Is their a default time out before the Domain controller looks up a newly installed CA and enrolls for a KDC cert
so have domain controller on 2008r2 , member server 2008r2(non dc). installed enterprise ca on member server. dc after particular amount of time new ca , kdc or have explicitly run certutil -pulse.
i earlier experience remember dc's automagically see new enterprise ca , retrieve domain controller certificate. want know can find settings tell me how long before dc new enterprise ca
domain controllers perform group policy *background* refresh each 5 minutes (by default). may have wait 90 minutes when all policies refreshed in same manner gpupdate /force switch.
http://www.sysadmins.lv
Windows Server > Security
Comments
Post a Comment