#Syspeace stops due to license server inaccessable on #Windows Server 2003 #infosec
Syspeace service stops due to license server not reachable / inaccessibility on Windows Server 2003
We’ll actually update the troubleshooting section with info for Windows 2003 Servers but here’s why this can occur.
Apparently root certificates are not automatically updated on Windows Server 2003:
The automatic root update mechanism is enabled on Windows Server 2008 and later versions, but not on Windows Server 2003. Windows Server 2003 supports the automatic root update mechanism only partly. (This is the same as the support on Windows XP.) And because the root update package is intended for Windows XP client SKUs only, it is not intended for Windows Server SKUs. However, the root update package may be downloaded and installed on Windows Server SKUs, subject to the following restrictions.
If you install the root update package on Windows Server SKUs, you may exceed the limit for how many root certificates that Schannel can handle when reporting the list of roots to clients in a TLS or SSL handshake, as the number of root certificates distributed in the root update package exceeds that limit. When you update root certificates, the list of trusted CAs grows significantly and may become too long. The list is then truncated and may cause problems with authorization. This behavior may also cause Schannel event ID 36885. In Windows Server 2003, the issuer list cannot be greater than 0x3000.
This can be resolved for Syspeace by manually installing the gd-class2-root.crt certificate from this page: https://certs.godaddy.com/anonymous/repository.pki