First off all servers are 2008R2 (latest updates installed) w/Forest-Domain 2008R2, all CAs (RCA, SCA) are installed on DCs that are VMs (HyperV 2008R2). I utilize SCM 2.5 for GPO settings on the DCs (don't know if potential issues due to security
settings?).
Initially set up w/out issue and ran fine. Poking around my server yesterday and noticed that I have errors showing up on Enterprise PKI.
SCA has the following Unable To Download errors showing:
AIA Location #2 http://wwwca/CertEnroll/serverName.domain.local_serverName-SCA.crt
DeltaCRL Location #2 http://wwwca/CertEnroll/serverName-SCA.crl
CDP Location #2 http://wwwca/CertEnroll/serverName-SCA.crl
RCA has the following Unable To Download errors showing:
AIA Location #1 http://wwwca/CertEnroll/serverName-RCA.crt
CDP Location #1 http://wwwca/CertEnroll/serverName-RCA.crl
All other locations in SCA register as OK, no other locations are set up in the RCA. When I try to access http locations via IE/FF, I get Error 500 - Internal Server Error. Checked the authentication on the CertEnroll folder in IIS and everything is disabled except for Anonymous Authentication which is Enabled.
RCA has Certification Authority and Certification Authority Web Enrollment installed, where my SCA has Certificate Authority, Certification Authority Web Enrollment, and Certificate Enrollment Policy Web Service installed.
Certificates are being issued successfully and the servers both have the green checks on them, it's just the Enterprise PKI node that shows with the redX. I don't know if this is posing a major issue/risk? I'd rather not let it sit obviously. Any thoughts on how to resolve this issue? I've read some of the other posts and none really apply to my situation it seems.
Any help at all would be greatly appreciated.