Windows 2003 Certificate Services no longer working after upgrading to Windows 2003 Service Pack 1

Posted on 2005-05-02
Last Modified: 2010-04-18
I am quite confident that this started occuring directly after the 2003 sp 1 install however, I cannot gurantee it.  The following error is displayed on all clients when requesting user or computer certificates from any of our internal certificate servers.  The CA is started and I do have permissioon to request certificates.  This is abviously a very generic error.

The certificate request failed because one of the
following conditions:
- The certificate request was submitted to a Certification Authority (CA)
that is not started. (OR)
- You do not have the permissions to request certificates from the available
Question by:Niro77
    LVL 51

    Accepted Solution

    Try this at a CMD prompt on the SP1 server:

    1.     certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAG
    2.     net stop certsvc
    3.     net start certsvc

    This is from the release notes over here:

    Specifically, it mentions this in the section at the end under this heading: "Certificate Services: Effects of security enhancements to the DCOM protocol"

    Give it some time to replicate and/or stabilize before doing anything else.  It took about 4 hours on another poster's network before this change fully converged.



    Author Comment

    Unfortanately I tried this and nothing resulted after a few hours.  I will try requesting a certificate again tomorrow and see if any results change.
    LVL 51

    Expert Comment

    Just for good measure, reboot the server.

    Let me know.


    Author Comment

    I have rebooted all 3 certificate servers.
    LVL 51

    Expert Comment

    Are all 3 servers running a CA?  Are they all Server 2003?  If so, it will be necessary to install SP1 on them all and run the fix.

    The RPC and DCOM security is much tighter and also different from pre-SP1 and Windows 2000 servers.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now