Certificate Authority

Computer Gladiator 106 Reputation points
2021-12-06T18:20:57.227+00:00

Hello, I am surprised to suddenly see the following event id 53. I saw the first event 2 days ago

Active Directory Certificate Services denied request 25 because The certificate template renewal period is longer than the certificate validity period. The template should be reconfigured or the CA certificate renewed. 0x80094814 (-2146875372 CERTSRV_E_CERT_TYPE_OVERLAP). The request was for CN=<server>. Additional information: Denied by Policy Module Renewing a certificate with the DomainController Certificate Template failed because the renewal overlap period is longer than the certificate validity period.

In the Certificate Authority Console, the Failed requests show "Denied by Policy Module Renewing a certificate with the DomainController Template failed because the renewal overlap.......

Is the following article the solution?
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc780374(v=ws.10)
Don't I have experienced this before.

Thank you

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,683 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Vadims Podāns 8,856 Reputation points MVP
    2021-12-07T08:02:47.617+00:00

    Yes, referenced link is the right solution and you have to renew your CA certificate.

    0 comments No comments

  2. Computer Gladiator 106 Reputation points
    2021-12-08T17:53:22.477+00:00

    I attempted to renew the cert without an error. But I do not see the cert with a later expiration date under Issued Certificates. How can I tell if the cert is renewed? Thank you

    0 comments No comments

  3. Vadims Podāns 8,856 Reputation points MVP
    2021-12-09T07:59:59.337+00:00

    It won't show in issued certificates, because it isn't really issued, it is self-generated. In CA MMC (certsrv.msc), select CA node, right-click and select Properties. There you will see new incremented certificate. General tab lists all previous CA certificates.

    0 comments No comments