Thanks, “So you have an internal PKI and DC2 is a CA?”
The only part of that I understand enough is this DC2 is not our CA. Environment: FR-DC1 FR-DC2 (this is our CA) SUB-DC1 (RADIUS server) SUB-DC2 Looking at the local computer cert store on SUB-DC1, the cert in question shows “Client Authentication, Server Authenticartion” for intended purposes, the cert template is “Domain Controller” and it was issued by SUB-DC2. Looking at the certificate path, it shows FR-DC02, then an expired SUB-DC2 under that and an expired SUB-DC1 under that Attempting to renew the cert with the same key I get “you do not have the permissions to request certificates from the available CAs”. I’m trying some fixes for that error but am coming up empty… Dave From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Monday, July 09, 2012 7:29 AM To: NT System Admin Issues Subject: Re: Expired DC cert So you have an internal PKI and DC2 is a CA? I don't know your specific configuration, but you shouldn't need to reboot after installing the new certificate. We recently did a similar configuration where our firewall devices need to use SSL for LDAP queries against our domain controllers. They all had expired certificates. We just deleted the old and installed the new. No reboot was required. YMMV Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com<mailto:> [cid:image001.jpg@01CD5DA5.A02070C0] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> From: David Lum <david....@nwea.org<mailto:david....@nwea.org>> To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Date: 07/09/2012 09:32 AM Subject: Expired DC cert ________________________________ We have a RADIUS server that is a DC (DC1), our wireless clients use PEAP and one of the settings is to validate the server certificate. Last week our wireless clients stopped authenticating because a server certificate expired. Looking at the DC’s local computer store \Personal\Certificate certs I see it shows an expired Personal certificate that was issued by DC2. Does this sound like the right cert to renew, and if so how do I go about renewing it w/out breaking the DC? I read one forum that said to simply delete the cert and reboot… David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>