Certificate Authority cannot find domain controller
I recently started working for a company that has an offline CAROOT server and an online CASUB server. Prior to my arrival, the old 2008 DCs were replaced with new 2012 DCs, in a proper upgrade. After the new DCs worked, the old ones were demoted, shut down
and eventually deleted.
Unfortunately, it looks like one of the things that was missed was the re-jigging of the certificate authority to the new domain controller(s), such that after a few months, the CDP Locations have expired (they point at the correct location, the CASUB server).
When I check the Manage AD Containers entry, I can see that the RootCA is now showing as "Untrusted Root" and all the entries in the CDP Container show as Expired.
Is there an easy way to repair this (the old DCs can not be spun up again, they are gone), or will I need to set up an all new certificate infrastructure?
We use certificates to determine what workstations are allowed on the network infrastructure (the Cisco switch ports exa, while workstations currently have unexpired certificates, they can still access the network, but when they start to expire, we will
have workstations unable to connect to the network.
I am fairly new to managing certificates and authorities.
Hi Michael,
the CDP Locations have expired (they point at the correct location, the CASUB server).
You can publish a new CRL by right click on Revoked Certificates container.
More information for you:
How to Publish New Certificate Revocation List (CRL) from Offline Root CA to Active Directory and Inetpub
http://social.technet.microsoft.com/wiki/contents/articles/19160.how-to-publish-new-certificate-revocation-list-crl-from-offline-root-ca-to-active-directory-and-inetpub.aspx
Specify CRL Distribution Points
https://technet.microsoft.com/en-us/library/cc753296.aspx
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Similar Messages
-
Im getting error "Unable to find domain controller for the specified domain. Please explicitly specify the domain controller." when I try to create an AD connection for my User Profile Service. The entire sharepoint environment is installed
on one server. That server has everyting on it, AD, SQL, Sharepoint, and its the domain controller. I cant figure out why this will not identify?Trevor FielderHi,
Did you get this error when clicking on the Populate Containers button?
If yes, please make sure that you have provide the domain credentials in the account name and password
boxes below when entering the domain information. The account must be granted the replicating directory changes permission on the domain.
You can refer to this blog:
http://www.harbar.net/articles/sp2010ups.aspx
Xue-Mei Chang -
Cannot start Domain Controller and node
I installed Oracle db v9.2.0.1, oracle 9ias j2ee and web cache Release 2 (v9.0.3) and CMSDK v9.0.3 for windows on single machine.
Installation was fine.
However, when I try to start ifs domain controller, I got following error in ifsctl.log file.
+++++++++
2/28/03 11:42 PM ifsctl: HostController constructed
2/28/03 11:42 PM SocketRemoter: Initialized
2/28/03 11:42 PM ifsctl:
2/28/03 11:42 PM ifsctl: Domain ifs://star:1521:i4idb:I4ITEST
2/28/03 11:42 PM ifsctl:
2/28/03 11:42 PM ifsctl: Domain controller
2/28/03 11:42 PM ifsctl: (runs locally)
2/28/03 11:42 PM SocketRemoter: Find ifs_socket://star:53140/IFS.DOMAIN.DOMAINCONTROLLER.Locator
2/28/03 11:42 PM SocketRemoter: Constructed channel [email protected]:53140
2/28/03 11:42 PM ifsctl: is stopped; launching
2/28/03 11:42 PM ifsctl: Unexpected exception: Error from external process: 6
2/28/03 11:42 PM ifsctl:
2/28/03 11:42 PM ifsctl: oracle.sysman.emSDK.common.emdComm.RemoteOperationException
oracle.sysman.emSDK.common.emdComm.RemoteOperationException: Error from external process: 6
at oracle.sysman.emd.command.OSCommandManager.runOSCommand(OSCommandManager.java:239)
at oracle.sysman.emd.main.EMDRuntime.runRemoteCommand(EMDRuntime.java:1334)
at oracle.sysman.emSDK.common.emdComm.EMDClient.remoteOperation(EMDClient.java:501)
at oracle.ifs.admin.web.monitor.EmdHostControllerForker$1.run(EmdHostControllerForker.java:126)
2/28/03 11:42 PM ifsctl: HostController disposed
2/28/03 11:42 PM ifsctl:
2/28/03 11:42 PM ifsctl:
2/28/03 11:42 PM ifsctl: HostController constructed
2/28/03 11:42 PM ifsctl: HostController disposed
2/28/03 11:42 PM ifsctl:
++++++
Does anyone know this problem?
