Solved

Root CA Server was removed

Posted on 2014-07-20
7
133 Views
Last Modified: 2014-08-09
Hi Experts,

We did removed Root Enterprise CA Server (StandAlone) from our server for X reason.

Old servers and DC was moved to new servers and successful configured. And for now everything is working more then perfect.

But users start to get certificate error at there computers from Outlook. They does same hosted exchange server and there was no any changes.

Certificate error show that signed certificate was expired at 2009. Root certificate is till 2018.

What I should to do ?
(Create GPO to move them to untrusted or revoked or some any other ideas)

I need to prevent workstations from poping up this error/warning message.
0
Comment
Question by:Puzatiy
  • 4
  • 3
7 Comments
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 40207607
Check in Exchange Management Console under server management which certificate is being used, there you will probably find the expired one.
exchange 2010
0
 
LVL 3

Author Comment

by:Puzatiy
ID: 40207612
This is the point. There was an old Exchange server that was down a long long time ago. I Think 5 years ago. And now all employees connected to exchange that sitting at another environment at cloud. Its even not talking and wasn't talking with DC or CA.
0
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 40207618
Well, exchange doesnt ever need to talk to the CA, the CA only issues the certificate and exchange simply uses it.
There are other mechanisms that check if the certificate is valid.

Did you check ESM for the certificate?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 3

Author Comment

by:Puzatiy
ID: 40207788
Emmmm.... ESM 6.5

Have no idea where to search (Did tried to find and nothing), on my old exchange.

I did checked server, all certificates and did find this one, it's located in personal folder at computer level. There are others but they all till 2018. Only this one is expired i think clients have same one at same location ? Maybe this is the issue ?
0
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 40207821
Probably yes
0
 
LVL 3

Accepted Solution

by:
Puzatiy earned 0 total points
ID: 40240554
Issue was resolved. I did added new server and installed on it Enterprice Root CA with the old root CA. This did solve this incident. That did another issue with reauthorization for outlooks but its was solved fast too.

In second issue users was forced  to put again (one time) their credentials.

Patrick, Thanks for your help.
0
 
LVL 3

Author Closing Comment

by:Puzatiy
ID: 40250438
I did got an information and ideas. But in fact I didn't received any solution to resolve this issue.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now