All-
I am building a two tier PKI infrastructure for a client of mine. The root CA server is completely segregated from the network and will be for life. I've setup the Root CA CDP extentions to publish to HTTP, LDAP and c:\windows\system32\certsrv\certenroll. Unfortunately everytime I try to publish a new CRL, I receive errors stating it cannot connect to a domain controller, which I already know is true.
Here is the error:
C:\Users\Administrator>certutil -CRLCertUtil: -CRL command FAILED: 0x80070547 (WIN32: 1351) CertUtil: Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.
How do I eliminate this error. I can of course remove the cdp extension and create a new CRL but then the ldap extension would not be located in the CRL. Catch 22.
BR