Hello Kevin,
Do you talk about event id 20? Is the CA removed form the domain or changed
to another one?
Try:
certutil -dcinfo deleteBad
to remove the offending certificates. The DCs should then get new ones the
next time Autoenrollment runs...provided Certificate services are re-installed.
Also check this article:
http://www.actividentity.com/support...e.php?kbid=701
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
> I am getting the following warning on one of my Windows 2003 Active
> Directory
> Domain controllers. Is there a problem with my PKI and if so
> what should I do?
> "The currently selected KDC certificate was once valid, but now is
> invalid and no suitable replacement was found. Smartcard logon may
> not function correctly if this problem is not remedied. Have the
> system administrator check on the state of the domain's public key
> infrastructure.">
>
Linear Mode
