Solved

old MSCEP RA certificates are being used by ndes service

Posted on 2013-05-22
3
1,138 Views
Last Modified: 2013-08-11
Hello,

our Root CA certificate has been renewed so we also needed to renew our MSCEP-RA certificates on the Windows 2008 R2 server where the NDES servides is located. We gave the ndes service account full rights on the private keys of the new certificates. But the ndes service keeps on requesting certificates from our Root CA using the old (now expired) RA certificates.
How do we make the service use the renewed ones?

Best Regards,
Andreas
0
Comment
Question by:braunmiller
  • 2
3 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 39223748
Did you renew certs for both Exchange Enrollment Agent (Offline Request) and the CEP Encryption templates (or a custom template based from them) or just one of them?

When you are looking at the Certificates MMC snap-in, the focus in on Computer account, not User account, correct?  (do not use certmgr.msc for this)

You technically should just need Read access for the service account, but I understand going for full for troubleshooting purposes.

Restart IIS if you haven't.  You also might consider rebooting the OS if you haven't.

Does anything interesting show up in the system or application event logs?
0
 

Accepted Solution

by:
braunmiller earned 0 total points
ID: 39386690
Reinstalling the NDES service solved the problem.
0
 

Author Closing Comment

by:braunmiller
ID: 39399516
We solved the problem by a reinstall of the ndes service.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question