Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Root CA Server was removed

Posted on 2014-07-20
7
137 Views
Last Modified: 2014-08-09
Hi Experts,

We did removed Root Enterprise CA Server (StandAlone) from our server for X reason.

Old servers and DC was moved to new servers and successful configured. And for now everything is working more then perfect.

But users start to get certificate error at there computers from Outlook. They does same hosted exchange server and there was no any changes.

Certificate error show that signed certificate was expired at 2009. Root certificate is till 2018.

What I should to do ?
(Create GPO to move them to untrusted or revoked or some any other ideas)

I need to prevent workstations from poping up this error/warning message.
0
Comment
Question by:Puzatiy
  • 4
  • 3
7 Comments
 
LVL 20

Expert Comment

by:Patrick Bogers
ID: 40207607
Check in Exchange Management Console under server management which certificate is being used, there you will probably find the expired one.
exchange 2010
0
 
LVL 3

Author Comment

by:Puzatiy
ID: 40207612
This is the point. There was an old Exchange server that was down a long long time ago. I Think 5 years ago. And now all employees connected to exchange that sitting at another environment at cloud. Its even not talking and wasn't talking with DC or CA.
0
 
LVL 20

Expert Comment

by:Patrick Bogers
ID: 40207618
Well, exchange doesnt ever need to talk to the CA, the CA only issues the certificate and exchange simply uses it.
There are other mechanisms that check if the certificate is valid.

Did you check ESM for the certificate?
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 3

Author Comment

by:Puzatiy
ID: 40207788
Emmmm.... ESM 6.5

Have no idea where to search (Did tried to find and nothing), on my old exchange.

I did checked server, all certificates and did find this one, it's located in personal folder at computer level. There are others but they all till 2018. Only this one is expired i think clients have same one at same location ? Maybe this is the issue ?
0
 
LVL 20

Expert Comment

by:Patrick Bogers
ID: 40207821
Probably yes
0
 
LVL 3

Accepted Solution

by:
Puzatiy earned 0 total points
ID: 40240554
Issue was resolved. I did added new server and installed on it Enterprice Root CA with the old root CA. This did solve this incident. That did another issue with reauthorization for outlooks but its was solved fast too.

In second issue users was forced  to put again (one time) their credentials.

Patrick, Thanks for your help.
0
 
LVL 3

Author Closing Comment

by:Puzatiy
ID: 40250438
I did got an information and ideas. But in fact I didn't received any solution to resolve this issue.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question