Thanks a lot.
Kate"Error from external process: 6" means there is no such user account on your windows machine. Make sure the user name and password you specified are valid. And you need to grant the "log on as a batch job" user right to the user account, otherwise you'll see error 7 (authentication error).
Please consult with CMSDK Admin Guide for details. -
Removing a Certificate Authority from a domain when the physical server no longer exists
So I have two certificate authorities in a domain that I inherited that were set up on servers that have been taken out of service years ago, so I am not able to do the proper CA uninstall. I get constant errors on my DCs referencing certificate autoenrollement
errors associated with these non-existent CAs (listed below). What is the proper way to remove these CAs from AD and how can I be sure that no certificates they generated are used? I see that the certs in the DC stores generated by the
CAs in question all expired last year, and that hasn't seemed to have caused a problem.
DC errors referencing abandoned CAs:
Event ID 6: Automatic certificate enrollment failed, the RPC Server is Unavailable
Event ID 13: Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from OLDCA
Event ID 82: Certificate enrollment for Local system failed in authentication to all urls for enrollment server associated with policy id: {GUID} (The RPC server is unavailable. 0x800706ba (WIN32: 1722)). Failed to enroll for template: DomainController
There is no definitive way to know for sure, but you could do a little checking. If the there is no valid CRL (expired or none existent) then most likely all of the certificates in the environment are unusable. You can use this command to view the CRLs in
AD. Replaced the DC=XXX with your AD distinguished name.
Certutil -viewstore "ldap:///CN=CAName,CN=MachineName,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=XXX,DC=XXX?certificateRevocationList?base?objectClass=cRLDistributionPoint"
Also, if you are still uncertain, you can remove the objects from the Enrollment Services container (CN=Configuration,CN=Services,CN=Public Key Services). That will make it appear that there is no CA available and the enrollment messages will go away you
are seeing. But anything else that may or may not be using a certificate will be unaffected.
Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years. -
Hi,
is it possible to get info from a SharePoint 2010 server what domain controllet it uses to authenticate users?
The SharePoint server doesn't get updates on AD usergroup members, so New users does not get Access to sites when they are added to AD Groups thet should give them access...
jikMake sure Active Directory Sites and Service is configured with the subnet that SharePoint resides on mapped to the nearest Site, which should contain one or more domain controllers.
Other than that, you would need to take network traces or enable login auditing on the Domain Controllers. SharePoint will pick one at random (unless there is only one DC in the Site).
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Can you have the same Certificate Authority exist on both boxes while I work to get the 2012 up and running fully? Will it impact the users in any way or cause problems?
> Can you have the same Certificate Authority exist on both boxes while I work to get the 2012 up and running fully?
no. You have to uninstall CA role before you uninstall Domain Controller role from existing server.
this is why it is not recommended to keep CA role on domain controllers.
Vadims Podāns, aka PowerShell CryptoGuy
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell File Checksum Integrity Verifier tool. -
Hyper-V Guest Cannot Find Host Domain Controller 2012 R2
Poweredge T320 server as a Domain Controller, file server and an EXCHANGE 2010 server. There are no other servers at the site.
DHCP is from the firewall. The DC and the file server will be on the host.
The 2010 EXCHANGE server will be on the guest. The Hyper-V
2012 R2 server cannot see the Domain Controller on the host 2012 R2 server.
The Active Directory is requesting to be promoted to a Domain Controller.
I have a logical or physical error in the installation.
It is asking to promote the Hyper-V guest 2012 R2 to a Domain Controller.
I believe I should have only one Domain Controller in this application.
After the Hyper-V guest can see the host domain controller I will install EXCHANGE 2010.
This is a test environment, offsite.
NIC1 – Host IP:192.168.1.130, 255.255.255.0, Gateway:192.168.1.1, DNS:127.0.0.1
NIC2- Only Hyper-V switch checked
Virtual Switch: 192.168.1.140, 255.255.255.0, Gateway: Blank, DNS: Was 127.0.0.1 didn’t work so I pointed it to the host, 192.168.1.130, but that didn’t work either.
