?
Solved

AD CS Not Starting

Posted on 2012-08-29
4
Medium Priority
?
2,916 Views
Last Modified: 2012-10-04
I have several errors like the one below in my event log, I have done an AD restore and still have this problem, could someone please shed some light on this?


Log Name:      Application
Source:        Microsoft-Windows-CertificationAuthority
Date:          29/08/2012 12:15:32
Event ID:      17
Task Category: None
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      SRV.domain.com
Description:
Active Directory Certificate Services did not start: Unable to initialize the database connection for domain-SRV-CA.  A log file is damaged. 0xc8000212 (ESE: -530).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" />
    <EventID Qualifiers="49754">17</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-08-29T10:15:32.000Z" />
    <EventRecordID>30048542</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>CSMSRV.csmeng.sw</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData Name="MSG_E_DB_INIT_FAILED">
    <Data Name="CACommonName">domain-SRV-CA</Data>
    <Data Name="ErrorCode">A log file is damaged. 0xc8000212 (ESE: -530)</Data>
  </EventData>
</Event>
0
Comment
Question by:DJMohr
  • 3
4 Comments
 

Expert Comment

by:DCVATech
ID: 38344979
Enable the connection between the CA and the certificates database

A certification authority (CA) needs to be able to connect to a certificates database file identified in the registry. To resolve this problem, confirm that the file identied in the registry exists, and if it does exist, that it has not been corrupted.  

To perform this procedure, you must have local administrator permission, or you must have been delegated the appropriate authority.

To enable the connection between the certification authority (CA) and the certificates database:

Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.

1. On the computer hosting the CA, click Start, type regedit, and then press ENTER.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration.
3. Check the value data for the REG_SZ entries named DBLogDirectory, DBSystemDirectory, and DBTempDirectory. Then, confirm that the CA database files exist in these locations.
4. At a command prompt, type Esentutl.exe /g <databasename> and press ENTER to check for database corruption.

Replace databasename with the name of the database listed in the registry settings.

5. If the database has been corrupted, at a command prompt, type Esentutl /r <databasename> and press ENTER to correct the problem.
6. Restart Active Directory Certificate Services (AD CS).

Verify

The certificate database must be available in order for the Active Directory Certificate Services (AD CS) service to start.

To perform this procedure, you must have membership in local Administrators on the computer hosting the certification authority (CA), or you must have been delegated the appropriate authority.

To confirm that the CA database connection has been enabled:

On the computer hosting the CA, click Start, point to Administrative Tools, and click Services.
If Started is displayed in the Status column for the Active Directory Certificate Services service, the CA database connection has been enabled.
0
 
LVL 1

Author Comment

by:DJMohr
ID: 38345008
I have tried that and get the following:

C:\Users\Administrator>Esentutl.exe /g domain-SRV-CA

Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 6.0
Copyright (C) Microsoft Corporation. All Rights Reserved.

Error: Access to source database 'domain-SRV-CA' failed with Jet error -1811.


Operation terminated with error -1811 (JET_errFileNotFound, File not found) afte
r 0.0 seconds.

The repair options doesn't help much either:

C:\Users\Administrator>Esentutl.exe /r domain-SRV-CA

Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 6.0
Copyright (C) Microsoft Corporation. All Rights Reserved.

Initiating RECOVERY mode...
    Logfile base name: domain-SRV-CA
            Log files: <current directory>
         System files: <current directory>

Operation terminated with error -1003 (JET_errInvalidParameter, Invalid API para
meter) after 0.16 seconds.
0
 
LVL 1

Accepted Solution

by:
DJMohr earned 0 total points
ID: 38345194
Have I asked a tough question?, normally there would have been a lot more responses by now.
0
 
LVL 1

Author Closing Comment

by:DJMohr
ID: 38462397
Reinstalled
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question