CertificationAuthority - lots of Event 22

Fellow Experts, I need help.

Long story short - I've recovered domain controller from the crash and some time after the operation CertificateAuthority started making errors (Event ID: 22, just like below). Unfortunately we have only one server and had to put everything in one box.

Active Directory Certificate Services could not process request REQUEST_NO due to an error: ERROR 0xc8000152 (ESE: -338).  The request was for DOMAIN\user_account.  Additional information: An error has been encountered while analyzing the request.
...or the last message may be: Error Verifying Request Signature.
I'm not sure about the exact message as I'm not using English Windows.
It happens for user accounts as well as computer accounts.

I've checked MS KB about the issue (with verifying certificates and generating new CRL list) and it seems everything is fine...
What may be other steps to look for?

In the worst case scenario I can decommission CA and start from scratch as it's not yet widely used (only for RemoteApp).
LVL 11
marek1712Asked:
Who is Participating?
 
Leon FesterSenior Solutions ArchitectCommented:
Can't say that I've seent his myself, but I'm guessing you've been through this article.
http://technet.microsoft.com/en-us/library/cc774573(v=ws.10).aspx

ESE errors would be reporting some corruption in the NTDS.DIT databases.
One option would be to run the ESEUTIL against that database...but then...it could just corrupt the database even more.

Sometimes, trying to fix corruption sometimes propogates the problem further into the Database.

If the rest of your AD healthchecks are clean, then I'd also try removing the CA and re-creating it again.
0
 
marek1712Author Commented:
Yes, that was the Technet article I've seen. And the results were positive...
I have to admit I had some problems with AD, but it seems they're resolved by now - no reports of inconsistencies or any other errors...
0
 
marek1712Author Commented:
I've followed KB889250 (yes, I know it's for Win2000 and 2003) and decommissioned the server (couldn't event manually request new certificates).
Then I've set it up from scratch and it seems to work properly now. I just have to replace few RemoteApp .rdp files located on some computers.
Anyway - since your suggestion was correct - I'm closing the question.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.