?
Solved

Windows 2003 Certificate Services no longer working after upgrading to Windows 2003 Service Pack 1

Posted on 2005-05-02
5
Medium Priority
?
175 Views
Last Modified: 2010-04-18
I am quite confident that this started occuring directly after the 2003 sp 1 install however, I cannot gurantee it.  The following error is displayed on all clients when requesting user or computer certificates from any of our internal certificate servers.  The CA is started and I do have permissioon to request certificates.  This is abviously a very generic error.

The certificate request failed because one of the
following conditions:
- The certificate request was submitted to a Certification Authority (CA)
that is not started. (OR)
- You do not have the permissions to request certificates from the available
CAs.
0
Comment
Question by:Niro77
  • 3
  • 2
5 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 13911484
Try this at a CMD prompt on the SP1 server:

1.     certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAG
2.     net stop certsvc
3.     net start certsvc

This is from the release notes over here: http://support.microsoft.com/kb/889101

Specifically, it mentions this in the section at the end under this heading: "Certificate Services: Effects of security enhancements to the DCOM protocol"

Give it some time to replicate and/or stabilize before doing anything else.  It took about 4 hours on another poster's network before this change fully converged.

Advise.


0
 

Author Comment

by:Niro77
ID: 13921896
Unfortanately I tried this and nothing resulted after a few hours.  I will try requesting a certificate again tomorrow and see if any results change.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 13923054
Just for good measure, reboot the server.

Let me know.

Cheers,
NM
0
 

Author Comment

by:Niro77
ID: 13935993
I have rebooted all 3 certificate servers.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 13937855
Are all 3 servers running a CA?  Are they all Server 2003?  If so, it will be necessary to install SP1 on them all and run the fix.

The RPC and DCOM security is much tighter and also different from pre-SP1 and Windows 2000 servers.

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question