Hi,
Please bear with me as I am inexperienced when it comes to CA and DC's. I have been going through the Event Viewer on our only DC (Server 2003) and it keeps kicking out a few errors. I'm not aware of any issues we have other than the DC occasionally needing a restart due to a system hang, sometimes it can go months and other times it can go a few times within a week or so. I’ve put this down to the old, poor spec’d server more than anything else.
Error Events:
Event ID: 58 - A certificate in the chain for CA certificate 0 for mail.testdomain.com has expired. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).
This is then immediately proceeded by this: Event ID 100 - Certificate Services did not start: Could not load or verify the current CA certificate. mail.testdomain.com A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).
Event ID 2010 - The server certificate for instance '1' does not chain up to a trusted root certificate.
Event ID 36872 - No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.
Event ID 10010 - The server {D99E6E73-FC88-11D0-B498-00A0C90312F3} did not register with DCOM within the required timeout.
I've noticed the CA service is stopped, when I try to start it, very shortly after it stops. When I look into the CA authority directory it has one entry ofmail.testdomain.com which has the stopped icon over it, meaning it isn't running.
Now this Server is the DC but it used to be the Exchange 2003 Server before it was migrated many years ago. If I'm being honest I have no experience in this and am slightly concerned that if I do anything then it will cause me problems which I'm not sure I currently have. I was just wanting some expert opinion on what you think I should do, if I try to just renew the CA Cert to get rid of the error messages or just leave it and ignore the messages as it’s no longer required?
Any help would be greatly appreciated. I have no doubt left a lot of information unanswered so please let me know what (if any) further info you need to help me out.
Thanks :)