Microsoft-Windows-CertificateServicesClient-AutoEnrollment error ID 64 on SBS 2008 server

Lately I am getting these warnings in the event log and today my RWW stopped working for a while .
It came back but I have no idea why . This is the only thing I am seeing repeating in the event log .
This is the only server and functions as a the WSUS and file server and the RWW service.
Is there anything I need to do to get rid of this ?
Can you point me in the direction of a resolution ?
Thanks in advance

Log Name: Application
Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Date: 6/4/2015 1:04:38 PM
Event ID: 64
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer:company .mls.local
Description:
Certificate for local system with Thumbprint 36 a2 4d af e3 ff 3e f4 81 9d 7a c1 84 49 14 87 3a 3b ee c0 is about to expire or already expired.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" EventSourceName="AutoEnrollment" />
<EventID Qualifiers="32768">64</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-06-04T17:04:38.000Z" />
<EventRecordID>344565</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>MLS-MAIN.mls.local</Computer>
<Security />
</System>
<EventData>
<Data Name="Context">local system</Data>
<Data Name="ObjId">36 a2 4d af e3 ff 3e f4 81 9d 7a c1 84 49 14 87 3a 3b ee c0</Data>
</EventData>
</Event>
Andre PAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hypercat (Deb)Commented:
This indicates that you are using a self-signed certificate for some services (probably Exchange and/or RWW), and that the certificate has or is about to expire.  The easiest way to renew this certificate is from the Setup the Internet wizard, unless you are ALSO using a separate certificate that is not self-signed.  

To check whether you are using only the self-signed certificate for Exchange (if you don't already know), you can run the following command from the Exchange management shell:

get-exchangecertificate |fl

This will display a list of the certificates that are being used for Exchange and what services (IMAP, POP, SMTP, SSL) they are assigned to.  Then, compare the thumbprint shown in the event log message against the thumbprints displayed on this list to see which certificate has or is about to expire.
0
Andre PAuthor Commented:
Thanks for you quick reply and help .


Below is what I found that matches the thumbprint

It says self-signed is false . Does that mean that I cannot renew it with the method you stated ?
Could this be the reason why the RWW suddenly was not working ?
What do I do ?

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.thecompany.com, thecompany.c
om, MCC-MOON.mcc.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=mls-MCC-MOON-CA
NotAfter : 9/28/2013 1:39:23 PM
NotBefore : 9/29/2011 1:39:23 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 610FF47B00000000001B
Services : IMAP, POP, SMTP
Status : Invalid
Subject : CN=remote.thecompany.com
Thumbprint : 36A24DAFF3FF3EF4819D7AD1844914873A3BFEC0
0
Hypercat (Deb)Commented:
Sorry for the delayed reply; I was away for a few days.

The issuing server is listed as:  CN=mls-MCC-MOON-CA.  This looks like a self-signed certificate to me, so I'm not sure why it says it's not.  It also looks like it expired some time ago. But the thumbprint is not the same as the one in the event log entry:

Event log entry:  36a24dafe3ff3ef4819d7ac1844914873a3beec0
Your post:           36A24DAFF3FF3EF4819D7AD1844914873A3BFEC0

C1844914873A3BEEC0
D1844914873A3BFEC0

The differences are small but they are there.  Can you post the complete list of certificates?
0
Andre PAuthor Commented:
Log Name:      Application
Source:        Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Date:          6/20/2015 11:02:02 PM
Event ID:      64
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      MLS-MAIN.mls.local
Description:
Certificate for local system with Thumbprint 2d 5a 90 80 e0 59 68 09 aa a7 10 e9 bf 48 94 15 d1 c4 f0 ae is about to expire or already expired.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" EventSourceName="AutoEnrollment" />
    <EventID Qualifiers="32768">64</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-21T03:02:02.000Z" />
    <EventRecordID>425677</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>MLS-MAIN.mls.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Context">local system</Data>
    <Data Name="ObjId">2d 5a 90 80 e0 59 68 09 aa a7 10 e9 bf 48 94 15 d1 c4 f0 ae</Data>
  </EventData>
</Event>



