Sorry, I will correct it:
We use Cisco anyconnect (ISE) and all our
desktops need to have antivirus, updates and the corticate issued by our
internal PKI. In some Windows 7 desktops the certificate expired on October
20th and they didn’t renew it. I am trying work around this problem and
make them get a new certificate. It happened to some computers and only
Windows 7 OS, after 20th October, everything is working fine.
My problem is to make the ones that didn’t renew work again. I don’t
want to format them.
de Operações e Infraestrutura - CII
+55 11 3388-8193
Brian Arkills <barkills@xxxxxxxxxxxxxxxx>
7 does not renew CA certificate
So many details you aren’t giving us …
it’s hard to know whether you’ve done any troubleshooting at all or are
just hoping we can produce magic from a couple bits of information.
AD-integrated issuing CA? Or external CA?
You’ve implied this is a machine cert,
but not explicitly said so. Is it a machine cert or a user cert?
Has the computer lost its trust relationship
with the domain?
Presuming this is an AD-integrated issuing
CA, does the computer (or user) have the auto-enroll permission for the
What happens when you manually request
a cert renewal?
If user cert, did the user login via cached
What’s in the cert store on the computer
having issues? Does that reveal any clues (like a missing private key)?
Is the CRL for the issuing CA published?
Have you manually verified you can contact it from the computer having
What’s in the CRL? Is the cert you are
trying to renew or any of the certs in the chain revoked?
How about expirations of certs in the chain?
That’s just a sample of the kinds of troubleshooting
questions you should be thinking about.