How do I enroll again revoked certificates in Windows SBS 2011 Essentials?
-
Thursday, December 13, 2012 8:42 AM
I revoked (cease of operation) a CA certificate by mistake form the issued certificates - Active Directory Certificate Services. It was exactly the Windows Server Solution Computer Certificate Template for the domain controller - Windows SBS 2011 Essentials.
Now I think I have issues connected to that... No users and no information for the computers in the dashboard.
How can this certificate be issued again or unrevoked?
Thank you in advance!
Encho
All Replies
-
Thursday, December 13, 2012 11:34 AMModerator
I dont beleive you can unrevoke a certificate, but you should be able to get a new one.
Where exactly did you do whatever it is you did?
Do you have screen shots?
Do you have a backup of the server?
Edit - actually i just checked this.
It seems you can indeed unrevoke a certificate.
Open the Certificate Authority MMC, go to the Revoked Certificates section, find the certificate you want to unrevoke and right click it, then chose unrevoke.
But i am still a little unclear on exactly what it is you did.
Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk
- Edited by RobertPearmanMVP, Moderator Thursday, December 13, 2012 11:35 AM
- Edited by RobertPearmanMVP, Moderator Thursday, December 13, 2012 11:36 AM
-
Thursday, December 13, 2012 3:23 PM
Thank you!
I already tried to unrevoke, but it does not work if the reason for revoking is "Cease of Operation". It works only for "Hold".
I revoked the wrong certificate exactly in the MMC from Issued Certificates.
There are many certificates from the Windows Server Solution Computer Certificate Template for each PC in the network including the domain controller. I revoked exactly the one for the domain controller and I guess it causes the problems I have with the dashboard at the moment. There are no users in the dashboard, the domain controller is missing in the list with computers and all standard PCs are just gray. I do no see their status...
Edit - Yes, I have daily backup. I am actually thinking of using one from the last days.
Encho
- Edited by Encho Hristov Thursday, December 13, 2012 3:28 PM Answer missed
-
Thursday, December 13, 2012 3:48 PMModerator
if it is just the domain controller cert, you should be able to request a new one - from the MMC Certififcates snapin.
You may then need to run a powershell command to reimport the server into the dashboard.
Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk
-
Thursday, December 13, 2012 3:52 PM
1) Create a cert for you DC using the below article:
http://technet.microsoft.com/en-us/library/cc753127(v=ws.10).aspx
2) Try and import the cert to your dashboard using the below steps:
a.) Launch C:\Program Files\Windows Server\Bin\WssPowerShell.exe with elevated rights.
b.) Type Add-WssLocalMachineCertRelaunch the dashboard and post back the results.
Thanks & Regards, Naga Santosh EPS(SBS)
- Proposed As Answer by Naga Santosh - EPS(SBS) Thursday, December 13, 2012 3:53 PM
- Marked As Answer by Encho Hristov Thursday, December 13, 2012 5:27 PM
-
Thursday, December 13, 2012 4:26 PM
Thank you, Naga!
I managed the first part. The self-signed cert is not the one I need.
Here is the situation I have:
https://www.dropbox.com/s/idbtvhaui95hlkm/Revoked_Certificate.jpg
The FILESERVER has the certificate, but it is revoked by the certification authority IPS-FILESERVER-CA. I hope it gets clear from the printscreen.
Any ideas?
Encho
- Edited by Encho Hristov Thursday, December 13, 2012 4:43 PM typing
-
Thursday, December 13, 2012 4:42 PM
I also tried to renew the certificate in the IIS Manager with my DC as a certification authority IPS-FILESERVER-CA, but it did not work:
The certificate request was submitted to the certification authority, but not issued. Request was denied.
I was hoping this could work, but it probably does not, because the certificate is revoked by the certification authority IPS-FILESERVER-CA
-
Thursday, December 13, 2012 5:13 PM
Below are the certificates on my working machine:
Thanks & Regards, Naga Santosh EPS(SBS)
-
Thursday, December 13, 2012 5:25 PMModerator
I have never used the IIS method myself..
I would use the MMC > Certificates - Local computer > personal store - to request a new certificate for your DC.
Start > MMC > Add / Remove Snapin > Certificates > Local Computer>
Expand Personal >
Right click details pane 'request new certificate'
Policy - Configured by your Administrator > next
Chose Domain Controller > click Enroll.Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk
-
Thursday, December 13, 2012 5:27 PM
Naga,
thank you very much!
It totally worked. The second point in your previews answer included the users and the DC in the dashboard and also issued automatically the required certificate.
The only thing left is that I sill do not see the status of the connected computers?
Could this be about a certificate?
Encho
- Edited by Encho Hristov Thursday, December 13, 2012 5:28 PM typing
-
Thursday, December 13, 2012 5:28 PMModeratorAre they showing up in the dashboard at all, even with no status?
Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk
- Edited by RobertPearmanMVP, Moderator Thursday, December 13, 2012 5:28 PM
-
Thursday, December 13, 2012 5:42 PM
Are they showing up in the dashboard at all, even with no status?
Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk
Yes, they are all there.
Only domain controller is online. All the others - offline.
- Edited by Encho Hristov Thursday, December 13, 2012 5:46 PM new info
-
Thursday, December 13, 2012 6:12 PM
Awesome!! I started on good note then :)
Offline status mighr be due to different reason. Please check the below link for understading this better:
Did they ever showed online on dashborad. If not try to run the http://connect again and use Domain admin credentials on your client machine to see what happens.
Let me know the results.
Thanks & Regards, Naga Santosh EPS(SBS)
- Edited by Naga Santosh - EPS(SBS) Thursday, December 13, 2012 6:14 PM Typo
- Proposed As Answer by Naga Santosh - EPS(SBS) Thursday, December 13, 2012 6:18 PM
-
Friday, December 14, 2012 9:00 AM
Awesome!! I started on good note then :)
Offline status mighr be due to different reason. Please check the below link for understading this better:
Did they ever showed online on dashborad. If not try to run the http://connect again and use Domain admin credentials on your client machine to see what happens.
Let me know the results.
Thanks & Regards, Naga Santosh EPS(SBS)
Everything was fine until this certificate problem. I am trying now to reconnect one station and having trouble with that, but should be ok.
When I was trying to solve the certificate problem, I also did all pending SBS updates. I guess something went wrong with that. I also configured the remote access (mymame.remotewebaccess.com).
Encho
-
Friday, December 14, 2012 9:44 AM
Reconnecting a computer solves the second problem.
I was hoping for an easier solution.
Encho
-
Friday, December 14, 2012 3:08 PM
This is the only way I suppose since we need to run this app after we make changes on serve which might change the status of client machines on dashboard. So it is like we are reconfiguring it.. so was the reason I asked you to run this and if it ran fine then you sould probably should not have any other issues :)
Thankyou for your response!
Thanks & Regards, Naga Santosh EPS(SBS)
- Proposed As Answer by Naga Santosh - EPS(SBS) Tuesday, December 18, 2012 7:41 PM
.png)
