Roles and Features erroring in windows 2008 R2 SP1
Hi,
I have installed and configured a standalone MDT server which has been working fine for several months and today when I built new servers I can no longer get into roles and feature I get the error when I launch server manager:
"Unexpected error refreshing server manager: A required certficate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. (Exception from HRESULT:0x800B0101)"
Error message file attached...
The error is also generated in MDT, also I have checked the date and time on the server all are up to date.
Any help will be appreciated!!!
Thanks in advance
error.jpg
I have installed and configured a standalone MDT server which has been working fine for several months and today when I built new servers I can no longer get into roles and feature I get the error when I launch server manager:
"Unexpected error refreshing server manager: A required certficate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. (Exception from HRESULT:0x800B0101)"
Error message file attached...
The error is also generated in MDT, also I have checked the date and time on the server all are up to date.
Any help will be appreciated!!!
Thanks in advance
error.jpg
ASKER
Hi jackieman,
I have seen you post already for another issue... The strange thing is I don't use certificates at all... It's a very simple setup couple of domain controllers and servers that's it.
Nothing complicated so not sure where this certificate error is coming from???
I saw this article and tried it no joy:
http://support.microsoft.com/kb/2328240
I have seen you post already for another issue... The strange thing is I don't use certificates at all... It's a very simple setup couple of domain controllers and servers that's it.
Nothing complicated so not sure where this certificate error is coming from???
I saw this article and tried it no joy:
http://support.microsoft.com/kb/2328240
Is your system time correct? Do you sync the system time with a NTP time server?
http://www.pool.ntp.org/en/
http://www.pool.ntp.org/en/
ASKER
I have checked the date/time and it's all fine. I can build the same VM/Server using a Windows 2008 R2 SP1 CD and it works fine but when I use MDT 2012 update 1 I have the error.
Now, I have been using MDT to build the servers for months and only started having issues in the last couple of days. I do not use certificate services and stay well clear of it cuz of the issues and headache!
I'm not sure if there is a self signed certificate that has expired, if so where would it be and how can I renew it?
Thanks in advance
-Steve
Now, I have been using MDT to build the servers for months and only started having issues in the last couple of days. I do not use certificate services and stay well clear of it cuz of the issues and headache!
I'm not sure if there is a self signed certificate that has expired, if so where would it be and how can I renew it?
Thanks in advance
-Steve
ASKER
MDT can be integrated with SCCM or used standalone... In order to avoid any complexities I have use MDT as standalone the end result is an ISO that will boot the bare metal VM/Server and fully automate the build.
The ISO has not change and has been sealed for almost a year now and I cannot understand why it's stopped working couple of days ago. I have not change anything, the ISO has been seal for over a year which makes me believe there might be a self certificate or something...
The ISO capture the full automated build point in time!
The ISO has not change and has been sealed for almost a year now and I cannot understand why it's stopped working couple of days ago. I have not change anything, the ISO has been seal for over a year which makes me believe there might be a self certificate or something...
The ISO capture the full automated build point in time!
ASKER
I have a feeling I might have to completely rebuild the MDT server and in doing so hopefully get a new certificate I guess it might be self signed... but after a year I don't want to have to rebuild the server yet again...
Surely there has to be a way to renew the self signed certificate or it might be a bug or perhaps a hotfix available.
I am quite surprise no one has come across this problem yet!
Surely there has to be a way to renew the self signed certificate or it might be a bug or perhaps a hotfix available.
I am quite surprise no one has come across this problem yet!
Thanks for the info.
A self-signed cert which is automatically generated has a validity period of one year only from my reading.
A self-signed cert which is automatically generated has a validity period of one year only from my reading.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It was resolved by me
ASKER
It was resolved by me
"Do you have issued certificates that are expired or are about to expire and that is why you are looking at this or did you stumble uppn this issue?
Since your CA is effectively down you have another option other than trying to fix it. You can remove the CA then reinstall and rebuild it from scratch. Might be a lot quicker. The downside is that you won't be able to revoke any existing certificates. However you can still replace existing certificates with new certificates from your newly built CA.
Uninstall: http://support.microsoft.com/kb/889250.
Install: http://technet.microsoft.com/en-us/library/cc786218(v=ws.10).aspx
This may seem extreme, but it is not. I've seen may bad CA environments and it is much easier to build a new proper CA infrastructure along side and phase our the old one. In your case, you have a small environment, similar process, just uninstall/reinstall."
Source: https://www.experts-exchange.com/questions/27972293/Certificate-Services-wont-start-certificate-is-not-within-its-validity-period.html