Replaced Local CA and Months Later LDAPS Not working due to FQDN Certificate being issued by old CA on new DC / CA RRS feed

  • Question

  • I replaced an old 2008 Backup Domain Controller and CA (Non-Enterprise) server with a 2016 Server instance.  It worked for months and now out of the blue, LDAPS will not authenticate externally but works from the local server.  I am receiving the following error on the client side when attempting to authenticate:

    The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.

    Upon looking at the certificate being used, it was issued by the old CA server that is no longer accessible or in use.

    Can anyone point me in the right direction for the process to properly issue a new one?

    I attempted to renew the certificate but received the error: The permissions on this certification authority do not allow the current user to enroll in certificates.  A valid CA configured to issue certificates based on this template cannot be located or the CA does not support this operation, or the CA is not trusted.

    When loading Certificate Authority in MMC, i am noticing that under Certificate Templates, i do receive an error saying Template information could not be loaded and element not found.  It's also loading the old certificate server instead of the new one i have specified by hostname.
    • Edited by Steve3712 Wednesday, August 12, 2020 4:13 PM more information added
    Wednesday, August 12, 2020 3:33 PM