Solved

2003 root DC being replaced by 2012 root DC errors 36886 Schannel

Posted on 2013-05-16
6
755 Views
Last Modified: 2013-06-05
I have 2 root DCs in a forest running 2003.  I am replacing the secondary one with a 2012 server and then I'll replace the primary 2003 server with a 2012 server.  Currently the primary 2003 has a CA but the new 2012 secondary server is getting several Schannel 36886 errors:

No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

Is there something i need to do for the 2012 to see the certificate on the 2003 primary box or is it not compatible with 2012?  What shoudl I do to resolve?
0
Comment
Question by:bergquistcompany
  • 3
  • 3
6 Comments
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39178576
Have you tried installing a computer certificate for the 2012 server by generating one from the 2003 CA?
0
 

Author Comment

by:bergquistcompany
ID: 39180940
Can you point me to anything as to how to go about this?  I'm willing to try.
0
 
LVL 15

Accepted Solution

by:
Rob Stone earned 500 total points
ID: 39182745
There are a few ways to do it, this KB lists them.
http://technet.microsoft.com/en-us/library/cc740173%28v=ws.10%29.aspx

Although it's for Terminal Services, the process is the same for obtaining a computer certificate.

If you have access to your 2003 CA you should see the certificate in the Issued list.
0
[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

 

Author Comment

by:bergquistcompany
ID: 39187354
I am following the second process
Submit a computer certificate request by using the Certificate Request Wizard
When I get to Certificate Types there is nothing there.

On the Certificate Types page, click Server Authentication, and then select the Advanced check box.

Why is mine blank?

Thanks,
Kristine
0
 

Author Closing Comment

by:bergquistcompany
ID: 39221934
Told me what to do but didn't have options and no response on what to do if those options in the document were not there.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39222044
Sorry Kristine, I went on holiday and forgot about this.

Did you get the certificate in the end?
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now