Link to home
Create AccountLog in
Avatar of braunmiller
braunmillerFlag for Germany

asked on

old MSCEP RA certificates are being used by ndes service

Hello,

our Root CA certificate has been renewed so we also needed to renew our MSCEP-RA certificates on the Windows 2008 R2 server where the NDES servides is located. We gave the ndes service account full rights on the private keys of the new certificates. But the ndes service keeps on requesting certificates from our Root CA using the old (now expired) RA certificates.
How do we make the service use the renewed ones?

Best Regards,
Andreas
Avatar of Paranormastic
Paranormastic
Flag of United States of America image

Did you renew certs for both Exchange Enrollment Agent (Offline Request) and the CEP Encryption templates (or a custom template based from them) or just one of them?

When you are looking at the Certificates MMC snap-in, the focus in on Computer account, not User account, correct?  (do not use certmgr.msc for this)

You technically should just need Read access for the service account, but I understand going for full for troubleshooting purposes.

Restart IIS if you haven't.  You also might consider rebooting the OS if you haven't.

Does anything interesting show up in the system or application event logs?
ASKER CERTIFIED SOLUTION
Avatar of braunmiller
braunmiller
Flag of Germany image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of braunmiller

ASKER

We solved the problem by a reinstall of the ndes service.