Removing Cert Server from AD

Question

Removing Cert Server from AD

My CA server crashed. It was used to deploy certs to messenger clients for live communication. I am no longer using live communication. I removed the server object from AD but my clients and servers envent logs have a lot of the following entries

Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x800706ba). The RPC server is unavailable.
DCOM was unable to communicate with the computer msgsvr01.mycompany.local using any of the configured protocols

What else do I need to remove form AD when removing a CA?

Thanks

active-directory

certificate

certificate-authority

asked on Server Fault Jun 25, 2009 by

Saif Khan

2 Answers

Have a look here: http://support.microsoft.com/kb/889250

I removed an Enterprise CA from an AD domain (Windows 2003) that I "inhertied" and started w/ a new Enterprise CA with no ill effects by following the directions in that article, then put in a fresh deployment that worked fine following. All-in-all, I felt it went very smoothly.

answered on Server Fault Jun 25, 2009 by

Evan Anderson

I would check your GPOs to make sure they arn't pushing an auto enrolment policy

User Settings -> Windows Settings -> Security -> Public Key Policies/AutoEnrollment policies

answered on Server Fault Jun 25, 2009 by

Zypher

User contributions licensed under CC BY-SA 3.0