Can't publish base CRL...File already exists

snowmizer
snowmizer used Ask the Experts™
on
I have a script running weekly on a Windows 2003 Certificate server that recreates our CRL and publishes the new crl. It is defined as follows:

@echo off
certutil -CRL
c:\scripts\sleep 5
copy /y %windir%\system32\certsrv\certenroll\*.crl c:\crldata
copy /y %windir%\system32\certsrv\certenroll\*.crt c:\certdata
certutil -dspublish -f -v "c:\windows\system32\certsrv\certenroll\abc.crl" > PublishCrl.log

When the "dsPublish" command runs it generates the message:

Certificate Services could not publish a Base CRL for key 0 to the following location: C:\WINDOWS\system32\CertSrv\CertEnroll\abc.crl. Cannot create a file when that file already exists. 0x800700b7 (WIN#@/HTTP: 183)

When I run the "dsPublish" command manually it comes back and says "Base CRL added to DS Store" Certutil: -dsPublish command completed successfully.

I just added the "-v" switch and the pipe to the log file today so I don't have any output from this yet. What do I need to do to fix this?

Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Cryptographic Engineer
Commented:
I think you're reading this wrong.  the dspublish command has nothing to do with your error.

"Certificate Services could not publish a Base CRL" is referencing the 'certutil -crl' command.  Could be permissions, but also double check that the file path is correct - i.e. that C:\windows\... is correct and not C:\WINNT\... for example.  Copy/paste the pathe name from Explorer into the CDP listing on the Extensions tab of the CA Properties if need be and make sure 'publish CRL' and 'publish delta CRLs' are both checked (assuming for an online CA that is doing delta CRLs).

Author

Commented:
I changed the permissions on this folder and ran my script. I didn't get any errors this time in my event log. I'm going to let it run as scheduled on Thursday morning and see what happens. I'll post the results after that run.

Thanks.
ParanormasticCryptographic Engineer

Commented:
Everything turn out OK?

Author

Commented:
Yep. I checked yesterday and I didn't get this error. Thanks for the info.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial