Solved

CertificationAuthority - lots of Event 22

Posted on 2012-03-14
3
1,723 Views
Last Modified: 2012-06-27
Fellow Experts, I need help.

Long story short - I've recovered domain controller from the crash and some time after the operation CertificateAuthority started making errors (Event ID: 22, just like below). Unfortunately we have only one server and had to put everything in one box.

Active Directory Certificate Services could not process request REQUEST_NO due to an error: ERROR 0xc8000152 (ESE: -338).  The request was for DOMAIN\user_account.  Additional information: An error has been encountered while analyzing the request.
...or the last message may be: Error Verifying Request Signature.
I'm not sure about the exact message as I'm not using English Windows.
It happens for user accounts as well as computer accounts.

I've checked MS KB about the issue (with verifying certificates and generating new CRL list) and it seems everything is fine...
What may be other steps to look for?

In the worst case scenario I can decommission CA and start from scratch as it's not yet widely used (only for RemoteApp).
0
Comment
Question by:marek1712
  • 2
3 Comments
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
Comment Utility
Can't say that I've seent his myself, but I'm guessing you've been through this article.
http://technet.microsoft.com/en-us/library/cc774573(v=ws.10).aspx

ESE errors would be reporting some corruption in the NTDS.DIT databases.
One option would be to run the ESEUTIL against that database...but then...it could just corrupt the database even more.

Sometimes, trying to fix corruption sometimes propogates the problem further into the Database.

If the rest of your AD healthchecks are clean, then I'd also try removing the CA and re-creating it again.
0
 
LVL 11

Author Comment

by:marek1712
Comment Utility
Yes, that was the Technet article I've seen. And the results were positive...
I have to admit I had some problems with AD, but it seems they're resolved by now - no reports of inconsistencies or any other errors...
0
 
LVL 11

Author Comment

by:marek1712
Comment Utility
I've followed KB889250 (yes, I know it's for Win2000 and 2003) and decommissioned the server (couldn't event manually request new certificates).
Then I've set it up from scratch and it seems to work properly now. I just have to replace few RemoteApp .rdp files located on some computers.
Anyway - since your suggestion was correct - I'm closing the question.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now