What are you trying to achieve -- just clean up the stale enrollment publication data in the directory and make the error go away? The KB article should largely suffice (the metadata in AD aren't too complicated), just proceed with caution. I've done this on numerous occasions when tidying up customers' ADCS cruft.
If you know that there are certs out there using a particular template, and you want to reissue them cleanly, you could supersede the template. Of course it's a bit tricky to know for sure as the old certificate database is toast. I have a tool kicking around somewhere that'll scan AD for published certs and reports on their validity, issuer, etc. Give me a yell if you think this would be handy here. --Steve On Mon, Jul 23, 2012 at 5:23 PM, David Lum <david....@nwea.org> wrote: > We have a DC that we rebuilt and apparently it was running certificate > services and we didn’t know about it until after the server was rebuilt. > > > > Details: > > 1. Running an MS tool it returns the result that “A certification > authority is inaccessible” and it tells us SUB-DC02 is the cert authority > that cannot be reached. > > 2. We rebuilt a SUB-DC02 a few months ago (old one died due to > hardware failure) and we didn’t know it was a certificate authority > > 3. The resolution suggested by the MS tool is this > http://support.microsoft.com/kb/889250 > > 4. The CA server we DO use and know about is ROOT-DC02. The > instructions in step 3 make it look like I am to do the steps on ROOT-DC02, > but I read is as “this is how you decommissions the CA gracefully” and not > “this is how you fix the removal of a CA that’s already gone” > > > > Thoughts? > > David Lum > Systems Engineer // NWEATM > Office 503.548.5229 // Cell (voice/text) 503.267.9764 > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
