Solved

2003 root DC being replaced by 2012 root DC errors 36886 Schannel

Posted on 2013-05-16
6
762 Views
Last Modified: 2013-06-05
I have 2 root DCs in a forest running 2003.  I am replacing the secondary one with a 2012 server and then I'll replace the primary 2003 server with a 2012 server.  Currently the primary 2003 has a CA but the new 2012 secondary server is getting several Schannel 36886 errors:

No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

Is there something i need to do for the 2012 to see the certificate on the 2003 primary box or is it not compatible with 2012?  What shoudl I do to resolve?
0
Comment
Question by:bergquistcompany
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39178576
Have you tried installing a computer certificate for the 2012 server by generating one from the 2003 CA?
0
 

Author Comment

by:bergquistcompany
ID: 39180940
Can you point me to anything as to how to go about this?  I'm willing to try.
0
 
LVL 15

Accepted Solution

by:
Rob Stone earned 500 total points
ID: 39182745
There are a few ways to do it, this KB lists them.
http://technet.microsoft.com/en-us/library/cc740173%28v=ws.10%29.aspx

Although it's for Terminal Services, the process is the same for obtaining a computer certificate.

If you have access to your 2003 CA you should see the certificate in the Issued list.
0
Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

 

Author Comment

by:bergquistcompany
ID: 39187354
I am following the second process
Submit a computer certificate request by using the Certificate Request Wizard
When I get to Certificate Types there is nothing there.

On the Certificate Types page, click Server Authentication, and then select the Advanced check box.

Why is mine blank?

Thanks,
Kristine
0
 

Author Closing Comment

by:bergquistcompany
ID: 39221934
Told me what to do but didn't have options and no response on what to do if those options in the document were not there.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39222044
Sorry Kristine, I went on holiday and forgot about this.

Did you get the certificate in the end?
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question