Solved

Certificate service will not stay started for Windows 2003 Server

Posted on 2008-10-23
7
14,174 Views
Last Modified: 2010-06-30
I have a Windows 2003 server that is running Certificate services. I recently renewed the certificate. The CertSvc will not stay started. I can start the service without an error but when I refresh the page the service is stopped again. I receive the following logs:

Event Type:      Error
Event Source:      CertSvc
Event Category:      None
Event ID:      58
Date:            10/23/2008
Time:            10:04:03 AM
User:            N/A
Computer:      EXCHANGE01
Description:
A certificate in the chain for CA certificate 0 for  has expired.  A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      CertSvc
Event Category:      None
Event ID:      100
Date:            10/23/2008
Time:            10:04:03 AM
User:            N/A
Computer:      EXCHANGE01
Description:
Certificate Services did not start: Could not load or verify the current CA certificate.  A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7024
Date:            10/23/2008
Time:            10:06:28 AM
User:            N/A
Computer:      EXCHANGE01
Description:
The Certificate Services service terminated with service-specific error 2148204801 (0x800B0101).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Any help would be appreciated.
0
Comment
Question by:robertsgroup33
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 15

Accepted Solution

by:
pcsmitpra earned 500 total points
ID: 22786388
You have to renew CA certificate. go ahead.
0
 

Author Comment

by:robertsgroup33
ID: 22786405
I have already done that.
0
 
LVL 15

Expert Comment

by:pcsmitpra
ID: 22786677
Did you check the CA's root signing certificate? (and all the other certificates up the signing chain?)
Try to identify by modifying the following error details with yours:
C:\>certutil -error 2148204801 0x800b0101 (-2146762495) -- 2148204801 (-2146762495)


0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:robertsgroup33
ID: 22786834
This is what I get.

C:\>certutil -error 2148204801
0x800b0101 (-2146762495) -- 2148204801 (-2146762495)
Error message text: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file
.
CertUtil: -error command completed successfully.
0
 
LVL 15

Expert Comment

by:pcsmitpra
ID: 22787040
It makes sure, one or more certificate has been expired.  You may find that now. and need to replace same.
0
 

Author Comment

by:robertsgroup33
ID: 22787114
I have renewed all certs.
0
 

Author Comment

by:robertsgroup33
ID: 22787682
I renewed the cert again in the CA snap in and it looks like its working now.
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question