Solved

old MSCEP RA certificates are being used by ndes service

Posted on 2013-05-22
3
1,227 Views
Last Modified: 2013-08-11
Hello,

our Root CA certificate has been renewed so we also needed to renew our MSCEP-RA certificates on the Windows 2008 R2 server where the NDES servides is located. We gave the ndes service account full rights on the private keys of the new certificates. But the ndes service keeps on requesting certificates from our Root CA using the old (now expired) RA certificates.
How do we make the service use the renewed ones?

Best Regards,
Andreas
0
Comment
Question by:braunmiller
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 39223748
Did you renew certs for both Exchange Enrollment Agent (Offline Request) and the CEP Encryption templates (or a custom template based from them) or just one of them?

When you are looking at the Certificates MMC snap-in, the focus in on Computer account, not User account, correct?  (do not use certmgr.msc for this)

You technically should just need Read access for the service account, but I understand going for full for troubleshooting purposes.

Restart IIS if you haven't.  You also might consider rebooting the OS if you haven't.

Does anything interesting show up in the system or application event logs?
0
 

Accepted Solution

by:
braunmiller earned 0 total points
ID: 39386690
Reinstalling the NDES service solved the problem.
0
 

Author Closing Comment

by:braunmiller
ID: 39399516
We solved the problem by a reinstall of the ndes service.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question