Revocation status of DC can't be verified

Posted by DotGeorge on Server Fault See other posts from Server Fault or by DotGeorge
Published on 2012-10-19T10:04:11Z Indexed on 2012/10/20 23:05 UTC
Read the original article Hit count: 590

Filed under:

domain-controller

|

pki

|

smartcard

|

crl

A Domain Controller within my forest was working fine (as the story usually goes).

Then, suddenly, I can't logon with my smart card. Instead, I'm greeted with the following message:

The system could not log you on. The revocation status of the domain controller certificate used for smart card authentication could not be determined.

I literally have no idea what's happened here. As an attempted quick fix, I removed the root certificate which issued the Smart Card's certificate from the CA of both the client and DC. Then imported a newly exported one from the DC in question. Same issue.

I've spotted a number of related articles on Microsoft's forums and a HP support document. Each don't really shed much light as it's a generic error message apparently.

Having said all of this, other smart cards (issued from other DCs) work fine. So I have no idea what's up with this one.

© Server Fault or respective owner

Related posts about domain-controller

Windows Clients: Windows or Linux Domain Controller?

as seen on Server Fault - Search for 'Server Fault'
I'm planning to set up a domain controller for our small computer laboratory. I'm a little confused as to what operating system to use for our domain controller. What's in the lab: The lab has 25 units running a mix of Windows 7 and Windows XP. The domain controller will only have 2GB of RAM running… >>> More
Why does a Domain Controller have a public IP

as seen on Server Fault - Search for 'Server Fault'
Just wondering why a Domain Controller has a public IP address? >>> More
Multi-Role Domain Controllers for Small Offices (< 50 clients)

as seen on Server Fault - Search for 'Server Fault'
Warning: I'm a Linux/*NIX admin so this is all new to me. I understand that it's not considered a good idea to have only a single domain controller, and that it is also probably a good idea for a domain controller to only do AD/DHCP/DNS (Here). We have two offices, location A with 30 users and location… >>> More
Can't add client machine to windows server 2008 domain controller

as seen on Server Fault - Search for 'Server Fault'
A bit of background before I dive into the gritty details: I have a single server running Windows 2003 Server where I host my ASP.net website and SQL Server + Reports. I've been creating ordinary windows user accounts to authenticate my users, and I enabled integrated windows authentication with… >>> More
Windows 2003 Domain Controller Very Upset about NIC Teaming

as seen on Server Fault - Search for 'Server Fault'
I set up BACS (Broadcom Teaming) to team two NIC on a Windows 2003 Active Directory Domain Controller. Networking still works okay, I can ping the gateway etc, but both DNS and Active Directory fail to start with various 40xx errors. The team that I created is Smart load Balancing with Failover… >>> More

Related posts about pki

Microsoft PKI or PKI Vendor ?

as seen on Super User - Search for 'Super User'
I have a question related to PKI Infrastructure , should an organization go with Microsoft PKI or an independent separate PKI Infrastructure ? Is there any licensing restrictions if I user Microsoft PKI Infrastructure ? Or should I get an independent PKI infrastructure from a vendor that offer PKI… >>> More
Microsoft PKI or PKI Vendor ?

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a question related to PKI Infrastructure , should an organization go with Microsoft PKI or an independent separate PKI Infrastructure ? Is there any licensing restrictions if I user Microsoft PKI Infrastructure ? Or should I get an independent PKI infrastructure from a vendor that offer PKI… >>> More
PKI Issuing CA on Domain Controllers

as seen on Server Fault - Search for 'Server Fault'
I am setting up a PKI which will initially be used internally. As we may grow our use of this I have opted for a three tier hierarchy - Offline Root and Policy CAs (one Policy CA at the moment for internal use), and online issuing CAs. We had initially discussed using our Domain Controllers as the… >>> More
Inscription automatique de certificats avec une PKI sous Windows Server 2008 R2, par Michaël Todorov

as seen on Developper.com - Search for 'Developper.com'
Cet article va vous permettre d'apprendre à configurer l'inscription automatique de certificats pour vos utilisateurs et ordinateurs sous Windows Server 2008 R2. >>> More
Using SSL on slapd

as seen on Server Fault - Search for 'Server Fault'
I am setting up slapd to use SSL on Fedora 14. I have the following in my /etc/openldap/slapd.d/cn=config.ldif: olcTLSCACertificateFile: /etc/pki/tls/certs/SSL_CA_Bundle.pem olcTLSCertificateFile: /etc/pki/tls/certs/mydomain.crt olcTLSCertificateKeyFile: /etc/pki/tls/private/mydomain.key olcTLSCipherSuite:… >>> More