Host adapter: IP:192.168.1.150, 255.255.255.0, 192.168.1.1, DNS Pointing to HOST:162.168.1.130
Active Directory and DNS installed on the guest.
Removed IPv6 from both NICs without any change.
IPAM is not installed on the host or the guest.
Several articles in Internet search didn’t help.
Thanks for your help.Hi Steve,
I suggest referring to the following links:
REMOTEFX, WINDOWS SERVER & HYPER-V SERVER
http://blogs.technet.com/b/puneetvig/archive/2011/04/21/remotefx-windows-server-amp-hyper-v-server.aspx
RemoteFX (with Hyper-V) is a serious business tool. For games.
http://blogs.technet.com/b/tristank/archive/2012/02/17/remotefx-with-hyper-v-is-a-serious-business-tool-for-games.aspx
Best Regards,
Vincent Wu
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Certificate for Domain Controller Will not import
Hi,
I am having an issue importing a Certificate .crt file on a Windows Server 2008 R2 Domain Controller. The Certiificate is needed for migrating our 2003 Domain Controllers to 2008r2. When I try to use the command line to import the certificate
using the following:
I receive the following output:
Cannot find object or property. 0x80092004 (-2146885628)
I also tried this command
certreq.exe -accept hostname.crt -machine and received the same error.
When I try to import the Certificate using the GUI it works but there is no "private key" found.
The Certificate was issued from Digicert.
Does anyone know how to resolve this so my certificate imports correctly with a private key intact?
Thanks,
Kevin C.Here are the steps as explained by Digicert:
How to Import and Export your SSL Certificate
https://www.digicert.com/import-export-ssl-certificate.htm
Note that I've used Digicert and haven't had a problem with the private key. If the private key's missing, there will be missing functionality. And also note, that Digicert's tech support is free and they are actually pretty good and can help almost immediately
as soon as you call them. They've helped me a number of times.
Give them a call 24/7: 1.801.701.9600
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
Installing Domain Controller certificates remotely - private key remains on local server!
Using a 3rd party CA (Entrust), I have successfully requested and installed Domain Controller certificates via the Certificates MMC snap-in.
I did this from one Domain Controller, and then just used the (right click) "Connect to another computer" option to do the rest. Everything looks absolutely fine, the certificates look ok.... certificate chain is complete, and valid (all
CA certs are installed) and the certificates say "You have the private key that corresponds to this certificate".
If I do a LDAPS bind using LDP.exe, it works fine on the first DC.
Do this on the next and I get the error:
Cannot open connection
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to DCHostname.
After some checking I looked in the folder C:\ProgramData\Microsoft\Crypto\Keys
This contains a lot of files on the DC I was logged onto when installing the certs, and no files on any of the other DCs. I am guessing this is the private key file and it has stored all of them on the local machine I was running MMC from rather than
on the machines I connected to from MMC.
Is there any way to get these keys onto the correct DCs now - or will I have to re-request all of the others. The private key was not exportable.
I figured copying and pasting them was probably not going to work with a private key, but I tried it anyway just to be sure!
It is pretty annoying as no clue was given during the process of requesting and installing the certificates, and there is no error when you look at the certificate - they all think they have the private key associated to them, even though it rather looks
like they don't!
It's a bit painful requesting certificates here, so any help in avoiding this would be appreciated! Thank youThank you Elke,
So I copied the key files across from the server where they were all generated to the server I remotely connected to (which had no key files at all). Copied all just to be sure, though I’m
pretty sure which one actually relates to that server as I did them all in order - reflected by the time stamps.
Ensured all the permissions were the same, and that they were marked as ‘system’ files.
Ran the command
certutil -repairstore my [SerialNumber of cert]as
you suggested, but no luck unfortunately.
So firstly, I get the same error message:
Cannot find the certificate and private key for decryption.
CertUtil: -repairstore command FAILED: 0x80090010 (-2146893808)
And then I get:
CertUtil: Access denied.
Not sure why the access denied, I am running elevated with full local and domain administration rights.
