Solved

Certificate for local system with Thumbprint is about to expire or already expired.

Posted on 2014-03-17
8
6,030 Views
Last Modified: 2014-04-03
Strange event log here, I have two DC's in this location particularly that are complaining about the certificate being expired or about to expire.

I look and it says its valid until 2015 on the computer account BUT on the user account there are no certs.  am I missing something? :)

Thanks!
0
Comment
Question by:smyers051972
  • 5
  • 3
8 Comments
 
LVL 36

Expert Comment

by:Mahesh
ID: 39935316
On domain controllers you do not require user certificates

You do have Domain controller certificate on domain controller that is issued by your internal AD integrated enterprise CA server automatically

What errors are you getting on DCs?

Just ensure that you can telnet CA server on TCP 135 from domain controller

Mahesh
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935319
I forgot to attach screen shots, here they are.
evt64-1.png
evt64-2.png
evt64-3.png
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935320
Hi Mahesh

I _JUST_ uploaded them hope it helps :)

I can telnet to 135 no problem.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39935338
Ok
I have checked, its not Domain Controller certificate
One is just client auth cert and another is smart card cert

Client authentication cert is get installed because of some auto Enrollment group policy and is already expired on 5th March 2014
Smart card is installed by some administrators hopefully

I don't think you are using any certificate mentioned above on domain controllers

In that case You can simply delete those certificates

Also check your auto Enrollment settings in GPO
Its not set to automatically renew expired certificates

Check below video for more information
http://www.youtube.com/watch?v=S7IFp8cGOLs

Mahesh
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935383
ill check it out thank you!
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935515
They reference 2003 though we are all 2008 R2 any difference?
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39936180
Are you using smart card to logon on domain controllers ?

I guess not

2003 and 2008 R2 won't make any difference and you can simply delete those certificates
0
 
LVL 1

Author Closing Comment

by:smyers051972
ID: 39976946
Thank you!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question