Removing Cert Server from AD


My CA server crashed. It was used to deploy certs to messenger clients for live communication. I am no longer using live communication. I removed the server object from AD but my clients and servers envent logs have a lot of the following entries

  1. Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x800706ba). The RPC server is unavailable.

  2. DCOM was unable to communicate with the computer msgsvr01.mycompany.local using any of the configured protocols

What else do I need to remove form AD when removing a CA?


asked on Server Fault Jun 25, 2009 by Saif Khan

2 Answers


Have a look here:

I removed an Enterprise CA from an AD domain (Windows 2003) that I "inhertied" and started w/ a new Enterprise CA with no ill effects by following the directions in that article, then put in a fresh deployment that worked fine following. All-in-all, I felt it went very smoothly.

answered on Server Fault Jun 25, 2009 by Evan Anderson

I would check your GPOs to make sure they arn't pushing an auto enrolment policy

User Settings -> Windows Settings -> Security -> Public Key Policies/AutoEnrollment policies

answered on Server Fault Jun 25, 2009 by Zypher

User contributions licensed under CC BY-SA 3.0