Toby -
KDC Event ID 29 - The KDC cannot find a suitable certificate to use for smart card logons...
I am getting the event (below) every day on a new 2008 domain controller that I brought up recently. The DC has a domain controller certificate, that was automatically issued by an online enterprise CA. This CA is located in another domain (child domain) within the same forest. The 2008 DC is in the top-lvel domain. None of the other domain controllers , which are 2003, are reporting this message. I ran certutil.exe, and it successfully verifies all domain controller certificates, including the certificate on my new 2008 DC. Any ideas why these messages continue to appear?
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.Hi,
I have checked the file. Here is my findings:
1. The computer name of the domain controllers are different in this dcinfo.txt file. There is no Swampoak. I would like to confirm which one is Windows Server 2008 domain controller.
2. The domain controller Buckeye and Madrone both have 2 KDC certificates, one is expired and the other one is valid:
*** Testing DC[0]: MADRONE
** KDC Certificates for DC MADRONE
Certificate 0: -à Valid
Serial Number: 116bbdd90000000000b6
Issuer: ***
NotBefore: 12/15/2008 2:28 AM
NotAfter: 12/15/2009 2:28 AM
Subject: CN=madrone.****
Certificate Template Name (Certificate Type): DomainController
Non-root Certificate
Template: DomainController, Domain Controller
Certificate 1: --à Expired
Serial Number: 15c2f00b000000000028
Issuer: ****
NotBefore: 3/9/2007 3:05 PM
NotAfter: 3/8/2008 3:05 PM
Subject: EMPTY (DNS Name=madrone.****)
Non-root Certificate
Template: DomainControllerAuthentication, Domain Controller Authentication
*** Testing DC[1]: BUCKEYE
** KDC Certificates for DC BUCKEYE
Certificate 0: -à Expired
Serial Number: 15c4ddc2000000000029
Issuer: *****
NotBefore: 3/9/2007 3:07 PM
NotAfter: 3/8/2008 3:07 PM
Subject: EMPTY (DNS Name=buckeye.****)
Non-root Certificate
Template: DomainControllerAuthentication, Domain Controller Authentication
Certificate 1: -à Valid
Serial Number: 115f34ec0000000000b4
Issuer: ****
NotBefore: 12/15/2008 2:15 AM
NotAfter: 12/15/2009 2:15 AM
Subject: CN=buckeye.****
Certificate Template Name (Certificate Type): DomainController
Non-root Certificate
Template: DomainController, Domain Controller
Suggestion:
1. Please delete the expired certificate and then reboot the domain controller and test the issue again.
2. If the issue persists, please request a new Domain Controller Authentication certificate on the domian controller and check the result. -
Domain Controller cannot access \\domain\netlogon causing Auth issues
Hi everyone, I have been spent all day trying to figure out what is going on here, I have a Domain controller (only DC in the environment) that is acting funny
I first noticed when I was attempting to RDP into a server in my domain I was getting "access denied" (but I could log in as a local admin). So when I looked at the Domain Controller, I ran a DCDiag DNS test and got some an AUTH error, but am not
able to figure out how to fix this.
Another thing I notice is when I am signed into the domain Controller (GP2010-a), I cannot browse to
\\contoso.com\netlogon or any similar share.
Here is the kicker, other servers on this domain, server3, server4, server5 etc... THEY CAN access
\\contoso.com\netlogon It is ONLY the Domain controller and Server2 that CANNOT access this share. The other servers also allow me to RDP into them fine, it is only 1 server that is affected by this strange behavior.
I have checked for no IP conflicts and as far as I can tell all the DNS records are correct.
