Invalid Domain Controller Certificate

Discussion in 'Windows Server' started by HJ, Mar 23, 2005.

  1. HJ

    HJ Guest

    Dear all,

    I have installed Windows Server 2003 and configured it for Smart Card Logon.
    That is, the server has a Domain Controller role; and had Certificate
    Services installed. The server is the Enterprise Root CA.

    Everything worked for two days.

    After two days, I found that the Smart Card Logon does not work. There are
    two events in the System Event Log:

    Event Type: Error
    Event Source: Kerberos
    Event Category: None
    Event ID: 9
    Date: 3/17/2005
    Time: 5:28:42 PM
    User: N/A
    Computer: SYSIM
    Description:
    The client has failed to validate the Domain Controller certificate for
    sysim.imdom.local. The following error was returned from the certificate
    validation process: The revocation function was unable to check revocation
    because the revocation server was offline.


    Event Type: Warning
    Event Source: KDC
    Event Category: None
    Event ID: 20
    Date: 3/17/2005
    Time: 5:27:26 PM
    User: N/A
    Computer: SYSIM
    Description:
    The currently selected KDC certificate was once valid, but now is invalid
    and no suitable replacement was found. Smartcard logon may not function
    correctly if this problem is not remedied. Have the system administrator
    check on the state of the domain's public key infrastructure.

    Any help is appreciated. Thanks.
     
    HJ, Mar 23, 2005
    #1
    1. Advertisements

  2. HJ

    Todd J Heron Guest

    Services installed. The server is the Enterprise Root CA. Everything worked
    for two days. After two days, I found that the Smart Card Logon does not
    work. There are two events in the System Event Log" <snipped>

    Was this domain previously renamed?
     
    Todd J Heron, Mar 23, 2005
    #2
    1. Advertisements

  3. HJ

    HJ Guest

    No, this is a fresh installation.
     
    HJ, Mar 24, 2005
    #3
  4. HJ

    Svatos, Jan Guest

    I have similar problem.
    If domain WAS renamed, what it means?
     
    Svatos, Jan, May 16, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.