Resources For IT Professionals
Post an article
Wikis - Page Details
  • First published by
  • When: 21 Jul 2011 8:34 AM
  • Last revision by (cMVP, Microsoft Community Contributo)
  • When: 22 Feb 2013 6:44 PM
  • Revisions: 11
  • Comments: 32
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  SBS 2011: Repair Certificate Issues

SBS 2011: Repair Certificate Issues

SBS 2011: Repair Certificate Issues

How to Repair Certificate Issues in Windows Small Business Server 2011, Windows Home Server 2011, and Windows Storage Server 2008 R2 Essentials


Table of Contents

Applies To:


 Windows Small Business Server 2011, Windows Home Server 2011, and Windows Storage Server 2008 R2 Essentials


Background 

A certificate is a critical system resource. The basic system identity functionality depends on the certificate to validate the integrity of the services and its functionalities. Users should not manually modify or remove a certificate.

Each certificate has a start date and end date range. A certificate will be invalidated if the system date and time settings are changed to a time that has already passed.

This topic provides information and instructions that can help you recover a certificate that is marked as invalid or expired.

Important:

  • If you removed the certificate or certificate role, you must reinstall your system to recover the certificate.

Symptoms

  • You are unable to open the host server Dashboard.
  • You are unable to use the Services applet (services.msc) to start services named “Windows Server <Service Name>”.
  • You see the status “This certificate has expired or is not yet valid” when you double click the backup root certificate located at %programdata%\windows server\data\CAROOT.cer and select Certificate Path.
  • You cannot connect to the server by using the Launchpad from a client computer.

Cause

If you changed the system time to a time that is earlier than the installation time, the Windows Server services cannot start because the certificate appears as expired. The Windows Server Solutions Servers depend on this certification.

Solution

Note:

  • This is an advanced administrative task. To complete this task, you must log on to the host server as Administrator. Always use the server Dashboard to perform common server management tasks.

From the server

  1. Ensure that the date and time settings shown in the system tray are current.
  2. Visit Windows Update to download and install all critical and important updates.
  3. Restart the server.
  4. After restarting the server, click Start, type mmc.exe, and then press ENTER. An empty management console appears.
  5. In the management console, click File, and then click Add/Remove Snap-in.
  6. In Add or Remove Snap-ins, in the list of available snap-ins, select Certificates, and then click Add.
  7. In Certificates Snap-in, select Computer account, click Next, and then click Finish.
  8. In Add or Remove Snap-ins, click OK.
  9. In the management console, expand Certificates (Local Computer), and then click Trusted Root Certification Authorities.
  10. In the details pane, right click Certificates, point to All Tasks, and then click Import.
  11. In the Certificate Import Wizard, browse to %programdata%\Windows Server\Bin\WebApps\Site\Resources, click CAROOT.CER, and then click Open.
  12. In the Certificate Import Wizard, click next Next until you reach the Completing the Certificate Import Wizard page, and then click Finish.
  13. Restart the server.

From client computers

  • Ensure that the date and time settings shown in the system tray are current and that they are the same as the server settings.

Notes:

  • If the date and time reverts to an invalid time after you restart the server, check the BIOS settings to ensure that the BIOS time is set correctly.
  • If your server is running Windows Small Business Server 2011, this problem will be fixed automatically when you restart the server because the certificate is stored in Active Directory.
  • A certificate backup file is created during server installation. If you remove the certificate backup file, your system may not function correctly. If this occurs, you should perform a clean installation to recover the server.
  
, , , , , , , , [Edit tags]
Leave a Comment
  • Please add 4 and 8 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 22 Feb 2013 6:44 PM

    Richard Mueller edited Revision 9. Comment: Removed (en-US) from title, added tag

  • 4 Aug 2012 10:20 PM

    Ed Price - MSFT edited Revision 5. Comment: Updated title per guidelines. Added tags.

  • 5 Jun 2012 10:50 AM

    Fernando Lugão Veltem edited Revision 4. Comment: added toc

  • 24 Feb 2012 11:06 PM

    Susan Bradley edited Revision 1. Comment: edit for font size

  • 1 Sep 2011 5:46 PM

    Ed Price - MSFT edited Original. Comment: Font

Page 1 of 1 (5 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 22 Feb 2013 6:44 PM

    Richard Mueller edited Revision 9. Comment: Removed (en-US) from title, added tag

  • Posted by
    on 12 Dec 2012 3:05 PM

    Mr. Process - please post in the Essentials forum rather than here in the wiki area.  You will get much better help there. social.technet.microsoft.com/.../threads

  • Posted by
    on 12 Dec 2012 2:13 PM

    BTW: I hope I did not generate the same as Silfredo, whe the site pretended to be dead and hence I clicked a few time to see if the response really gets in.

