Re: removing Windows 2008 DC after demotion, time for ntdsutil

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Ace Fekay [Microsoft Certified Trainer]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 17 Jun 2009 20:06:57 -0400

"Edward Ray" <hunglikethor@xxxxxxxxxxxx> wrote in message news:OL9D3T27JHA.6084@xxxxxxxxxxxxxxxxxxxxxxx

Please also post any errors in the event logs of your DCs, and of your client machines relating to this.
Getting autoenrollment failures for certificate enrollment of new clients. demoted DC was also a certificate server.

Appreciate your continued help on this, but this may be a situation where I have to debug myself or start up an MSDN suppport session. This domin has been up and running since 2003 and has gone though many changes since then...

Ed

Ahh, it was a cert server. That explains it. It's reference is still in AD and needs to be manually removed at this point. I was hoping you would have posted the EventID# for the autoenrollment errors, but that's ok. Here are some links on the subject.

Removing a Certificate Authority:

Also, if you need to remove a CA (Certificate Authority) from the domain, Please read the following related articles:

How to remove manually Enterprise Windows Certificate Authority from Windows 2000/2003 Domain
http://support.microsoft.com/kb/555151

How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows Server 2000
http://support.microsoft.com/?id=889250

HOWTO: Move a certificate authority to a new server running on a 2003 or 2008 CA, Standard or Enterprise
http://directoryservicesconsulting.ca/index.php/2009/04/17/howto-move-a-certificate-authority-to-a-new-server-running-on-a-domain-controller/

HOWTO: Move a certificate authority to a new server running on a domain controller (2003).
http://support.microsoft.com/?id=555012

Ace

.

References:
- Re: removing Windows 2008 DC after demotion, time for ntdsutil
  - From: Edward Ray
- Re: removing Windows 2008 DC after demotion, time for ntdsutil
  - From: Ace Fekay [Microsoft Certified Trainer]
- Re: removing Windows 2008 DC after demotion, time for ntdsutil
  - From: Edward Ray

Prev by Date: Re: Active Directory - Internet Access Control
Next by Date: Re: User to UserProxy failed in some users
Previous by thread: Re: removing Windows 2008 DC after demotion, time for ntdsutil
Next by thread: ldap query with guid
Index(es):
- Date
- Thread

Relevant Pages

Re: Need help configuring Wireless Connection profile
... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
(microsoft.public.windowsxp.general)
Cannot sync Windows mobile with sbs2003 server
... Windows Mobile OS to the SBS2003 server at work so that he can read e-mails. ... What certificate do Microsoft recommend here, and where can this be bought? ...
(microsoft.public.pocketpc)
Re: Need help configuring Wireless Connection profile
... Now life is good in the Windows wireless world. ... now have a secure wireless setup within my small business server environment. ... "point" the info of the Radius authentication to your current Radius server. ... STEP #1 Install Certificate Services ...
(microsoft.public.windowsxp.general)
Re: EAP-TLS with windows CE
... credentials at the login prompt for Windows Server 2003 on the server ... The certificate is a public thing, ... When the server asks the Windows CE device to identify itself, ... I could easily steal your authentication information. ...
(microsoft.public.windowsce.platbuilder)
Re: EAP-TLS with windows CE
... Thanks for the quick response. ... Windows CE then prompts the wireless user for the ... to the AP which gets passed on to an authentication server (RADIUS or ... nothing to do with the contents of the certificate at all. ...
(microsoft.public.windowsce.platbuilder)