?
Solved

Certificate for local system with Thumbprint is about to expire or already expired.

Posted on 2014-03-17
8
Medium Priority
?
6,627 Views
Last Modified: 2014-04-03
Strange event log here, I have two DC's in this location particularly that are complaining about the certificate being expired or about to expire.

I look and it says its valid until 2015 on the computer account BUT on the user account there are no certs.  am I missing something? :)

Thanks!
0
Comment
Question by:smyers051972
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39935316
On domain controllers you do not require user certificates

You do have Domain controller certificate on domain controller that is issued by your internal AD integrated enterprise CA server automatically

What errors are you getting on DCs?

Just ensure that you can telnet CA server on TCP 135 from domain controller

Mahesh
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935319
I forgot to attach screen shots, here they are.
evt64-1.png
evt64-2.png
evt64-3.png
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935320
Hi Mahesh

I _JUST_ uploaded them hope it helps :)

I can telnet to 135 no problem.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39935338
Ok
I have checked, its not Domain Controller certificate
One is just client auth cert and another is smart card cert

Client authentication cert is get installed because of some auto Enrollment group policy and is already expired on 5th March 2014
Smart card is installed by some administrators hopefully

I don't think you are using any certificate mentioned above on domain controllers

In that case You can simply delete those certificates

Also check your auto Enrollment settings in GPO
Its not set to automatically renew expired certificates

Check below video for more information
http://www.youtube.com/watch?v=S7IFp8cGOLs

Mahesh
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935383
ill check it out thank you!
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935515
They reference 2003 though we are all 2008 R2 any difference?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39936180
Are you using smart card to logon on domain controllers ?

I guess not

2003 and 2008 R2 won't make any difference and you can simply delete those certificates
0
 
LVL 1

Author Closing Comment

by:smyers051972
ID: 39976946
Thank you!
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question