Certificate Authority:  certsrv page on root CA fails 4 out of 5 times

Posted on 2009-04-21
Last Modified: 2012-08-14
I have a root certificate authority that was in place long before I worked here.  It was the only one until I just created a subordinate certificate authority.  I have no idea whether or not the issues with the root CA were occurring before the subordinate CA was created.

When I go to request a cert from the certsrv web gui on the root CA it does a couple of strange things:
1.  It asks me to log in- how is this enabled and administered?
2.  The website fails OFTEN with page not found errors.  I can hit refresh several times and eventually it will work.  Anyone know what's happening and how to make it work consistently?

IIS is installed on the server.  OWA and the IISADMPWD virtual directory is running on the same default web site.  OWA flakes on people pretty consistently on this server too.  Seems like IIS issues, but I don't know where to start looking.

Any suggestions?

Question by:RobocopGodzilla
    LVL 31

    Expert Comment

    1) Is this part of a different domain/subdomain that the user account that you are logging in with?  For example, your user is and the CA site is
    If you are part of different domains, it can be normal to have to log in with a user account that is valid in that other child domain.

    2) I don't like it when things work intermittently - its so much nicer when they never work so you can look for things missing or reinstall something!  Here's a few things, tho:
    - Try running this cmd: certsrv -vroot          This will "Create/Delete Web Virtual Roots and File Shares".  Try restarting web services afterwards if necessary.
    - Take a look at event logs to make sure no errors, especially hardware errors
    - Does it matter which user or workstation is being used to access the certsrv page?
    - Take a look at task manager and see how much CPU and memory usage there is.
    - When was the last time the server was rebooted?  Maybe its due...?
    - Service pack level is current?

    Lets start with that - let me know how things turn out and if you are still having problems we'll go from here.
    LVL 31

    Accepted Solution

    Oh, just noticed that you have OWA on same server as the CA... not common.  Are they set to repond on different ports?  If they are both trying to respond on port 80 then that is an issue.. as the CA certsrv page is probably much less used, I would recommend changing that one to non-default - e.g. port 8080 or some other port between 1024-65000.  Assuming you already know this, but just in case, you would then access by specifying the port number as http://caserver:8080/certsrv

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Suggested Solutions

    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now