Solved

2003 root DC being replaced by 2012 root DC errors 36886 Schannel

Posted on 2013-05-16
6
757 Views
Last Modified: 2013-06-05
I have 2 root DCs in a forest running 2003.  I am replacing the secondary one with a 2012 server and then I'll replace the primary 2003 server with a 2012 server.  Currently the primary 2003 has a CA but the new 2012 secondary server is getting several Schannel 36886 errors:

No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

Is there something i need to do for the 2012 to see the certificate on the 2003 primary box or is it not compatible with 2012?  What shoudl I do to resolve?
0
Comment
Question by:bergquistcompany
  • 3
  • 3
6 Comments
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39178576
Have you tried installing a computer certificate for the 2012 server by generating one from the 2003 CA?
0
 

Author Comment

by:bergquistcompany
ID: 39180940
Can you point me to anything as to how to go about this?  I'm willing to try.
0
 
LVL 15

Accepted Solution

by:
Rob Stone earned 500 total points
ID: 39182745
There are a few ways to do it, this KB lists them.
http://technet.microsoft.com/en-us/library/cc740173%28v=ws.10%29.aspx

Although it's for Terminal Services, the process is the same for obtaining a computer certificate.

If you have access to your 2003 CA you should see the certificate in the Issued list.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:bergquistcompany
ID: 39187354
I am following the second process
Submit a computer certificate request by using the Certificate Request Wizard
When I get to Certificate Types there is nothing there.

On the Certificate Types page, click Server Authentication, and then select the Advanced check box.

Why is mine blank?

Thanks,
Kristine
0
 

Author Closing Comment

by:bergquistcompany
ID: 39221934
Told me what to do but didn't have options and no response on what to do if those options in the document were not there.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39222044
Sorry Kristine, I went on holiday and forgot about this.

Did you get the certificate in the end?
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question