No announcement yet.

Long Dead CA - No Active CA - Help?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Long Dead CA - No Active CA - Help?

    Hi All,

    Started a new job last year and I think I've inherited a bit of a mess.

    In each of the domain controller event logs I'll get the following errors:-

    Event ID: 13 Source AutoEnrollment
    Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x800706ba). The RPC server is unavailable.

    Event ID: 10009 Source DCOM
    DCOM was unable to communicate with the computer certsvr using any of the configured protocols.

    Now it turns out we don't have CA installed anyway, and the server it mentions above certsvr doesn't exist anywhere, not in AD and certainly not physically. When I first started I noticed AD wasn't replicting between the DCs which I fixed, and while doing this found 3 old DCs in AD which again didn't exist anymore and looked like the previous Sys Admin had tried to bodge together a fix and gave up, leaving everything in a mess.

    So I now want to clear all this up as part of other work I'm doing. I'm basically trying to replace the original 2 DCs with 2 new ones which are running, plus get Exchange which was installed on the original DC totally running on its own server. This is already done, I just need to get it removed from the old DC, but anyway.

    If I open up the certificates snap in on a DC I can see 3 certificates for certsvr and vpnsvr, both of these don't exist. Is this whats causing the errors? They are from Root Certificate Authority templates by the look of it and expire during 2012. Also have a domain controller certificate in the personal certificates folder, for the original DC issued by this missing certsvr, but that expired 3 years ago?

    Any ideas on how I proceed with this as all the articles I find talk about having a CA already active, but I don't.