Solved

Certificate for local system with Thumbprint is about to expire or already expired.

Posted on 2014-03-17
8
5,614 Views
Last Modified: 2014-04-03
Strange event log here, I have two DC's in this location particularly that are complaining about the certificate being expired or about to expire.

I look and it says its valid until 2015 on the computer account BUT on the user account there are no certs.  am I missing something? :)

Thanks!
0
Comment
Question by:smyers051972
  • 5
  • 3
8 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 39935316
On domain controllers you do not require user certificates

You do have Domain controller certificate on domain controller that is issued by your internal AD integrated enterprise CA server automatically

What errors are you getting on DCs?

Just ensure that you can telnet CA server on TCP 135 from domain controller

Mahesh
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935319
I forgot to attach screen shots, here they are.
evt64-1.png
evt64-2.png
evt64-3.png
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935320
Hi Mahesh

I _JUST_ uploaded them hope it helps :)

I can telnet to 135 no problem.
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39935338
Ok
I have checked, its not Domain Controller certificate
One is just client auth cert and another is smart card cert

Client authentication cert is get installed because of some auto Enrollment group policy and is already expired on 5th March 2014
Smart card is installed by some administrators hopefully

I don't think you are using any certificate mentioned above on domain controllers

In that case You can simply delete those certificates

Also check your auto Enrollment settings in GPO
Its not set to automatically renew expired certificates

Check below video for more information
http://www.youtube.com/watch?v=S7IFp8cGOLs

Mahesh
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 1

Author Comment

by:smyers051972
ID: 39935383
ill check it out thank you!
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935515
They reference 2003 though we are all 2008 R2 any difference?
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39936180
Are you using smart card to logon on domain controllers ?

I guess not

2003 and 2008 R2 won't make any difference and you can simply delete those certificates
0
 
LVL 1

Author Closing Comment

by:smyers051972
ID: 39976946
Thank you!
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now