Solved

CertificationAuthority - lots of Event 22

Posted on 2012-03-14
3
1,914 Views
Last Modified: 2012-06-27
Fellow Experts, I need help.

Long story short - I've recovered domain controller from the crash and some time after the operation CertificateAuthority started making errors (Event ID: 22, just like below). Unfortunately we have only one server and had to put everything in one box.

Active Directory Certificate Services could not process request REQUEST_NO due to an error: ERROR 0xc8000152 (ESE: -338).  The request was for DOMAIN\user_account.  Additional information: An error has been encountered while analyzing the request.
...or the last message may be: Error Verifying Request Signature.
I'm not sure about the exact message as I'm not using English Windows.
It happens for user accounts as well as computer accounts.

I've checked MS KB about the issue (with verifying certificates and generating new CRL list) and it seems everything is fine...
What may be other steps to look for?

In the worst case scenario I can decommission CA and start from scratch as it's not yet widely used (only for RemoteApp).
0
Comment
Question by:marek1712
  • 2
3 Comments
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
ID: 37719168
Can't say that I've seent his myself, but I'm guessing you've been through this article.
http://technet.microsoft.com/en-us/library/cc774573(v=ws.10).aspx

ESE errors would be reporting some corruption in the NTDS.DIT databases.
One option would be to run the ESEUTIL against that database...but then...it could just corrupt the database even more.

Sometimes, trying to fix corruption sometimes propogates the problem further into the Database.

If the rest of your AD healthchecks are clean, then I'd also try removing the CA and re-creating it again.
0
 
LVL 11

Author Comment

by:marek1712
ID: 37719345
Yes, that was the Technet article I've seen. And the results were positive...
I have to admit I had some problems with AD, but it seems they're resolved by now - no reports of inconsistencies or any other errors...
0
 
LVL 11

Author Comment

by:marek1712
ID: 37723796
I've followed KB889250 (yes, I know it's for Win2000 and 2003) and decommissioned the server (couldn't event manually request new certificates).
Then I've set it up from scratch and it seems to work properly now. I just have to replace few RemoteApp .rdp files located on some computers.
Anyway - since your suggestion was correct - I'm closing the question.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question