Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

CertificationAuthority - lots of Event 22

Posted on 2012-03-14
3
Medium Priority
?
2,328 Views
Last Modified: 2012-06-27
Fellow Experts, I need help.

Long story short - I've recovered domain controller from the crash and some time after the operation CertificateAuthority started making errors (Event ID: 22, just like below). Unfortunately we have only one server and had to put everything in one box.

Active Directory Certificate Services could not process request REQUEST_NO due to an error: ERROR 0xc8000152 (ESE: -338).  The request was for DOMAIN\user_account.  Additional information: An error has been encountered while analyzing the request.
...or the last message may be: Error Verifying Request Signature.
I'm not sure about the exact message as I'm not using English Windows.
It happens for user accounts as well as computer accounts.

I've checked MS KB about the issue (with verifying certificates and generating new CRL list) and it seems everything is fine...
What may be other steps to look for?

In the worst case scenario I can decommission CA and start from scratch as it's not yet widely used (only for RemoteApp).
0
Comment
Question by:marek1712
  • 2
3 Comments
 
LVL 26

Accepted Solution

by:
Leon Fester earned 2000 total points
ID: 37719168
Can't say that I've seent his myself, but I'm guessing you've been through this article.
http://technet.microsoft.com/en-us/library/cc774573(v=ws.10).aspx

ESE errors would be reporting some corruption in the NTDS.DIT databases.
One option would be to run the ESEUTIL against that database...but then...it could just corrupt the database even more.

Sometimes, trying to fix corruption sometimes propogates the problem further into the Database.

If the rest of your AD healthchecks are clean, then I'd also try removing the CA and re-creating it again.
0
 
LVL 11

Author Comment

by:marek1712
ID: 37719345
Yes, that was the Technet article I've seen. And the results were positive...
I have to admit I had some problems with AD, but it seems they're resolved by now - no reports of inconsistencies or any other errors...
0
 
LVL 11

Author Comment

by:marek1712
ID: 37723796
I've followed KB889250 (yes, I know it's for Win2000 and 2003) and decommissioned the server (couldn't event manually request new certificates).
Then I've set it up from scratch and it seems to work properly now. I just have to replace few RemoteApp .rdp files located on some computers.
Anyway - since your suggestion was correct - I'm closing the question.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question