Posted by: Roger Crawford
Windows 2003, Windows 2003 Cert Services, Windows 2008 R2
Ran into an interesting problem this weekend as I was installing the Microsoft 2010 Lync Server at a customer’s site which I will talk about later. I was trying to connect to the 2003 Server Cert Server and was having problems. One was a DCOM error which was corrected by adding the permission to the component that was failing for the user I was using. After that was resolved I had to do MS Hotfix KB922706 because I was coming off a Windows 2008 R2 server. Once this was installed I found that the cert services was not running. From the error that was showing it was showing some expired certs which one of them was the Domain Controller Cert for the cert server here is the error.
“Certificate Services did not start: Could not load or verify the current CA certificate. mail A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).”
I checked the system time and that was good so I went into the Computer Certificate store and found 2 certs that had expired and as I mentioned one of them was the CA Root Cert. So I opened the Certificate Authority on the Cert Server and it had failures to open some of the pieces of this because of the service was not running. But it allowed me to right click on the server name and select Renew CA Certificate. Once I did that the services started and life was good again.
Till later just Roger