[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 711
  • Last Modified:

Event 1008 followed by 1009 in Windows 2000 Server DC

My Primary Domain Controller in AD running windows 2000 server has been loggin events 1008 and 1009 recently.
the event shows up every 2-3 hours, sometimes consecutively.
This is the only DC in the network.

Event 1008: The enterprise root certificate store could not be updated. Incorrect function
Event 1009: The NT Smartcard authentication certificate store could not be updated Incorrect function".
  • 3
  • 3
1 Solution
Any changes to this DC?  Did you add a DNS server to it?  Update any GPO's?

 From a newsgroup post: "In my case the problem started to appear after I had installed Wingate 5.01 client software onto the file server, and had added a second DNS address, where the Wingate server DNS is setup at the gateway. Removing the Wingate client software, removing the second DNS server address (the same as the gateway) and then rebooting resulted in a perfectly functioning DNS domain server. I had installed the Wingate client software so that I could run Windows Update. I had done this because although the file server could access the internet when directly connected (I could ping www addresses from a command prompt), it could not display any pages".

 I was getting this event and event id 1008 (same source) plus an error about "Cannot contact Domain" etc. I simply re-applied the GPO manually which seemed to resolve the above errors.
After applying the above you should get a response in the Event Viewer stating : "SceCli - Security policy in the Group policy objects are applied successfully". Now reboot your machine and the errors should be resolved.  

is this an SBS DC?

 From a newsgroup post: "The 1008 errors are not the problem, they are the messenger. However, these errors are indicative that there are clock cycles being stolen by these items. There is a specific Perflib error that follows on the installation of SBS 2000. You resolve it quite simply with a command explained in the SBS readme doc which from the top of my head is:

c:\winnt.sbs\system32>lodctr c:\exchsrvr\bin\eseperf.ini

That means you must execute that command from that directory in order for this to solve the problem regarding this specific issue on this counter, assuming the other paths are correct.  BTW, this comes from the SBS readme doc."

Error code 0x80070051 = - no additional info
Error code 0x80070057 = E_INVALIDARG = "One or more arguments are not valid error." - no additional info  

sunhakAuthor Commented:
there were no changes in the DC.
I did tweak some GPOs, but reverting back and rebooting has not solved the problem.
I tried SECEDIT and in the event log, it shows SceCli successful, followed by event 1008 and 1009
This is not a SBS
What level service pack?
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

sunhakAuthor Commented:
I have not been able to find anything on those event ID's.  I would try re-applying SP4.  Many times this will resolve issues like these.  Good Luck!  If I find anything I will let you know.
sunhakAuthor Commented:
I tried sfc and didn't work so I ran a Repair on windows 2000 last night and it solved the problem.
Closed, 500 points refunded.

Community Support Moderator
Experts Exchange

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now