[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

2003 root DC being replaced by 2012 root DC errors 36886 Schannel

Posted on 2013-05-16
6
Medium Priority
?
767 Views
Last Modified: 2013-06-05
I have 2 root DCs in a forest running 2003.  I am replacing the secondary one with a 2012 server and then I'll replace the primary 2003 server with a 2012 server.  Currently the primary 2003 has a CA but the new 2012 secondary server is getting several Schannel 36886 errors:

No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

Is there something i need to do for the 2012 to see the certificate on the 2003 primary box or is it not compatible with 2012?  What shoudl I do to resolve?
0
Comment
Question by:bergquistcompany
  • 3
  • 3
6 Comments
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39178576
Have you tried installing a computer certificate for the 2012 server by generating one from the 2003 CA?
0
 

Author Comment

by:bergquistcompany
ID: 39180940
Can you point me to anything as to how to go about this?  I'm willing to try.
0
 
LVL 15

Accepted Solution

by:
Rob Stone earned 1500 total points
ID: 39182745
There are a few ways to do it, this KB lists them.
http://technet.microsoft.com/en-us/library/cc740173%28v=ws.10%29.aspx

Although it's for Terminal Services, the process is the same for obtaining a computer certificate.

If you have access to your 2003 CA you should see the certificate in the Issued list.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:bergquistcompany
ID: 39187354
I am following the second process
Submit a computer certificate request by using the Certificate Request Wizard
When I get to Certificate Types there is nothing there.

On the Certificate Types page, click Server Authentication, and then select the Advanced check box.

Why is mine blank?

Thanks,
Kristine
0
 

Author Closing Comment

by:bergquistcompany
ID: 39221934
Told me what to do but didn't have options and no response on what to do if those options in the document were not there.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39222044
Sorry Kristine, I went on holiday and forgot about this.

Did you get the certificate in the end?
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question