Is the CA still active or is it dead and gone? On 10/15/09, Martin Blackstone <[email protected]> wrote: > So I'm seeing this on my DC's: > > The currently selected KDC certificate was once valid, but now is invalid > and no suitable replacement was found. Smartcard logon may not function > correctly if this problem is not remedied. Have the system administrator > check on the state of the domain's public key infrastructure. The chain > status is in the error data. > > > > So I saw this as a possible solution: > > A problematic CA and old data in the Active Directory PKI Container may also > cause this problem on a Windows 2003 domain. Use PKIview.msc from the > Windows 2003 Resource kit to check the status of the CA. This can occur if > the CA is removed from the network and a new one is added. > > 1) Install rktools, run the Microsoft Management Console, and add the > standalone snap-in "Enterprise PKI". > 2) Expand the console tree in the scope pane, click on your CA, and verify > that all entries report OK. If there is a problem, then this may be the > cause. If the ones reporting bad are http://, verify that IIS 6.0 is > configured properly and that anonymous access is granted to the CertEnroll > website. > 3) Next, right click "Enterprise PKI" in the scope pane and choose "Manage > AD Containers". Check each tab and remove any old CA information. > 4) Reboot your server. > > > > > > So when I look in there, under the CDP container, there is a CA called > Trace3 CA that is expired. > > Now what will happen if I delete this thing for real? Is there going to be a > problem? Why isn't there a new one? > > What is this thing for? > > Questions, questions.. > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
-- Sent from my mobile device ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
