Certificate Authority: certsrv page on root CA fails 4 out of 5 times

I have a root certificate authority that was in place long before I worked here.  It was the only one until I just created a subordinate certificate authority.  I have no idea whether or not the issues with the root CA were occurring before the subordinate CA was created.

When I go to request a cert from the certsrv web gui on the root CA it does a couple of strange things:
1.  It asks me to log in- how is this enabled and administered?
2.  The website fails OFTEN with page not found errors.  I can hit refresh several times and eventually it will work.  Anyone know what's happening and how to make it work consistently?

IIS is installed on the server.  OWA and the IISADMPWD virtual directory is running on the same default web site.  OWA flakes on people pretty consistently on this server too.  Seems like IIS issues, but I don't know where to start looking.

Any suggestions?

Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

ParanormasticConnect With a Mentor Cryptographic EngineerCommented:
Oh, just noticed that you have OWA on same server as the CA... not common.  Are they set to repond on different ports?  If they are both trying to respond on port 80 then that is an issue.. as the CA certsrv page is probably much less used, I would recommend changing that one to non-default - e.g. port 8080 or some other port between 1024-65000.  Assuming you already know this, but just in case, you would then access by specifying the port number as http://caserver:8080/certsrv 
ParanormasticCryptographic EngineerCommented:
1) Is this part of a different domain/subdomain that the user account that you are logging in with?  For example, your user is user@userdomain.company.local and the CA site is http://caserver.machinedomain.company.local/certsrv
If you are part of different domains, it can be normal to have to log in with a user account that is valid in that other child domain.

2) I don't like it when things work intermittently - its so much nicer when they never work so you can look for things missing or reinstall something!  Here's a few things, tho:
- Try running this cmd: certsrv -vroot          This will "Create/Delete Web Virtual Roots and File Shares".  Try restarting web services afterwards if necessary.
- Take a look at event logs to make sure no errors, especially hardware errors
- Does it matter which user or workstation is being used to access the certsrv page?
- Take a look at task manager and see how much CPU and memory usage there is.
- When was the last time the server was rebooted?  Maybe its due...?
- Service pack level is current?

Lets start with that - let me know how things turn out and if you are still having problems we'll go from here.
All Courses

From novice to tech pro — start learning today.