?
Solved

Root CA Server was removed

Posted on 2014-07-20
7
Medium Priority
?
141 Views
Last Modified: 2014-08-09
Hi Experts,

We did removed Root Enterprise CA Server (StandAlone) from our server for X reason.

Old servers and DC was moved to new servers and successful configured. And for now everything is working more then perfect.

But users start to get certificate error at there computers from Outlook. They does same hosted exchange server and there was no any changes.

Certificate error show that signed certificate was expired at 2009. Root certificate is till 2018.

What I should to do ?
(Create GPO to move them to untrusted or revoked or some any other ideas)

I need to prevent workstations from poping up this error/warning message.
0
Comment
Question by:Puzatiy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 40207607
Check in Exchange Management Console under server management which certificate is being used, there you will probably find the expired one.
exchange 2010
0
 
LVL 3

Author Comment

by:Puzatiy
ID: 40207612
This is the point. There was an old Exchange server that was down a long long time ago. I Think 5 years ago. And now all employees connected to exchange that sitting at another environment at cloud. Its even not talking and wasn't talking with DC or CA.
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 40207618
Well, exchange doesnt ever need to talk to the CA, the CA only issues the certificate and exchange simply uses it.
There are other mechanisms that check if the certificate is valid.

Did you check ESM for the certificate?
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 3

Author Comment

by:Puzatiy
ID: 40207788
Emmmm.... ESM 6.5

Have no idea where to search (Did tried to find and nothing), on my old exchange.

I did checked server, all certificates and did find this one, it's located in personal folder at computer level. There are others but they all till 2018. Only this one is expired i think clients have same one at same location ? Maybe this is the issue ?
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 40207821
Probably yes
0
 
LVL 3

Accepted Solution

by:
Puzatiy earned 0 total points
ID: 40240554
Issue was resolved. I did added new server and installed on it Enterprice Root CA with the old root CA. This did solve this incident. That did another issue with reauthorization for outlooks but its was solved fast too.

In second issue users was forced  to put again (one time) their credentials.

Patrick, Thanks for your help.
0
 
LVL 3

Author Closing Comment

by:Puzatiy
ID: 40250438
I did got an information and ideas. But in fact I didn't received any solution to resolve this issue.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question