question

Brascon01-7407 avatar image
0 Votes"
Brascon01-7407 asked Brascon01-7407 answered

Missing certificates

Hi,

Can someone explain why some issued certificates from a subordinate CA are missing, i cannot find them when i search for them in the CA, the server is newly built the db is approximately 60MB, no corruption or broke, all is working from issuing to renewal.

windows-server-security
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

To make the question more clearly, please help confirm the following information.
1, Do you mean some of the issued certs are missing from the issued certificates list on the CA server?
116525-7201.jpg
2, What are the certificates used for, users or computers.
Are there any errors for the users and computers?
3, The missing certs were renewed recently?

Best Regards,


0 Votes 0 ·
7201.jpg (166.8 KiB)

This may indicate that either, these certificates were deleted from CA database by an admin or CA server/DB was restored to previous version that doesn't include these certificates.

0 Votes 0 ·
Brascon01-7407 avatar image
0 Votes"
Brascon01-7407 answered FanFan-MSFT commented

Hi Fanfan,

Do you mean some of the issued certs are missing from the issued certificates list on the CA server? Yes when i search for them cant find them, it is random like 800 certs out of 7000 are missing.

What are the certificates used for, users or computers. Computers

Are there any errors for the users and computers? no errors at all

The missing certs were renewed recently? not renewed

Thanks

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

It is suggested to check:
1, If the missing certs are still available on the clients or for users.
2, Open the pkiview.msc and check if there are any errors.
3, If there are any events on the CAs and clients.
Best Regards,

0 Votes 0 ·

Thank you for the reply, no errors at all in pkiview.msc or in the event from the client or the server side.

Thanks

0 Votes 0 ·

Hi,
Any possibility mentioned by Crypt32?

Best Regards,

0 Votes 0 ·
Brascon01-7407 avatar image
0 Votes"
Brascon01-7407 answered FanFan-MSFT edited

Hi,

Did not see anything mentioned by Crypt32 regarding this.

one more thing not related, i miss technet forum where there were many ppl involved, Q&A is so quiet, just my feedback.

Thanks

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

It has not been a long time since the migration to Q&A, hope more and more users can start using it.

It is difficult to determine why some of the issued certs were missing now.
We can enable CAPI2 Diagnostics on the CA and a certain client to get more information.
For how to use the CAPI2 Diagnostics for troubleshooting, please refer to the following steps:
https://social.technet.microsoft.com/wiki/contents/articles/242.windows-pki-troubleshooting-capi2-diagnostics.aspx

Hope we can find some clues.

Best Regards,

0 Votes 0 ·
Brascon01-7407 avatar image
0 Votes"
Brascon01-7407 answered FanFan-MSFT commented

Thank you again, did that no errors that relates to our issue, very strange.

Thanks

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Since there are no errors, it is different to figure out the cause.
It is suggested to monitor for some time!
If there are any questions, feel free to let us know.

Best Regards,

0 Votes 0 ·
Brascon01-7407 avatar image
0 Votes"
Brascon01-7407 answered

Thank you for your help.

Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.