  • Posted by
    on 12 Dec 2012 2:12 PM

    Since this did not work for me either, I used good ol command prompt and see what I found

    C:\>dir caroot.cer /s

    Volume in drive C is C (Platte 1 - Partition 1)

    Directory of C:\Program Files\Windows Server\Bin\WebApps\Site\Resources

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\ProgramData\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\Users\All Users\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

        Total Files Listed:

                  3 File(s)          2,286 bytes

                  0 Dir(s)  34,802,868,224 bytes free

  • Posted by
    on 12 Dec 2012 2:12 PM

    Since this did not work for me either, I used good ol command prompt and see what I found

    C:\>dir caroot.cer /s

    Volume in drive C is C (Platte 1 - Partition 1)

    Directory of C:\Program Files\Windows Server\Bin\WebApps\Site\Resources

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\ProgramData\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\Users\All Users\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

        Total Files Listed:

                  3 File(s)          2,286 bytes

                  0 Dir(s)  34,802,868,224 bytes free

  • Posted by
    on 12 Dec 2012 2:12 PM

    Since this did not work for me either, I used good ol command prompt and see what I found

    C:\>dir caroot.cer /s

    Volume in drive C is C (Platte 1 - Partition 1)

    Directory of C:\Program Files\Windows Server\Bin\WebApps\Site\Resources

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\ProgramData\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\Users\All Users\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

        Total Files Listed:

                  3 File(s)          2,286 bytes

                  0 Dir(s)  34,802,868,224 bytes free

  • Posted by
    on 12 Dec 2012 2:11 PM

    Since this did not work for me either, I used good ol command prompt and see what I found

    C:\>dir caroot.cer /s

    Volume in drive C is C (Platte 1 - Partition 1)

    Directory of C:\Program Files\Windows Server\Bin\WebApps\Site\Resources

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\ProgramData\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\Users\All Users\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

        Total Files Listed:

                  3 File(s)          2,286 bytes

                  0 Dir(s)  34,802,868,224 bytes free

  • Posted by
    on 12 Dec 2012 2:11 PM

    Since this did not work for me either, I used good ol command prompt and see what I found

    C:\>dir caroot.cer /s

    Volume in drive C is C (Platte 1 - Partition 1)

    Directory of C:\Program Files\Windows Server\Bin\WebApps\Site\Resources

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\ProgramData\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\Users\All Users\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

        Total Files Listed:

                  3 File(s)          2,286 bytes

                  0 Dir(s)  34,802,868,224 bytes free

  • Posted by
    on 12 Dec 2012 2:11 PM

    Since this did not work for me either, I used good ol command prompt and see what I found

    C:\>dir caroot.cer /s

    Volume in drive C is C (Platte 1 - Partition 1)

    Directory of C:\Program Files\Windows Server\Bin\WebApps\Site\Resources

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\ProgramData\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\Users\All Users\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

        Total Files Listed:

                  3 File(s)          2,286 bytes

                  0 Dir(s)  34,802,868,224 bytes free

  • Posted by
    on 12 Dec 2012 2:11 PM

    Since this did not work for me either, I used good ol command prompt and see what I found

    C:\>dir caroot.cer /s

    Volume in drive C is C (Platte 1 - Partition 1)

    Directory of C:\Program Files\Windows Server\Bin\WebApps\Site\Resources

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\ProgramData\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\Users\All Users\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

        Total Files Listed:

                  3 File(s)          2,286 bytes

                  0 Dir(s)  34,802,868,224 bytes free

  • Posted by
    on 12 Dec 2012 2:11 PM

    Since this did not work for me either, I used good ol command prompt and see what I found

    C:\>dir caroot.cer /s

    Volume in drive C is C (Platte 1 - Partition 1)

    Directory of C:\Program Files\Windows Server\Bin\WebApps\Site\Resources

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\ProgramData\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\Users\All Users\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

        Total Files Listed:

                  3 File(s)          2,286 bytes

                  0 Dir(s)  34,802,868,224 bytes free

  • Posted by
    on 12 Dec 2012 2:10 PM

    Since this did not work for me either, I used good ol command prompt and see what I found

    C:\>dir caroot.cer /s

    Volume in drive C is C (Platte 1 - Partition 1)

    Directory of C:\Program Files\Windows Server\Bin\WebApps\Site\Resources

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\ProgramData\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

    Directory of C:\Users\All Users\Microsoft\Windows Server\Data

    01/13/2012  07:55 PM               762 CAROOT.CER

                  1 File(s)            762 bytes

        Total Files Listed:

                  3 File(s)          2,286 bytes

                  0 Dir(s)  34,802,868,224 bytes free

  • Posted by
    on 24 Nov 2012 7:03 PM

    Silfredo, this is not a forum, but a wiki post.  Don't post here, post in the forum.  You will get no help here.

  • Posted by
    on 24 Nov 2012 5:14 PM

    Not working!

  • Posted by
    on 24 Nov 2012 5:14 PM

    Not working!

Page 1 of 3 (32 items) 123