question

NisseWest-9142 avatar image
0 Votes"
NisseWest-9142 asked DaisyZhou-MSFT commented

Removing Certificate Server

Hi
I am trying to promote a customers stand-alone server from a workgroup to a new domains domain controller but I found out that someone has already installed the Certificate Server on the server.
Now I can´t promote the server to a domain controller as I get an error message during the Prerequisites Check......

"Verification of prerequisites for Domain Controller promotion failed. Certificate Server is Installed"

I have been trying to find some type of workoround for this but I am not able to find any, all I has been told is that the you have to uninstall the AD CS before I can promote the server to a domain controller.
When trying to remove the AD CS role I get this error:

"The status of the role services on the target machine cannot be determinated. Please retry. The error is Connecting to remote server SERVER2017.local failed with the following error message: The WinRM client cannot process the request. If the autenthication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHost configuration settings. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. Fore more information, see the about_Remote_Troubleshooting Help topic.."


Can someone out there help me with this..... I am really stuck here...

/Nisse



windows-server-security
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Are you trying to remove role remotely?

0 Votes 0 ·

Hello @NisseWest-9142,
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.

Best Regards,
Daisy Zhou

0 Votes 0 ·

Hello @NisseWest-9142,
I just want to confirm the current situations.
Please feel free to let us know if you need further assistance.


Best Regards,
Daisy Zhou

0 Votes 0 ·

1 Answer

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered DaisyZhou-MSFT edited

Hello @NisseWest-9142,

Thank you for posting here.

1.What is the name of this stand-alone server?
2.What is the server SERVER2017.local?
3.What is the relationship between this stand-alone server and SERVER2017.local?
4.Was this stand-alone server in the domain or not now?
If this machine is not in the domain, we can try to add it to domain and then remove the AD CS to see if it helps.

It is recommended that you can RDP to the stand-alone server directly,
or log in locally to the stand-alone server, and then try to uninstall the ADCS role.

Or on the stand-alone server, you can try the PS command Uninstall-AdcsCertificationAuthority -Force to see if it helps.

Should you have any question or concern, please feel free to let us know.


Best Regards,
Daisy Zhou

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.