Active Directory
A set of directory-based technologies included in Windows Server.
6,245 questions
Issue with 1 tier ADCS server PKIView showing errors Unable To Download
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 76%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
mpls
80
Reputation points
Good Day, me and our team inherited an AD and AD CS environment that was not looked after properly. We are looking to retire this AD CS but we are still using it for 802.1x Radius Auth with Wifi.
AD CS was discovered to be running on an old DC. The AD CS environment was backed up and restored to a new server which had a different hostname and I believe this was done properly as the CA still reference the old hostname along with the new one. Then the root cert needed to be renewed and it was with the existing pair.
We are currently seeing an issue with PKIView in regards to 1 CDP location and two DeltaCRL locations. All three of the ones showing error say Unable to Download. All items here are pointing to .crl files except for the AIA location. The URL's that the three items below with errors are all reachable from domain machines and are http paths to the ADCS server which is also running IIS. Again currently this server is a single tier domain server.
Here are the "unable to download" urls. Is it possible to fix this? Currently I think the biggest negative of this situation would be the machines are not turning in their expired or superceded certs which I can understand is a security issue
http://hostname.ourdomain.com/CertEnroll/CA.crl is CDP Location #1 and Delta CRL Location #1
[http://hostname.ourdomain.com/CertEnroll/CA+.crl] is Delta CRL Location #2 (also error)
Can we correct these bad CDP and Delta CRL issues