Solved

Root CA Server was removed

Posted on 2014-07-20
7
138 Views
Last Modified: 2014-08-09
Hi Experts,

We did removed Root Enterprise CA Server (StandAlone) from our server for X reason.

Old servers and DC was moved to new servers and successful configured. And for now everything is working more then perfect.

But users start to get certificate error at there computers from Outlook. They does same hosted exchange server and there was no any changes.

Certificate error show that signed certificate was expired at 2009. Root certificate is till 2018.

What I should to do ?
(Create GPO to move them to untrusted or revoked or some any other ideas)

I need to prevent workstations from poping up this error/warning message.
0
Comment
Question by:Puzatiy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 22

Expert Comment

by:Patrick Bogers
ID: 40207607
Check in Exchange Management Console under server management which certificate is being used, there you will probably find the expired one.
exchange 2010
0
 
LVL 3

Author Comment

by:Puzatiy
ID: 40207612
This is the point. There was an old Exchange server that was down a long long time ago. I Think 5 years ago. And now all employees connected to exchange that sitting at another environment at cloud. Its even not talking and wasn't talking with DC or CA.
0
 
LVL 22

Expert Comment

by:Patrick Bogers
ID: 40207618
Well, exchange doesnt ever need to talk to the CA, the CA only issues the certificate and exchange simply uses it.
There are other mechanisms that check if the certificate is valid.

Did you check ESM for the certificate?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:Puzatiy
ID: 40207788
Emmmm.... ESM 6.5

Have no idea where to search (Did tried to find and nothing), on my old exchange.

I did checked server, all certificates and did find this one, it's located in personal folder at computer level. There are others but they all till 2018. Only this one is expired i think clients have same one at same location ? Maybe this is the issue ?
0
 
LVL 22

Expert Comment

by:Patrick Bogers
ID: 40207821
Probably yes
0
 
LVL 3

Accepted Solution

by:
Puzatiy earned 0 total points
ID: 40240554
Issue was resolved. I did added new server and installed on it Enterprice Root CA with the old root CA. This did solve this incident. That did another issue with reauthorization for outlooks but its was solved fast too.

In second issue users was forced  to put again (one time) their credentials.

Patrick, Thanks for your help.
0
 
LVL 3

Author Closing Comment

by:Puzatiy
ID: 40250438
I did got an information and ideas. But in fact I didn't received any solution to resolve this issue.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question