Solved

SBS 2003 Certificate services

Posted on 2014-02-18
12
362 Views
Last Modified: 2014-03-08
Certificate services has stopped on the server with an error number.  Using certutil to interpret the number, I get this error:

"A required certificate is not within its validity period when verifying against
the current system clock or the timestamp in the signed file."

The certificate that has expired is the CA certificate itself.  I can't run Certificate Authority snap-in as service is stopped.  I have tried to renew the certificate in the certificates snap-in but I get:

"You do not have permission to request a certificate based on the selected certificate template."

I am logged in as a member of Domain Admins and Enterprise Admins.

I want to renew the ca certificate and get certificate services running again on the server.


Any help would be appreciated.

Thanks
0
Comment
Question by:mmkerin
  • 6
  • 6
12 Comments
 
LVL 24

Expert Comment

by:lionelmm
ID: 39870237
You may have to go to Add/Remove programs then click on add/Remove Windows Components and uncheck Certificate services and then let it uninstall and then repeat the process and then check certificate services and let it reinstall.
0
 

Author Comment

by:mmkerin
ID: 39874000
Thanks for your suggestion Lionel. I've tried it.  The uninstall worked fine.  The install is giving this error: setup failed with the following error and must start from the beginning

"The format of the specified network name is invalid"

The only name I specified was the CA name (ABTCA).  I'm running the install directly on the server.

The setup process asked me for a CA name, asked me to choose locations for database file and log file, I chose the default, it told me it would stop IIS, I said OK, it asked for the server cd, which I inserted, it seemed to copy files and then gave the error.

So I'm going to keep working away on it.
Thank you
0
 
LVL 24

Expert Comment

by:lionelmm
ID: 39874500
Can you go to a dos windows (command prompt) and type set and post the results here please? What is you servername and what is the full domain name please?
0
 

Author Comment

by:mmkerin
ID: 39892118
Hi Lionel,

Sorry for the delay.  Below is my set output.  I've replaced domain, server and client names.  Server name is 9 characters (8 letters and a digit).  Domain name is 8 characters (8 letters).  I have also attached a screen shot of the error I'm getting.

Thank you.


ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Administrator.DOMAIN\Application Data
CLIENTNAME=CNAME
ClusterLog=D:\WINDOWS\Cluster\cluster.log
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=SNAME
ComSpec=D:\WINDOWS\system32\cmd.exe
EXCHICONS=D:\Program Files\Exchsrvr\bin\maildsmx.dll
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Administrator.DOMAIN
LOGONSERVER=\\SNAME
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=D:\Program Files\Windows Resource Kits\Tools\;D:\Program Files\Support Tools\;D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem;D:\Program Files\Microsoft SQL Server\80\Tools\Binn\;D:\Program Files\Microsoft Windows Small Business Server\Networking\;D:\Program Files\Exchsrvr\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=D:\Program Files
PROMPT=$P$G
SBSProgramDir=D:\Program Files\Microsoft Windows Small Business Server
SESSIONNAME=RDP-Tcp#10
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\WINDOWS\TEMP
TMP=D:\WINDOWS\TEMP
USERDNSDOMAIN=DOMAIN.LOCAL
USERDOMAIN=DOMAIN
USERNAME=Administrator
USERPROFILE=D:\Documents and Settings\Administrator.DOMAIN
windir=D:\WINDOWS
winsbprogramdir=D:\Program Files\Windows for Small Business Server
certscreen.JPG
0
 
LVL 24

Expert Comment

by:lionelmm
ID: 39892156
Where is your Windows 2003 CD located? In this server's CD drive or on another server or on an network drive?
0
 

Author Comment

by:mmkerin
ID: 39892174
It's drive F on the server which is the server's cdrom.  THe first time I ran the reinstall, it prompted for the CD and appeared to find it and start copying.  On subsequent tries, it didn't prompt as the CD was already in.
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 24

Expert Comment

by:lionelmm
ID: 39892192
Can you try to install one of the other Windows features and see if it competes--want to make sure it is not a bad CD. Can you copy the CD to the hard disk and see if it copies it all and if it does can you try to use that as the source instead of the CD--thanks.
0
 

Author Comment

by:mmkerin
ID: 39892326
I copied the CD to the hard disk with no errors.  I tried reinstalling certificate services using the location on the hard disk but got a similar error - see attached file.  I then successfully installed Windows Deployment Services from the hard disk location.
certscreen2.JPG
0
 
LVL 24

Expert Comment

by:lionelmm
ID: 39892471
Even though this is for 2008 can you see if this helps for 2003. I think step 3, the CAName will be what solves it http://technet.microsoft.com/en-us/library/dd421659%28v=WS.10%29.aspx
0
 

Accepted Solution

by:
mmkerin earned 0 total points
ID: 39898681
Problem Solved!

I couldn't find any option to remove roles in Administrative Tools, Server Management on my server but I found a solution here:

http://www.pcreview.co.uk/forums/problem-installing-certificate-services-t1589001.html

I googled the error code I was getting (0x80070033) and somebody had exactly the same issue with Cert Services.  Solution: File and Printer Sharing has to be enabled on both NICs in the server.  I normally disable it on the internet facing card.  Certificate Services is now reinstalled, I've disabled F&PS on the internet facing card again and CA Administration is working fine.

Many thanks for your efforts Lionel.
0
 
LVL 24

Expert Comment

by:lionelmm
ID: 39899277
Great job--sorry I couldn't help--maybe next time.
0
 

Author Closing Comment

by:mmkerin
ID: 39914427
Enabling File and Printer Sharing on the 2nd NIC sorted the problem out which I found by searching on the internet.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now