2

I'm trying to rename an old server ( 2008 R2 Standard) of ours that will be used for a SQL DEV(Used to be old prod), but the options to change computer name/domain is greyed out. I found that it's because CA is installed on this server, but not being used. The Active Directory Certificate services aren't able to start, and the options to remove the role from Server Manager is greyed out.

Any ideas how to go about removing the CA role/service properly so i can re-name this server?

When i try to start the AD certificate service it generates an error in the event viewer; Event ID 100 & 42. Description says:evtID42: Could not build a certificate chain for CA certificate 0 for domain-hostname-ca. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487). Evt ID 100:Active Directory Certificate Services did not start: Could not load or verify the current CA certificate. domain-hostname-ca. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487).

samalkobi
  • 41
  • 2
  • 5
  • You should be able to uninstall ADCS via Server Manager. Did you try to remove role services first? – Crypt32 Jan 23 '15 at 18:08
  • https://technet.microsoft.com/en-us/library/cc771494.aspx ? – Samuel Nicholson Jan 23 '15 at 19:30
  • This technet article is the right way to uninstall CA role. However, you have to properly decommission CA server as per this article: http://social.technet.microsoft.com/wiki/contents/articles/3527.how-to-decommission-a-windows-enterprise-certification-authority-and-how-to-remove-all-related-objects.aspx – Crypt32 Jan 23 '15 at 19:41
  • Yes, i have tried removing the role from Server Manager, but every option is greyed out, can't select anything. IF i try to remove the Active Directory Certive Service, for some reason the setup wizard automatically selects IIS even though it's unchecked and i highllighted AD Cert Services... I get alerts saying the RPC server is unavailable; I've read through that KB already though there doesn't seem to be any troubleshooting steps. When i run CERTUTIL -SHUTDOWN i get the error code 0x800706BA(WIN32:1722). – samalkobi Jan 23 '15 at 19:46
  • It wouldn't hurt to post this as an answer to your question. – I say Reinstate Monica Feb 01 '15 at 02:47

1 Answers1

0

Neeeeeevermind....I haven't added/removed server roles in a long while; Apparently, you have to UNCHECK the roles you want to remove...go figure. MY bad guys, thanks for the input! –

samalkobi
  • 41
  • 2
  • 5