Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Certificate for local system with Thumbprint is about to expire or already expired.

Posted on 2014-03-17
8
Medium Priority
?
6,951 Views
Last Modified: 2014-04-03
Strange event log here, I have two DC's in this location particularly that are complaining about the certificate being expired or about to expire.

I look and it says its valid until 2015 on the computer account BUT on the user account there are no certs.  am I missing something? :)

Thanks!
0
Comment
Question by:smyers051972
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 38

Expert Comment

by:Mahesh
ID: 39935316
On domain controllers you do not require user certificates

You do have Domain controller certificate on domain controller that is issued by your internal AD integrated enterprise CA server automatically

What errors are you getting on DCs?

Just ensure that you can telnet CA server on TCP 135 from domain controller

Mahesh
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935319
I forgot to attach screen shots, here they are.
evt64-1.png
evt64-2.png
evt64-3.png
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935320
Hi Mahesh

I _JUST_ uploaded them hope it helps :)

I can telnet to 135 no problem.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39935338
Ok
I have checked, its not Domain Controller certificate
One is just client auth cert and another is smart card cert

Client authentication cert is get installed because of some auto Enrollment group policy and is already expired on 5th March 2014
Smart card is installed by some administrators hopefully

I don't think you are using any certificate mentioned above on domain controllers

In that case You can simply delete those certificates

Also check your auto Enrollment settings in GPO
Its not set to automatically renew expired certificates

Check below video for more information
http://www.youtube.com/watch?v=S7IFp8cGOLs

Mahesh
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935383
ill check it out thank you!
0
 
LVL 1

Author Comment

by:smyers051972
ID: 39935515
They reference 2003 though we are all 2008 R2 any difference?
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39936180
Are you using smart card to logon on domain controllers ?

I guess not

2003 and 2008 R2 won't make any difference and you can simply delete those certificates
0
 
LVL 1

Author Closing Comment

by:smyers051972
ID: 39976946
Thank you!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question