Solved

old MSCEP RA certificates are being used by ndes service

Posted on 2013-05-22
3
1,127 Views
Last Modified: 2013-08-11
Hello,

our Root CA certificate has been renewed so we also needed to renew our MSCEP-RA certificates on the Windows 2008 R2 server where the NDES servides is located. We gave the ndes service account full rights on the private keys of the new certificates. But the ndes service keeps on requesting certificates from our Root CA using the old (now expired) RA certificates.
How do we make the service use the renewed ones?

Best Regards,
Andreas
0
Comment
Question by:braunmiller
  • 2
3 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 39223748
Did you renew certs for both Exchange Enrollment Agent (Offline Request) and the CEP Encryption templates (or a custom template based from them) or just one of them?

When you are looking at the Certificates MMC snap-in, the focus in on Computer account, not User account, correct?  (do not use certmgr.msc for this)

You technically should just need Read access for the service account, but I understand going for full for troubleshooting purposes.

Restart IIS if you haven't.  You also might consider rebooting the OS if you haven't.

Does anything interesting show up in the system or application event logs?
0
 

Accepted Solution

by:
braunmiller earned 0 total points
ID: 39386690
Reinstalling the NDES service solved the problem.
0
 

Author Closing Comment

by:braunmiller
ID: 39399516
We solved the problem by a reinstall of the ndes service.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OfficeMate Freezes on login or does not load after login credentials are input.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question