Solved

2003 root DC being replaced by 2012 root DC errors 36886 Schannel

Posted on 2013-05-16
6
752 Views
Last Modified: 2013-06-05
I have 2 root DCs in a forest running 2003.  I am replacing the secondary one with a 2012 server and then I'll replace the primary 2003 server with a 2012 server.  Currently the primary 2003 has a CA but the new 2012 secondary server is getting several Schannel 36886 errors:

No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

Is there something i need to do for the 2012 to see the certificate on the 2003 primary box or is it not compatible with 2012?  What shoudl I do to resolve?
0
Comment
Question by:bergquistcompany
  • 3
  • 3
6 Comments
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39178576
Have you tried installing a computer certificate for the 2012 server by generating one from the 2003 CA?
0
 

Author Comment

by:bergquistcompany
ID: 39180940
Can you point me to anything as to how to go about this?  I'm willing to try.
0
 
LVL 15

Accepted Solution

by:
Rob Stone earned 500 total points
ID: 39182745
There are a few ways to do it, this KB lists them.
http://technet.microsoft.com/en-us/library/cc740173%28v=ws.10%29.aspx

Although it's for Terminal Services, the process is the same for obtaining a computer certificate.

If you have access to your 2003 CA you should see the certificate in the Issued list.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:bergquistcompany
ID: 39187354
I am following the second process
Submit a computer certificate request by using the Certificate Request Wizard
When I get to Certificate Types there is nothing there.

On the Certificate Types page, click Server Authentication, and then select the Advanced check box.

Why is mine blank?

Thanks,
Kristine
0
 

Author Closing Comment

by:bergquistcompany
ID: 39221934
Told me what to do but didn't have options and no response on what to do if those options in the document were not there.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39222044
Sorry Kristine, I went on holiday and forgot about this.

Did you get the certificate in the end?
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now