none
Active Directory Show error 1400

    Question

  • Hello

        I check see all server AD had Warning code 1400

    Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.

     Certificate name: AD1.ANH.local

           what is problem , how to fix ? but all active directory server start normal

    Thanks

     
    Thursday, April 27, 2017 3:00 PM

All replies

  • Hi,

    Regarding the warning, you could start with the below links.

    Friday Mail Sack: Mostly Edge Case Edition

    https://blogs.technet.microsoft.com/askds/2010/08/13/friday-mail-sack-mostly-edge-case-edition/#adws

    Check the following sentence:

    “Only if you:

    1. You think you have a valid Server Authentication certificate.

    2. Want to use SSL to connect to ADWS.

    By default Windows Server 2008 R2 DC’s will log this warning until they get issued a valid server certificate (which you get for free once you deploy an MS Enterprise PKI, by getting a Domain Controller certificate through auto-enrollment). Once that happens you will log a 1401 and never see this warning again.

    If you think you have the right certificate (and in this case, the customer thought he did – it had EKU of Server Authentication (1.3.6.1.5.5.7.3.1), the right SAN, and chained fine), compare it to a valid DC certificate issued by an MS CA. You can do all this in a test lab even if you’re not using our PKI by just creating a default PKI “next next next” style and examining an exported DC certificate. When we compared the exported certificates, we found that his 3rd-party issued cert was missing a Subject entry, unlike my own. We theorized that this might be it – the subject is not required for a cert to be valid, but any application can decide it’s important and it’s likely ADWS does.”

    One similar thread:

    ADWS certificate warning 1400 despite valid certificate on all DC's

    https://social.technet.microsoft.com/Forums/office/en-US/21849a06-e89b-4c53-b4b4-bf0ba5087c0b/adws-certificate-warning-1400-despite-valid-certificate-on-all-dcs?forum=winserversecurity

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 28, 2017 1:13 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Sunday, May 7, 2017 5:28 AM
    Moderator