, request new certificate
Select the Domain controller as the template and go through the process.
At the conclusion of which a new Domain Controller Certificate should be issued by your internal CA and loaded by the DC.
See if this certificates remains in place longer.