I messed up my CA

  • Thread starter Thread starter Howard
  • Start date Start date
H

Howard

While testing and learning EFS in my home environment, I screwed with
my CA and messed things up!

My Set-up: 3 servers: One Win2K Server domain controller with AD,
also has DNS, DHCP, and CA. Second computer is a Win2K member server
running Exchange 2000. Third computer is also a Win2K member server
acting as my router/firewall to the internet. I also have 3 clients
running Win2K and XP.

I installed CA a couple of days ago so I can learn about CAs and EFS.
I decided to start over, so I stopped the CA service, deleted ALL the
certificates that I could find (Administrator, File recovery, etc.)
and then re-started the CA.

Now, I'm having problems. The "whoami" command from the command
prompt doesn't work anymore (not recognizable as an internal or
external command). Secedit doesn't work anymore either, it just
starts Microsoft Help! I can't refresh policies without secedit!

The above happens on ALL clients and servers. None of them recognize
the "whoami" or "secedit" commands. And no, I wasn't smart enough to
export and backup the certificates I deleted! Dohhh!

How can I fix this? Do I need to remove and reinstall AD? Since this
is happening on all computers, I'm presuming it's an AD problem, but
not sure.

Any feedback is appreciated.

Thanks,

Howard
 
I agree with Dave. Possibly you encrypted something you should not
have, and that is causing problems. Your best solution probably will be to
start from scratch and rebuild the domain controller, since it is not a
production machine. You will have to rejoin the other computers to the
domain. Check event viewer for any clues. Run dcdiag on the domain
controller and netdiag on one of the member machines. -- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223316
http://is-it-true.org/nt/nt2000/atips/atips24.shtml

David Cross said:
I don't think the de-install of the CA had anything to do with this. Likely
a red herring.
 
Back
Top