Regarding the DYNAMIC ip warning, we have a reservation that assigns the IP
thanks for any input here as i'm really stuck,
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = GP2010-A
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GP2010-A
Starting test: Connectivity
......................... GP2010-A passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GP2010-A
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... GP2010-A passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : contoso
Running enterprise tests on : contoso.com
Starting test: DNS
Test results for domain controllers:
DC: GP2010-A.contoso.com
Domain: contoso.com
TEST: Authentication (Auth)
Error: Authentication failed with specified credentials
TEST: Basic (Basc)
Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
(can be a misconfiguration)
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235
DNS server: 2001:500:2::c (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c
DNS server: 2001:500:2d::d (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d
DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f
DNS server: 2001:500:3::42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42
DNS server: 2001:500:84::b (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b
DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30
DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30
DNS server: 2001:7fd::1 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1
DNS server: 2001:7fe::53 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53
DNS server: 2001:dc3::35 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: contoso.com
GP2010-A FAIL WARN PASS PASS PASS PASS n/a
......................... contoso.com failed test DNSHi,
TEST: Basic (Basc)
Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
(can be a misconfiguration)
Do you have any NIC conifgured to get dynamic IP on your DC which is having issue? If yes, please disable that NIC. Also, please provide me the result of the below
1) On your DC which is having issue, run "ipconfig /all"
2) Repadmin /showrepl
Thanks,
Umesh.S.K
Thanks, there is only 1 nic card. It is getting a dhcp address because this is an AZURE Hyper-v machine and I have set an IP reservation for it. I have no way to hardcode the IP because it gets shut off/on all the time
C:\Users\Administrator>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\GP2010-A
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 007c755c-f56c-4e51-a211-fd4431f63927
DSA invocationID: 007c755c-f56c-4e51-a211-fd4431f63927 -
i need a help. I am new in company and have to solve this problem.
My colleague did a migration from Small Business server 2003 to Foundation 2008, about 1 year ago. After few days, he got this error message in title. Server turn off about once a month. He worked following:
joined new server Foundation to the Domain
dcpromo on new Server
migration (he said that he worked step-by-step with tutorial)
demote on old Server SBS 2003
disconnect old server from domain. This old is not in function now.
New server have just 3 computer accounts. The Forest functional level is Server 2003.
I've did dcdiag:
C:\Users\Administrator>slmgr.vbs /dli
C:\Users\Administrator>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = server2008
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER2008
Starting test: Connectivity
......................... SERVER2008 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER2008
Starting test: Advertising
......................... SERVER2008 passed test Advertising
Starting test: FrsEvent
......................... SERVER2008 passed test FrsEvent
Starting test: DFSREvent
......................... SERVER2008 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER2008 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER2008 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER2008 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER2008 passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER2008 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER2008 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER2008 passed test ObjectsReplicated
Starting test: Replications
......................... SERVER2008 passed test Replications
Starting test: RidManager
......................... SERVER2008 passed test RidManager
Starting test: Services
......................... SERVER2008 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x8000001D
Time Generated: 03/08/2012 09:59:45
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
or enroll for a new KDC certificate.
An error event occurred. EventID: 0xC0001B61
Time Generated: 03/08/2012 10:09:56
Event String:
A timeout was reached (30000 milliseconds) while waiting for the Liv
eUpdate service to connect.
An error event occurred. EventID: 0xC0001B58
Time Generated: 03/08/2012 10:09:56
Event String:
The LiveUpdate service failed to start due to the following error:
......................... SERVER2008 failed test SystemLog
Starting test: VerifyReferences
......................... SERVER2008 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : BREG
Starting test: CheckSDRefDom
......................... BREG passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... BREG passed test CrossRefValidation
Running enterprise tests on : BREG.local
Starting test: LocatorCheck
......................... BREG.local passed test LocatorCheck
Starting test: Intersite
......................... BREG.local passed test Intersite
C:\Users\Administrator>
I did nslookup:
C:\Users\Administrator>nslookup
Default Server: UnKnown
Address: ::1
and this:
C:\Users\Administrator>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server server2008
Binding to server2008 ...
Connected to server2008 using credentials of locally logged on user.
server connections: q
fsmo maintenance: select operation target
select operation target: list roles for connected server
Server "server2008" knows about 5 roles
Schema - CN=NTDS Settings,CN=SERVER2008,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=BREG,DC=local
Naming Master - CN=NTDS Settings,CN=SERVER2008,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=BREG,DC=local
PDC - CN=NTDS Settings,CN=SERVER2008,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=BREG,DC=local
RID - CN=NTDS Settings,CN=SERVER2008,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=BREG,DC=local
Infrastructure - CN=NTDS Settings,CN=SERVER2008,CN=Servers,CN=Default-First-Site
-Name,CN=Sites,CN=Configuration,DC=BREG,DC=local
select operation target:
Did also slmgr.vbs /dli and got:
name:Windows Server(R) ServerWinFoundation edition
Description: Windows operating System - Windows Server(R),
OEM_COA_NSLP channel
Partial product key:.......
