How to get domain controller certificate?

Question

How to get domain controller certificate?

techcoor 1,266

The dcdiag output is full of No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

     A warning event occurred.  EventID: 0x00009016

I like to clear this clutter.
https://social.msdn.microsoft.com/Forums/en-US/eef6a9cc-8d5d-4477-8b4c-49b1b0bd6498/no-suitable-default-server-credential-exists-on-this-system?forum=winserverDS
says I need a domain controller certificate. How do I get domain controller certificate?

Accepted answer

1 additional answer

Your answer

Answer 1

The fix was done by Dell Server support using Powershell command New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "ims.local" -FriendlyName "MySiteCertIMS" -NotAfter (Get-Date).AddYears(10)
https://community.blueprism.com/communities/community-home/digestviewer/viewthread?GroupId=547&MessageKey=1acee87c-c32e-454a-8d30-ba5b9fc09a32&CommunityKey=1b85da15-bf65-46d4-a6e0-fac4be151860&tab=digestviewer&ReturnUrl=%2Fcommunities%2Fcommunity-home%2Fdigestviewer%3FMessageKey%3D14d03f2a-ab67-4caa-ad51-b275a079e644%26CommunityKey%3Decea0082-1a23-4cd8-ab44-48e94657092e%26ReturnUrl%3D%252Fcommunities%252Fcommunity-home%252Fdigestviewer%253FMessageKey%253Df4cd130b-c811-4550-ac72-d8f01010f77e%2526CommunityKey%253D891bbd6b-b97a-418b-a7f5-475cdbcd9ca1

Then finding the newly created certificate using MMC under Console Root, Certificates (Local Computer), personal, certificates and copying to Trusted Root Certification Authorities, Certificates.

Answer 2

Vicky Wang 2,736

Do you have a CA in your environment? Are you using SSL to establish secure connections?

If no, just ignore the warning.

If yes, that means that no server certificate was found so you have to issue a certificate to this server.

https://learn.microsoft.com/en-US/troubleshoot/windows-server/networking/troubleshoot-missing-sysvol-and-netlogon-shares

Hope this information can help you
Best wishes
Vicky

techcoor 1,266 Reputation points

2021-06-30T17:00:02.547+00:00

There is no CA in the environment. Not using SSL to establish secure connections.
The problem is when I am trying to see what other issues dcdiag is showing then it is difficult because the dcdiag log is full of “No suitable default server credential exists on this system” Microsoft Q&A experts like asking for Dcdiag /v >c:\dcdiag1.log.

The Microsoft expert in https://social.msdn.microsoft.com/Forums/en-US/eef6a9cc-8d5d-4477-8b4c-49b1b0bd6498/no-suitable-default-server-credential-exists-on-this-system?forum=winserverDS says new security settings/options coming with the new OS version recommend that you have a DC secured with certificates, so the warning is a recommendation to think about.
Do you disagree with the above statement?

Not sure why the link https://learn.microsoft.com/en-US/troubleshoot/windows-server/networking/troubleshoot-missing-sysvol-and-netlogon-shares was given.

Share via

How to get domain controller certificate?

1 additional answer

Your answer