Link to home
Start Free TrialLog in
Avatar of TrevorWhite
TrevorWhiteFlag for United Kingdom of Great Britain and Northern Ireland

asked on

AD CS Configuration.

Hi
We have a Server 2012 R2 Standard running as a DC in a small office of about 8 PC running Windows 7 pro. I needed to set up an SSTP VPN service but found that I could not obtain the self signed certificate required for the client PC. Further investigation found that the ADCS Configuration is not complete and cannot be completed.

Visiting the Server Manager and looking at a flagged Notification I see that there is a Post-deployment Configuration notice to 'Configure Active Directory Certificate Services on the destination server' If I start this process I'm presented with a credentials page which is completed just fine so I click Next. Then Role Services has 'Certification Authority' is the only Role selected from the 6 potential Roles available - the remaining 5 can't be ticked they appear greyed out and I can't untick 'Certification Authority' either. The only option I have is to click Previous or Cancel which will not help me to complete the post process.

How can I break out of this cycle whilst keeping the domain active. I'm working remotely from the site through a VNC service.

Can I remove the ADCS Role safely or will this impact the existing client logins etc. I'm assuming it will but not 100% sure.

I have also noticed that the CertSrv site under the Default IIS webpage is not listed. I'm sure this was there not too long ago but again can't be sure. NB This accounts for being unable to access CertSrv on this server either locally or externally.

Some help in at least cleaning this position up would be welcomed.

Regards
ASKER CERTIFIED SOLUTION
Avatar of Radhakrishnan
Radhakrishnan
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of TrevorWhite

ASKER

Hi Radhakrishnan and DrDave
Thanks for taking time to cover this and my sincere apologies fro not taking quick enough time to respond.
We do still have the issue but have been diverted to another problem - elsewhere.

I'm aware that adding and removing roles are two separate operations.
I haven't progressed to removing the role as I was uncertain if there were any dependencies (on what ever is installed)
The thing is this server has been installed (by me) for some years, but a third party has been tampering (Customer gave an application engineer the password) So I'm certain this was all setup and functioning about 2 months ago. So because of this I'm uncertain if I can remove the role (particularly remotely) with safety.

If this can be confirmed, I understand the recommended route is to remove and then reinstall the ADCA role - will this reinstate the CertSrv site in IIS ???

I'll keep a closer eye on this thread -  ;-)
Regards
If this can be confirmed, I understand the recommended route is to remove and then reinstall the ADCA role - will this reinstate the CertSrv site in IIS ???

The CertSrv site is created by the Certification Authority Web Enrollment role service, and you mentioned that this role service isn't installed. That explains why the CertSrv site is missing, although there may be no way to figure out why the role service isn't currently installed, assuming it was previously.
OK That's great. I'll remove the ADCA and then reinstall as discussed and report back her when done.
Again, thanks for your time with this.

Regards
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- Radhakrishnan R (https:#a42371684)
-- DrDave242 (https:#a42375756)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Pber
Experts-Exchange Cleanup Volunteer