Auto Enrolled DC certificate failed to publish

Auto Enrolled DC certificate failed to publish
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Auto Enrolled DC certificate failed to publish scottflower 02-26-2007
Posted by on February 26, 2007, 4:38 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Due to a permissions issue my new certificate services deployment
didn't work as planned. All of my DC's autoenrolled but the certifiate
couldn't be published to the child domains. I believe the permissions
issue is now sorted, do I need to do anything to publish the existing
certificates or will they automatically publish to AD.

Thanks
Scott


Posted by Brian Komar [MVP] on February 26, 2007, 5:33 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
In article <1172525906.277087.114010
@q2g2000cwa.googlegroups.com>,
scottflower@btinternet.com says...
> Due to a permissions issue my new certificate services deployment
> didn't work as planned. All of my DC's autoenrolled but the certifiate
> couldn't be published to the child domains. I believe the permissions
> issue is now sorted, do I need to do anything to publish the existing
> certificates or will they automatically publish to AD.
>
> Thanks
> Scott
>
>
It really depends on what you did to fix the problem
<G>. If you can use:
certutil -dcinfo -deleteall
to force deletion of the existing DC certs and force
enrollment of new certs
Brian

Posted by on February 27, 2007, 4:13 am
If you were  Registered and logged in, you could reply and use other advanced thread options
wrote:
> In article <1172525906.277087.114010
> @q2g2000cwa.googlegroups.com>,
> scottflo...@btinternet.com says...> Due to a permissions issue my new
certificate services deployment
> > didn't work as planned. All of my DC's autoenrolled but the certifiate
> > couldn't be published to the child domains. I believe the permissions
> > issue is now sorted, do I need to do anything to publish the existing
> > certificates or will they automatically publish to AD.
>
> > Thanks
> > Scott
>
> It really depends on what you did to fix the problem
> <G>. If you can use:
> certutil -dcinfo -deleteall
> to force deletion of the existing DC certs and force
> enrollment of new certs
> Brian

The permissions issue resolved, it think, by adding Cert Publishers
fro the root domain to Cert Publishers in the child domains.

I am unable to run Certutil -dcinfo -deleteall

Thanks
Scott


Posted by on February 27, 2007, 7:03 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On Feb 27, 9:13 am, scottflo...@btinternet.com wrote:
> wrote:
>
>
>
>
>
> > In article <1172525906.277087.114010
> > @q2g2000cwa.googlegroups.com>,
> > scottflo...@btinternet.com says...> Due to a permissions issue my new
certificate services deployment
> > > didn't work as planned. All of my DC's autoenrolled but the certifiate
> > > couldn't be published to the child domains. I believe the permissions
> > > issue is now sorted, do I need to do anything to publish the existing
> > > certificates or will they automatically publish to AD.
>
> > > Thanks
> > > Scott
>
> > It really depends on what you did to fix the problem
> > <G>. If you can use:
> > certutil -dcinfo -deleteall
> > to force deletion of the existing DC certs and force
> > enrollment of new certs
> > Brian
>
> The permissions issue resolved, it think, by adding Cert Publishers
> fro the root domain to Cert Publishers in the child domains.
>
> I am unable to run Certutil -dcinfo -deleteall
>
> Thanks
> Scott- Hide quoted text -
>
> - Show quoted text -

I think I have fixed this by getting the DC to renew their certs.

Thanks


Similar ThreadsPosted
Unable to publish certificate to the GAL December 13, 2005, 4:42 pm
How to clear the Certificate Services "failed requests" log March 16, 2006, 1:56 pm
PKI User Certificate on Smart Card auto renewal ? August 29, 2007, 11:22 am
cdp publish August 1, 2005, 6:08 pm
Root CA cannot publish to CRL December 19, 2005, 12:42 pm
Publish CRL with a CNAME December 13, 2007, 6:36 am
subordinate ent CAs don't publish certs to AD after Win 2k3 SP1 July 23, 2005, 1:00 pm
Outlook 2003 + Can't Publish to GAL July 4, 2006, 7:27 am
ldap Publish CRLs to this location October 11, 2007, 10:09 am
Unable to publish certificates into Active Directory August 10, 2005, 6:38 am

The site map in XML format XML site map

Contact Us | Privacy Policy