Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Certificate for local system with Thumbprint is about to expire or already expired.

Posted on 2014-03-17
8
Medium Priority
?
7,446 Views
Last Modified: 2014-04-03
Strange event log here, I have two DC's in this location particularly that are complaining about the certificate being expired or about to expire.

I look and it says its valid until 2015 on the computer account BUT on the user account there are no certs.  am I missing something? :)

Thanks!
0
Comment
Question by:smyers051972
  • 5
  • 3
8 Comments
 
LVL 39

Expert Comment

by:Mahesh
ID: 39935316
On domain controllers you do not require user certificates

You do have Domain controller certificate on domain controller that is issued by your internal AD integrated enterprise CA server automatically

What errors are you getting on DCs?

Just ensure that you can telnet CA server on TCP 135 from domain controller

Mahesh
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935319
I forgot to attach screen shots, here they are.
evt64-1.png
evt64-2.png
evt64-3.png
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935320
Hi Mahesh

I _JUST_ uploaded them hope it helps :)

I can telnet to 135 no problem.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 39

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39935338
Ok
I have checked, its not Domain Controller certificate
One is just client auth cert and another is smart card cert

Client authentication cert is get installed because of some auto Enrollment group policy and is already expired on 5th March 2014
Smart card is installed by some administrators hopefully

I don't think you are using any certificate mentioned above on domain controllers

In that case You can simply delete those certificates

Also check your auto Enrollment settings in GPO
Its not set to automatically renew expired certificates

Check below video for more information
http://www.youtube.com/watch?v=S7IFp8cGOLs

Mahesh
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935383
ill check it out thank you!
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935515
They reference 2003 though we are all 2008 R2 any difference?
0
 
LVL 39

Expert Comment

by:Mahesh
ID: 39936180
Are you using smart card to logon on domain controllers ?

I guess not

2003 and 2008 R2 won't make any difference and you can simply delete those certificates
0
 
LVL 1

Author Closing Comment

by:smyers051972
ID: 39976946
Thank you!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
In this tutorial, we’re going to learn how to convert Youtube to mp3 for Free. We'll show you how easy it is to make an mp3 from your video clips so that you can enjoy them offline.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question