Problem with certificate in AD

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I'm quite lost on this at the moment, I'd be appreciative if someone
knew how to get out of this one:

I setup certificate services on the DC in my development domain. In
trying to troubleshoot why one of my developers couldn't get his app to
pull the certificate, I ended up doing the following which screwed me:

-Revoked the cert from the server side
-Uninstalled certificate services (In optional components wizard)
-Reinstalled certificate services

Now, his app (using JVM) throws back an error that references the old
certificate when handshaking with active directory on port 636. I've
deleted every reference I can find to this, but aparently something in
AD is still refering to this old certificate. (We have created a new
one and imported it in his java console, but still the same problem
exists)

I GREATLY appreciate any insight on this.

Cheers,
-James

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

<james.cavenaugh@gmail.com> wrote in message
news:1103045775.877185.265320@c13g2000cwb.googlegroups.com...
> I'm quite lost on this at the moment, I'd be appreciative if someone
> knew how to get out of this one:
>
> I setup certificate services on the DC in my development domain. In
> trying to troubleshoot why one of my developers couldn't get his app to
> pull the certificate, I ended up doing the following which screwed me:
>
> -Revoked the cert from the server side
> -Uninstalled certificate services (In optional components wizard)
> -Reinstalled certificate services

Boy, that sounds like overkill for what seems to
have been an application problem.

> Now, his app (using JVM) throws back an error that references the old
> certificate when handshaking with active directory on port 636. I've
> deleted every reference I can find to this, but aparently something in
> AD is still refering to this old certificate. (We have created a new
> one and imported it in his java console, but still the same problem
> exists)
>
> I GREATLY appreciate any insight on this.

You might go through his security store (MMC on the
user machine) and remove all of the revoked certificates
and insure the machine has all of the NEW trust certs
(from the new CS.)

--
Herb Martin


>
> Cheers,
> -James
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

On your Domain controllers take a look at the certificate store as well as
the trusted CA's. Delete the references to the old CA and the certificates
it issued.

Make sure that the new CA is working and AD integrated.

Import the CA chain into the servers to be sure.

Make sure that the client machine has the CA chain and a machine level
certificate.
----------------------------------------------------------------------------
-----
If that doesn't work...
1. Uninstall the CA, but keep the Chain and server Certificates on disk,
just in case.
2. Reboot the server
3. Remove all references to the old CAs and its certificates
4. Remove all references to the old CAs and its certificates on the
workstation
5. Boot the server
6. Reinstall the AD Integrated Enterprise Root CA... the domain and servers
will issue themselves new certificates

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

<james.cavenaugh@gmail.com> wrote in message
news:1103045775.877185.265320@c13g2000cwb.googlegroups.com...
> I'm quite lost on this at the moment, I'd be appreciative if someone
> knew how to get out of this one:
>
> I setup certificate services on the DC in my development domain. In
> trying to troubleshoot why one of my developers couldn't get his app to
> pull the certificate, I ended up doing the following which screwed me:
>
> -Revoked the cert from the server side
> -Uninstalled certificate services (In optional components wizard)
> -Reinstalled certificate services
>
> Now, his app (using JVM) throws back an error that references the old
> certificate when handshaking with active directory on port 636. I've
> deleted every reference I can find to this, but aparently something in
> AD is still refering to this old certificate. (We have created a new
> one and imported it in his java console, but still the same problem
> exists)
>
> I GREATLY appreciate any insight on this.
>
> Cheers,
> -James
>