License Status:Licensed
thanks for help, in advanceI forgot to say that it is the only DC in the domain.
and this is DNS test
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine server2008, is a Directory Server.
Home Server = server2008
* Connecting to directory service on server server2008.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=BREG,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BREG,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=BREG,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SERVER2008,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BREG,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER2008
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... SERVER2008 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER2008
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... SERVER2008 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : BREG
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : BREG.local
Starting test: DNS
Test results for domain controllers:
DC: server2008.BREG.local
Domain: BREG.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Foundation (Service Pack level: 1.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Intel(R) 82566DM-2 Gigabit Network Connection:
MAC address is 00:19:99:86:E9:62
IP Address is static
IP address: 192.168.1.250
DNS servers:
192.168.1.250 (server2008.breg.local.) [Valid]
127.0.0.1 (server2008.breg.local.) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: d.root-servers.net. IP: 2001:500:2d::d [Invalid (unreachable)]
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
TEST: Delegations (Del)
Delegation information for the zone: BREG.local.
Delegated domain name: _msdcs.BREG.local.
DNS server: server2008.breg.local. IP:192.168.1.250 [Valid]
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in zone BREG.local
[Error details: 9017 (Type: Win32 - Description: DNS bad key.)]
Test record dcdiag-test-record deleted successfully in zone BREG.local
TEST: Records registration (RReg)
Network Adapter
[00000007] Intel(R) 82566DM-2 Gigabit Network Connection:
Matching CNAME record found at DNS server 192.168.1.250:
cb30439d-35e0-4add-ae6c-e7f281295520._msdcs.BREG.local
Matching A record found at DNS server 192.168.1.250:
server2008.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.221dc40b-9d51-48cf-a3a3-e3daf251197f.domains._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._udp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kpasswd._tcp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.Default-First-Site-Name._sites.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.Default-First-Site-Name._sites.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.gc._msdcs.BREG.local
Matching A record found at DNS server 192.168.1.250:
gc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_gc._tcp.Default-First-Site-Name._sites.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.pdc._msdcs.BREG.local
Matching CNAME record found at DNS server 192.168.1.250:
cb30439d-35e0-4add-ae6c-e7f281295520._msdcs.BREG.local
Matching A record found at DNS server 192.168.1.250:
server2008.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.221dc40b-9d51-48cf-a3a3-e3daf251197f.domains._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._udp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kpasswd._tcp.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.Default-First-Site-Name._sites.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_kerberos._tcp.Default-First-Site-Name._sites.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.gc._msdcs.BREG.local
Matching A record found at DNS server 192.168.1.250:
gc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_gc._tcp.Default-First-Site-Name._sites.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.BREG.local
Matching SRV record found at DNS server 192.168.1.250:
_ldap._tcp.pdc._msdcs.BREG.local
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:2d::d (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:3::42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:7fd::1 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:7fe::53 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:dc3::35 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.168.1.250 (server2008.breg.local.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.BREG.local. is operational on IP 192.168.1.250
DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
DNS server: 199.7.83.42 (l.root-servers.net.)
All tests passed on this DNS server
DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: BREG.local
server2008 PASS PASS PASS PASS WARN PASS n/a
......................... BREG.local passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite -
Forest trust unable to find Active Directory Domain Controller
I have two domains with a two-way forest trust. We'll call them ForestA and ForestB. They're on seperate subnets. ForestA's DCs are in one physical location. ForestB's DCs are in two locations, one of which is shared with A.
I'm unable to route traffic directly from the remote DC in ForestB to the subnet ForestA is on, so I created a new DC in ForestA that sits on the subnet ForestB uses (basically, I can't route between subnets via the wireless bridge between locations, but
can within the same location).
I found this: http://www.neomagick.net/zen/2008/11/30/using-dns-to-force-a-domain-trust-through-a-specific-domain-controller-dc/
I followed the instructions to set the new DC in forest A to be the only one the remote DC in forest B was aware of.
