Solved

can't unjoin domain - cert authority installed

Posted on 2013-10-30
12
4,273 Views
Last Modified: 2013-11-06
Greetings,

I have an old exchange 2003 server. I uninstalled exchange several weeks ago. It has not run exchange since I migrated to exchange 2010 a few months ago. The server has been powered down for at least the last three weeks when I uninstalled exchange 2003, and it was also powered off for a couple of weeks after the migration a few months ago to make sure everything with email worked before decommissioning it entirely.

So, had the time and gumption to decommission today. powered it on, went to unjoin and it's grayed out stating:

The identification of the computer cannot be changed because :

- The Certificate Authority Service is installed on this computer"


we've not had any issues at any point while the machine is powered off. I am not certain how to proceed. any suggestions much appreciated.

thanks
0
Comment
Question by:rpliner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 2
12 Comments
 
LVL 14

Assisted Solution

by:comfortjeanius
comfortjeanius earned 166 total points
ID: 39612591
Did you properly decommission the Exchange server?

Here is a link: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23943862.html
0
 
LVL 55

Accepted Solution

by:
McKnife earned 334 total points
ID: 39612619
Don't you need the CA anymore? Then uninstall it and then unjoin.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39612622
thanks for the reply comfortjeanius. I did properly uninstall exchange and all exchange services a few weeks ago. I am unable to decommission entirely due to the error I posted.
 
On my workstation I go to MMC > Certificates and I do see a cert from this server under Trusted Root Certification Authorities > Certificates and also under Intermediate Certification Authorities > Certificates. The cert expires 09/22/2014.

I am checking out the link to decommission the cert authority posted in the question to which you linked. What a PIA though.

thanks again
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 7

Author Comment

by:rpliner
ID: 39612629
McKnife - I was replying and didn't see your post. as far as I know I do not need it any longer. can you tell me how to determine if I need it?

thanks
0
 
LVL 55

Expert Comment

by:McKnife
ID: 39612642
Who set this up? Ask him.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39612656
ha. wish I could. It was set up by a tech company no longer around. It appears they installed exchange 2003 on a DC in 2005, then migrated all users to another 2003 exchange server in 2009 or 2010. The exchange server which was migrated to, which is the machine I am posting about with the error, was never a DC. The original was a DC and was decommissioned a few years ago. Not sure why / how the CA was moved over.
0
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39612658
Did you try to stop the service

Open an elevated cmd prompte

Type:

net stop certsvc

Then see if you can unjoin from the domain.
0
 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 334 total points
ID: 39612664
Stopping the service won't work.
As a CA is important, you need to be sure that it is not needed. We cannot tel  it from here. Find out what certs where issued and what those are/were used for.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39612668
I will try that comfortjeanius. My main concern is that users would receive errors when logging into the network if it was removed. However, as I stated, it was powered down for a few weeks recently and for about a month or so a few months ago so it doesn't seem to have been issuing certs yet the cert on my machine doesn't expire for about a year, and was handed out in 2009 according to the snap-in. There have been no issues while it was powered off.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39612675
I will wait to try stopping the service then. Snap-in on my workstation shows the intended purpose is <All>. When I go to properties of the cert, all the purposes are grayed out and all are checked.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39614334
my goal, aside from decommissioning this old server, was to free up about 550 GB of storage. In an effort to get that done, I have decided to vConvert the C drive, which does not contain the exchange drive (which I have not deleted the databases from after the migration to exchange 2010). I will then deal with the CA issue. I have found several resources with instructions on how to migrate it.

thanks
0
 
LVL 7

Author Comment

by:rpliner
ID: 39628564
used vConverter and kept only the C drive to free up some storage space. need to do some more research into the cert authority migration steps.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question