<div>
On domain controllers you do not require user certificates<br />
<br />
You do have Domain controller certificate on domain controller that is issued by your internal AD integrated enterprise CA server automatically<br />
<br />
What errors are you getting on DCs?<br />
<br />
Just ensure that you can telnet CA server on TCP 135 from domain controller<br />
<br />
Mahesh
</div>


On domain controllers you do not require user certificates

You do have Domain controller certificate on domain controller that is issued by your internal AD integrated enterprise CA server automatically

What errors are you getting on DCs?

Just ensure that you can telnet CA server on TCP 135 from domain controller

Mahesh

<div>
I forgot to attach screen shots, here they are.<br />
<a href="https://filedb.experts-exchange.com/incoming/2014/03_w12/840360/evt64-1.png" target="_blank" class="file-inline" title="Event logs (22 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>evt64-1.png</a><br />
<a href="https://filedb.experts-exchange.com/incoming/2014/03_w12/840361/evt64-2.png" target="_blank" class="file-inline" title="Computer account mmc (33 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>evt64-2.png</a><br />
<a href="https://filedb.experts-exchange.com/incoming/2014/03_w12/840362/evt64-3.png" target="_blank" class="file-inline" title="user account mmc (32 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>evt64-3.png</a>
</div>


I forgot to attach screen shots, here they are.
evt64-1.png [https://filedb.experts-exchange.com/incoming/2014/03_w12/840360/evt64-1.png]
evt64-2.png [https://filedb.experts-exchange.com/incoming/2014/03_w12/840361/evt64-2.png]
evt64-3.png [https://filedb.experts-exchange.com/incoming/2014/03_w12/840362/evt64-3.png]

evt64-2.png

evt64-3.png

evt64-1.png

<div>
Hi Mahesh<br />
<br />
I _JUST_ uploaded them hope it helps :)<br />
<br />
I can telnet to 135 no problem.
</div>


Hi Mahesh

I _JUST_ uploaded them hope it helps :)

I can telnet to 135 no problem.

<div>
ill check it out thank you!
</div>


<div>
They reference 2003 though we are all 2008 R2 any difference?
</div>


They reference 2003 though we are all 2008 R2 any difference?

<div>
Are you using smart card to logon on domain controllers ?<br />
<br />
I guess not<br />
<br />
2003 and 2008 R2 won't make any difference and you can simply delete those certificates
</div>


Are you using smart card to logon on domain controllers ?

I guess not

2003 and 2008 R2 won't make any difference and you can simply delete those certificates

<div>
<div class="content wysiwyg-content">
Strange event log here, I have two DC's in this location particularly that are complaining about the certificate being expired or about to expire.<br />
<br />
I look and it says its valid until 2015 on the computer account BUT on the user account there are no certs. &nbsp;am I missing something? :)<br />
<br />
Thanks!
</div>
</div>


Strange event log here, I have two DC's in this location particularly that are complaining about the certificate being expired or about to expire.

I look and it says its valid until 2015 on the computer account BUT on the user account there are no certs.  am I missing something? :)

Thanks!

Certificate for local system with Thumbprint is about to expire or already expired.

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.