Auto Enrolled DC certificate failed to publish

TheMSsForum.com: The Microsoft Software Forum

Due to a permissions issue my new certificate services deployment
didn't work as planned. All of my DC's autoenrolled but the certifiate
couldn't be published to the child domains. I believe the permissions
issue is now sorted, do I need to do anything to publish the existing
certificates or will they automatically publish to AD.

Thanks
Scott
Top

Re: Auto Enrolled DC certificate failed to publish by Brian

Brian
Mon Feb 26 16:33:14 CST 2007

In article <1172525906.277087.114010
@q2g2000cwa.googlegroups.com>,
scottflower@btinternet.com says...
> Due to a permissions issue my new certificate services deployment
> didn't work as planned. All of my DC's autoenrolled but the certifiate
> couldn't be published to the child domains. I believe the permissions
> issue is now sorted, do I need to do anything to publish the existing
> certificates or will they automatically publish to AD.
>
> Thanks
> Scott
>
>
It really depends on what you did to fix the problem
<G>. If you can use:
certutil -dcinfo -deleteall
to force deletion of the existing DC certs and force
enrollment of new certs
Brian
Top

Re: Auto Enrolled DC certificate failed to publish by scottflower

scottflower
Tue Feb 27 03:13:07 CST 2007

On Feb 26, 10:33 pm, Brian Komar [MVP] <bko...@nospam.identit.ca>
wrote:
> In article <1172525906.277087.114010
> @q2g2000cwa.googlegroups.com>,
> scottflo...@btinternet.com says...> Due to a permissions issue my new certificate services deployment
> > didn't work as planned. All of my DC's autoenrolled but the certifiate
> > couldn't be published to the child domains. I believe the permissions
> > issue is now sorted, do I need to do anything to publish the existing
> > certificates or will they automatically publish to AD.
>
> > Thanks
> > Scott
>
> It really depends on what you did to fix the problem
> <G>. If you can use:
> certutil -dcinfo -deleteall
> to force deletion of the existing DC certs and force
> enrollment of new certs
> Brian

The permissions issue resolved, it think, by adding Cert Publishers
fro the root domain to Cert Publishers in the child domains.

I am unable to run Certutil -dcinfo -deleteall

Thanks
Scott

Top

Re: Auto Enrolled DC certificate failed to publish by scottflower

scottflower
Tue Feb 27 06:03:09 CST 2007

On Feb 27, 9:13 am, scottflo...@btinternet.com wrote:
> On Feb 26, 10:33 pm, Brian Komar [MVP] <bko...@nospam.identit.ca>
> wrote:
>
>
>
>
>
> > In article <1172525906.277087.114010
> > @q2g2000cwa.googlegroups.com>,
> > scottflo...@btinternet.com says...> Due to a permissions issue my new certificate services deployment
> > > didn't work as planned. All of my DC's autoenrolled but the certifiate
> > > couldn't be published to the child domains. I believe the permissions
> > > issue is now sorted, do I need to do anything to publish the existing
> > > certificates or will they automatically publish to AD.
>
> > > Thanks
> > > Scott
>
> > It really depends on what you did to fix the problem
> > <G>. If you can use:
> > certutil -dcinfo -deleteall
> > to force deletion of the existing DC certs and force
> > enrollment of new certs
> > Brian
>
> The permissions issue resolved, it think, by adding Cert Publishers
> fro the root domain to Cert Publishers in the child domains.
>
> I am unable to run Certutil -dcinfo -deleteall
>
> Thanks
> Scott- Hide quoted text -
>
> - Show quoted text -

I think I have fixed this by getting the DC to renew their certs.

Thanks

Top