I have two Windows 2008 R2 domain controllers running in native mode. The DC holding the all the primary roles is logging Event ID 64 on a regular basis: Certificate for local system with Thumbprint 39 9a 96 63 93 bc ae da dd ff 48 ed c8 87 8b ec f8
16 f1 16 is about to expire or already expired.
When I go to the certificates snap in and look under the Personal Certificates, I find that the thumbprint matches the certificate for 'servername.internaldomain.com and is issues by VeriSign Class 3 Secure Server CA - G3. The certificate expires on 6/15/2013.
I do NOT have a CA installed on this network, and I checked my account with VeriSign and this certificate is not listed. So I'm assuming this is actually a self generated certificate from when the server was built. I was going to ignore this
message and assume it will auto-renew itself, but yesterday I started getting Event ID 1220 errors:
"LDAP over Secure Sockets Layer (SSL) will be unavailable at this time because the server was unable to obtain a certificate. 8009030e No credentials are available in the security package"
I'm not sure if these two errors are related. I tried to renew the certificate identified by the Event ID 64 but I get the error: "Enrollment Error - The request contains no certificate template information." Because I don't have a CA I don't have anywhere to check template information.
I am also seeing Event ID 36886: "No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this."
Can anyone help me figure this out?
Thanks,
Joe