Archived from groups: microsoft.public.win2000.active_directory (
More info?)
I ran into a similar problem but it was in a test domain and I just built
the CA from production. You are in a different boat completely.
For starters I would review this, I THINK (Read think) this will do it for
you. Also read the last line of this note "AS IS." This is a point where
you should give contacting PSS a thought if you at all are concerned on
dorking up your AD.
http://support.microsoft.com/default.aspx?scid=kb;en-us;889250
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
"John" <John@discussions.microsoft.com> wrote in message
news:86B42ED8-BD6F-4428-BA90-9FD7B2350DF8@microsoft.com...
> This was installed before I arrived, the people who did this no longer
work
> here. There was definaltely a Certificate Server setup on the old DC but
I'm
> not sure what they were going to use it for. But we noticed it because of
the
> errors in our event log.
> We would like to upgrade to Windows 2003 but am not sure we can without
the
> CA, or if we tried what the impact would be. The person i work with
suggested
> creating a new AD domain then migrating everything and everyone to that
new
> domain since we have "lost" the CA but I'm hoping to avoid something like
> that.
> Is AD dependent on the CA or is there a way to find out if it is?
> Thanks for your help.
>
> "Paul Bergson" wrote:
>
> > Did you ever have a (Certificate Authority) CA in your domain? One
isn't
> > needed but believe (Going on memory) that once a CA is introduced into
your
> > AD, AD know longer generates them but looks to get them from the CA.
> >
> >
http://support.microsoft.com/default.aspx?scid=kb;en-us;231182
> >
> >
http://support.microsoft.com/default.aspx?scid=kb;en-us;298138#toc
> >
> > If you are missing your CA and you can re-introduce it, you can manually
> > re-request it for your DC. Just go into the local computer certificates
mmc
> > and re-request.
> >
> > --
> >
> > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> >
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> >
> >
> >
> > "John" <John@discussions.microsoft.com> wrote in message
> > news:6BCF0FEE-701B-4A49-A3D0-EFBB1290E87A@microsoft.com...
> > > We have a Windows 2000 Active Directory with 3 DCs.
> > > A while back the DCs were replaced, all of the FSMOs were moved to the
new
> > > DCs and the 2 DCs were removed.
> > > In the event logs we get an Event ID 1010 "Automatic enrollment
against
> > the
> > > certification authority "MY_DOMAIN_NAME" for a certificate of type
> > > DomainController has failed. "
> > > I assuming that the Certificate for our domain was not moved before
the
> > DCs
> > > were taken offline. Is this something that needs to be addressed?
> > > Can we create a new one without any impact to our Active Directory?
> > > Thanks
> >
> >
> >