Certificate log


AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {localhost}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=localhost
NotAfter : 2/6/2025 7:00:00 PM
NotBefore : 2/7/2015 7:05:48 PM
PublicKeySize : 1024
RootCAType : None
SerialNumber : 087C922D5CA7FE8544893C40ADE9BFF7
Services : None
Status : Valid
Subject : CN=localhost
Thumbprint : 60794ED6E4BCAA9FB9BF86F6422F788402901E0B

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {MLS-MAIN.mls.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=mls-MLS-MAIN-CA
NotAfter : 9/3/2014 3:14:49 PM
NotBefore : 9/3/2014 2:08:34 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 309394D1000000000040
Services : IMAP, POP
Status : Invalid
Subject : CN=MLS-MAIN.mls.local
Thumbprint : A223EB3169F432A15EEF992F8237541FAAF6E152

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.thecompany.com, thecompany.com, MLS-MAIN.mls.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=mls-MLS-MAIN-CA
NotAfter : 10/4/2013 10:02:29 PM
NotBefore : 10/5/2011 10:02:29 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 17B390A300000000001D
Services : IMAP, POP, SMTP
Status : Invalid
Subject : CN=remote.thecompany.com
Thumbprint : 2D5A9080E0596809AAA710E9BF489415D1C4F0AE

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.thecompany.com}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Network Solutions DV Server CA, O=Network Solutions L.L
.C., C=US
NotAfter : 3/19/2016 7:59:59 PM
NotBefore : 10/5/2011 8:00:00 PM
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : 7CD5D0B8EBF24819F776D2B7F6F12CDE
Services : IIS, SMTP
Status : Valid
Subject : CN=remote.thecompany.com, OU=nsProtect Secure X
press, OU=Domain Control Validated
Thumbprint : 8B9B6E91FE283B1FD9CB4374E635E9E2FA58E935

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.thecompany.com, thecompany.com, MLS-MAIN.mls.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=mls-MLS-MAIN-CA
NotAfter : 9/28/2013 1:39:23 PM
NotBefore : 9/29/2011 1:39:23 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 610EF47B00000000001B
Services : IMAP, POP, SMTP
Status : Invalid
Subject : CN=remote.thecompany.com
Thumbprint : 36A24DAFE3FF3EF4819D7AC1844914873A3BEEC0

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Sites, MLS-MAIN.mls.local}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=mls-MLS-MAIN-CA
NotAfter : 9/3/2011 3:05:04 PM
NotBefore : 9/3/2009 3:05:04 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 610441DF000000000002
Services : IMAP, POP, SMTP
Status : Invalid
Subject : CN=Sites
Thumbprint : AD4D74861B77D787C4072A17B9FB9A7D9FAF4182

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mls-MLS-MAIN-CA}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=mls-MS-MAIN-CA
NotAfter : 9/3/2014 3:14:49 PM
NotBefore : 9/3/2009 3:04:49 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 4256196235CDE8A9450C7315DAF19AED
Services : None
Status : Invalid
Subject : CN=mls-MS-MAIN-CA
Thumbprint : 8BA2B125D5D4AA3F3B355E904E4494BD1BA92D42

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-L54IFZ0IDFD}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=WMSvc-WIN-L54IFZ0IDFD
NotAfter : 8/31/2019 8:38:39 PM
NotBefore : 9/2/2009 8:38:39 PM
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : CDB4CBC95A9520A54B028E2C6CC17D12
Services : None
Status : Valid
Subject : CN=WMSvc-WIN-L54IFZ0IDFD
Thumbprint : F2D13CEE5212F1AE8695881DCE4D6D97661C799D
0
Hypercat (Deb)Commented:
If this is an SBS machine, you can renew the self-signed certificates that are expired by running the "Fix My Network" wizard.  This should renew any of these certificates that you need.  Your RWW website and your SMTP email, however, are secured by your Network Solutions certificate, so you shouldn't be having any problems with either of these services.  That Network Solutions certificate (thumbprint 8B9B6E91FE283B1FD9CB4374E635E9E2FA58E935) is good until March of 2016.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.