This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 74%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
I inherited a Windows Server 2016 Standard which appears to have the Certificate Authority installed but the role is not installed. I think it may have to do with RSAT tools. Anyway, there is an expired certificate that is showing up in the Application logs.
Certificate for local system with Thumbprint f6 8c d1 f3 09 f0 ea 64 35 8b 36 38 d1 74 e5 b2 e8 e1 2f 99 is about to expire or already expired.
When I try to request a certificate with new key, I get the message that an enrollment policy server cannot be located.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,@RiverWild
I am checking to see if the problem has been resolved.
If there's anything you'd like to know, don't hesitate to ask.
Best Regards,
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
If you want to end this thread, and the answer was helpful for you, you can "Accept as answer" to help other community members find the helpful reply quickly.
If you have a better method to solve it, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
If there is anything else we can do for you, please feel free to post here.
Best Regards,
Hi,
To know the issue more clearly, would you please tell more about the environment for the server?
Is it a stand alone server or a domain joined server member.
1,To make sure if it is a CA server:
Based on my experience, on a windows server, if we installed the CA role, we can see the role as following screenshot showing without instals the RSAT tools manually.
Or you can run PKIVIEW.msc from the Search or Run menus on the server, if it is a CA, you can see the following :
If you can't find it, the role mas be uninstalled or the server was not the CA server.
Then if it need to renew a certificate , it need to find the ca server.
2,To make which CA issued the certificate, you can check all the issuer for certificates by the following steps :
Run MMC. from the Search or Run menus
3,When make sure the issuer for the expired certificates , we can determine how to renew it.
Following case for your reference:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/405545fe-1272-4a4a-a8ca-7e0b918cef37/how-to-generate-cert-request-from-my-cert-in-mmc?forum=winserversecurity
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi,
If you are using a entreprise PKI, you have to check if the user or computer has the enrollment right on the template.
certificate-autoenrollment-in-windows-server-2016-part-3.aspx
Please don't forget to mark this reply as answer if it help you to fix your issue