Nslookup ForestA.com resolves correctly to this DC, but I'm unable to validate the trust relationship, getting the error:
"Windows cannot find an Active Directory Domain Controller for the ForestA.com domain. Verify that an AD DC is available and then try again."
I'd appreciate any help.In the event viewer, have you found any event id's that corrospond with this error? Have you ensured all ports required are open? Windows firewall is correctly setup? NIC is properly configured?
Statement below taken from: http://technet.microsoft.com/en-us/library/cc961803.aspx
If you receive the following error, ERROR_NO_LOGON_SERVERS while using the Nltest tool to query the secure channel, this is usually indicative of the inability to find a domain controller for that domain. Run nltest /dsgetdc: < DomainName > : to verify
whether you can locate a domain controller. If you are unable to find a domain controller examine DNS registrations and network connectivity.
ADDS Ports:
http://msdn.microsoft.com/en-us/library/dd772723(v=ws.10).aspx -
How to find/replace existing certificates before decommissioning certificate authority?
We plan to decommission a multi-use server that also contains our internal certificate authority and replace it with new dedicated CA servers in a more secure design (offline root CA etc.).
Before we decommission our existing CA servers, how do we find a list of all the issued certificates that are still valid?
We would need replace all those old certificates with new certificates from our new CA so the applications that use them don't break when the old certificates are removed/revoked and before we remove the GPO setting that makes our current CA a trusted root
CA for our domain computers.on CA server you can filter issued certificates by "Certificate Expiration Date" column. In the Certification Authority MMC snap-in, select Issued Certificates folder, then click View -> Filter. Add a filter that would filter certificates
where "Certificate Expiration Date" is greater than current date.
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell FCIV tool. -
Does a domain controller need a certificate
Hi,
I have a certificate related question. While checking the logs on our domain controller, I discovered a certificate problem. In the Personal store is a Domain controller Template certificate that expired last year. It was created by an
enterprise CA that no longer exists and was not properly removed from the domain. My question is: Is the certificate needed for anything? I inherited the administration of the domain and I am trying to clean it up.
Thansk
Ron Soulliard
Ron Soulliard Systems Administrator Polaris VenturesHi Ronald,
In addition to the Paul's input,
For your question Is the certificate needed for anything?,
It depends on your security requirement, such as the level of confidential information you share through network.
Certificate appears to be useful for doing SSL/IPSec, providing wireless authentication, and for securing VPN.
Regarding Certificate Services, it allows you to create and manage "self signed" certificates.
It allows many security enhancements, but only to the point that any security service based on SSL certificates will be installed, configured, and enabled.
Also it allows you to be your own Certificate Authority, instead of purchasing a commercial SSL certificate.
Checkout the below thread dealing with the similar discussion,
Is Certificate Services necessary for a small domain?
Regards,
Gopi
JiJi
Technologies
Maybe you are looking for
-
How can I get my 25 pounds back. It's been stolen from my itunes account to buy KingdomConquest stuff. I' ve been hacked via itunes - I had a prepaid card in there. I work in it, am very careful, and this is the first time since 1985 when i starter u
-
PDF file gets corrupted when generated from BSP
Hi, I am generating a PDF file from a BSP page ( see the code below). The problem is that PDF file gets corrupted and I am unable to open it. I also tried to use other functions like GUI_Download and DOwnload as suggested by many and they also
-
Error message - Production order
Hello, I have a problem with Production Order. I have created a Planned Order. While I type a Planned Order number and Order Type, SAP shows an error: "Text ... ID PLPO language not found". Is this a problem of language settings in material or someth
-
Each line of a file to a single Idoc (one file to multiple IDoc)?
Hi Community, I have a flat file with many lines. Each of these lines has the same structure and has to fill a separate IDoc. How can I configure XI that it creates for each line a separate IDoc? I already found a blog to such a topic: File to Multip
-
Mac OS X 10.6.8 how to update, and download new version
My Mac OS X 10.6.8 keeps telling me I have updates, and if I want to download the updates I need to click instal and my computer will restart and install the updates. My computer will shut down, but when it restarts nothing has changed! I am new to