AD CS Configuration.
Hi
We have a Server 2012 R2 Standard running as a DC in a small office of about 8 PC running Windows 7 pro. I needed to set up an SSTP VPN service but found that I could not obtain the self signed certificate required for the client PC. Further investigation found that the ADCS Configuration is not complete and cannot be completed.
Visiting the Server Manager and looking at a flagged Notification I see that there is a Post-deployment Configuration notice to 'Configure Active Directory Certificate Services on the destination server' If I start this process I'm presented with a credentials page which is completed just fine so I click Next. Then Role Services has 'Certification Authority' is the only Role selected from the 6 potential Roles available - the remaining 5 can't be ticked they appear greyed out and I can't untick 'Certification Authority' either. The only option I have is to click Previous or Cancel which will not help me to complete the post process.
How can I break out of this cycle whilst keeping the domain active. I'm working remotely from the site through a VNC service.
Can I remove the ADCS Role safely or will this impact the existing client logins etc. I'm assuming it will but not 100% sure.
I have also noticed that the CertSrv site under the Default IIS webpage is not listed. I'm sure this was there not too long ago but again can't be sure. NB This accounts for being unable to access CertSrv on this server either locally or externally.
Some help in at least cleaning this position up would be welcomed.
Regards
We have a Server 2012 R2 Standard running as a DC in a small office of about 8 PC running Windows 7 pro. I needed to set up an SSTP VPN service but found that I could not obtain the self signed certificate required for the client PC. Further investigation found that the ADCS Configuration is not complete and cannot be completed.
Visiting the Server Manager and looking at a flagged Notification I see that there is a Post-deployment Configuration notice to 'Configure Active Directory Certificate Services on the destination server' If I start this process I'm presented with a credentials page which is completed just fine so I click Next. Then Role Services has 'Certification Authority' is the only Role selected from the 6 potential Roles available - the remaining 5 can't be ticked they appear greyed out and I can't untick 'Certification Authority' either. The only option I have is to click Previous or Cancel which will not help me to complete the post process.
How can I break out of this cycle whilst keeping the domain active. I'm working remotely from the site through a VNC service.
Can I remove the ADCS Role safely or will this impact the existing client logins etc. I'm assuming it will but not 100% sure.
I have also noticed that the CertSrv site under the Default IIS webpage is not listed. I'm sure this was there not too long ago but again can't be sure. NB This accounts for being unable to access CertSrv on this server either locally or externally.
Some help in at least cleaning this position up would be welcomed.
Regards
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
If this can be confirmed, I understand the recommended route is to remove and then reinstall the ADCA role - will this reinstate the CertSrv site in IIS ???
The CertSrv site is created by the Certification Authority Web Enrollment role service, and you mentioned that this role service isn't installed. That explains why the CertSrv site is missing, although there may be no way to figure out why the role service isn't currently installed, assuming it was previously.
ASKER
OK That's great. I'll remove the ADCA and then reinstall as discussed and report back her when done.
Again, thanks for your time with this.
Regards
Again, thanks for your time with this.
Regards
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- Radhakrishnan R (https:#a42371684)
-- DrDave242 (https:#a42375756)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- Radhakrishnan R (https:#a42371684)
-- DrDave242 (https:#a42375756)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
Active Directory
Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
Thanks for taking time to cover this and my sincere apologies fro not taking quick enough time to respond.
We do still have the issue but have been diverted to another problem - elsewhere.
I'm aware that adding and removing roles are two separate operations.
I haven't progressed to removing the role as I was uncertain if there were any dependencies (on what ever is installed)
The thing is this server has been installed (by me) for some years, but a third party has been tampering (Customer gave an application engineer the password) So I'm certain this was all setup and functioning about 2 months ago. So because of this I'm uncertain if I can remove the role (particularly remotely) with safety.
If this can be confirmed, I understand the recommended route is to remove and then reinstall the ADCA role - will this reinstate the CertSrv site in IIS ???
I'll keep a closer eye on this thread - ;-)
Regards