Solved

Root CA Server was removed

Posted on 2014-07-20
7
136 Views
Last Modified: 2014-08-09
Hi Experts,

We did removed Root Enterprise CA Server (StandAlone) from our server for X reason.

Old servers and DC was moved to new servers and successful configured. And for now everything is working more then perfect.

But users start to get certificate error at there computers from Outlook. They does same hosted exchange server and there was no any changes.

Certificate error show that signed certificate was expired at 2009. Root certificate is till 2018.

What I should to do ?
(Create GPO to move them to untrusted or revoked or some any other ideas)

I need to prevent workstations from poping up this error/warning message.
0
Comment
Question by:Puzatiy
  • 4
  • 3
7 Comments
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 40207607
Check in Exchange Management Console under server management which certificate is being used, there you will probably find the expired one.
exchange 2010
0
 
LVL 3

Author Comment

by:Puzatiy
ID: 40207612
This is the point. There was an old Exchange server that was down a long long time ago. I Think 5 years ago. And now all employees connected to exchange that sitting at another environment at cloud. Its even not talking and wasn't talking with DC or CA.
0
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 40207618
Well, exchange doesnt ever need to talk to the CA, the CA only issues the certificate and exchange simply uses it.
There are other mechanisms that check if the certificate is valid.

Did you check ESM for the certificate?
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 3

Author Comment

by:Puzatiy
ID: 40207788
Emmmm.... ESM 6.5

Have no idea where to search (Did tried to find and nothing), on my old exchange.

I did checked server, all certificates and did find this one, it's located in personal folder at computer level. There are others but they all till 2018. Only this one is expired i think clients have same one at same location ? Maybe this is the issue ?
0
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 40207821
Probably yes
0
 
LVL 3

Accepted Solution

by:
Puzatiy earned 0 total points
ID: 40240554
Issue was resolved. I did added new server and installed on it Enterprice Root CA with the old root CA. This did solve this incident. That did another issue with reauthorization for outlooks but its was solved fast too.

In second issue users was forced  to put again (one time) their credentials.

Patrick, Thanks for your help.
0
 
LVL 3

Author Closing Comment

by:Puzatiy
ID: 40250438
I did got an information and ideas. But in fact I didn't received any solution to resolve this issue.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
powershell add exchange property to a report 12 51
Exchange 2010 to Exchange 2016 - migrating [room] resources. 3 39
outlook 6 38
outloo, calendar 11 17
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This video discusses moving either the default database or any database to a new volume.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question