AD CS Not Starting
I have several errors like the one below in my event log, I have done an AD restore and still have this problem, could someone please shed some light on this?
Log Name: Application
Source: Microsoft-Windows-Certific
Date: 29/08/2012 12:15:32
Event ID: 17
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: SRV.domain.com
Description:
Active Directory Certificate Services did not start: Unable to initialize the database connection for domain-SRV-CA. A log file is damaged. 0xc8000212 (ESE: -530).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ce
<EventID Qualifiers="49754">17</Eve
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2012-08-29T10:
<EventRecordID>30048542</E
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Chan
<Computer>CSMSRV.csmeng.sw
<Security UserID="S-1-5-18" />
</System>
<EventData Name="MSG_E_DB_INIT_FAILED
<Data Name="CACommonName">domain
<Data Name="ErrorCode">A log file is damaged. 0xc8000212 (ESE: -530)</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Certific
Date: 29/08/2012 12:15:32
Event ID: 17
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: SRV.domain.com
Description:
Active Directory Certificate Services did not start: Unable to initialize the database connection for domain-SRV-CA. A log file is damaged. 0xc8000212 (ESE: -530).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Ce
<EventID Qualifiers="49754">17</Eve
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2012-08-29T10:
<EventRecordID>30048542</E
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Chan
<Computer>CSMSRV.csmeng.sw
<Security UserID="S-1-5-18" />
</System>
<EventData Name="MSG_E_DB_INIT_FAILED
<Data Name="CACommonName">domain
<Data Name="ErrorCode">A log file is damaged. 0xc8000212 (ESE: -530)</Data>
</EventData>
</Event>
ASKER
I have tried that and get the following:
C:\Users\Administrator>Ese
Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 6.0
Copyright (C) Microsoft Corporation. All Rights Reserved.
Error: Access to source database 'domain-SRV-CA' failed with Jet error -1811.
Operation terminated with error -1811 (JET_errFileNotFound, File not found) afte
r 0.0 seconds.
The repair options doesn't help much either:
C:\Users\Administrator>Ese
Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 6.0
Copyright (C) Microsoft Corporation. All Rights Reserved.
Initiating RECOVERY mode...
Logfile base name: domain-SRV-CA
Log files: <current directory>
System files: <current directory>
Operation terminated with error -1003 (JET_errInvalidParameter, Invalid API para
meter) after 0.16 seconds.
C:\Users\Administrator>Ese
Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 6.0
Copyright (C) Microsoft Corporation. All Rights Reserved.
Error: Access to source database 'domain-SRV-CA' failed with Jet error -1811.
Operation terminated with error -1811 (JET_errFileNotFound, File not found) afte
r 0.0 seconds.
The repair options doesn't help much either:
C:\Users\Administrator>Ese
Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 6.0
Copyright (C) Microsoft Corporation. All Rights Reserved.
Initiating RECOVERY mode...
Logfile base name: domain-SRV-CA
Log files: <current directory>
System files: <current directory>
Operation terminated with error -1003 (JET_errInvalidParameter, Invalid API para
meter) after 0.16 seconds.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Reinstalled
A certification authority (CA) needs to be able to connect to a certificates database file identified in the registry. To resolve this problem, confirm that the file identied in the registry exists, and if it does exist, that it has not been corrupted.
To perform this procedure, you must have local administrator permission, or you must have been delegated the appropriate authority.
To enable the connection between the certification authority (CA) and the certificates database:
Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.
1. On the computer hosting the CA, click Start, type regedit, and then press ENTER.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\
3. Check the value data for the REG_SZ entries named DBLogDirectory, DBSystemDirectory, and DBTempDirectory. Then, confirm that the CA database files exist in these locations.
4. At a command prompt, type Esentutl.exe /g <databasename> and press ENTER to check for database corruption.
Replace databasename with the name of the database listed in the registry settings.
5. If the database has been corrupted, at a command prompt, type Esentutl /r <databasename> and press ENTER to correct the problem.
6. Restart Active Directory Certificate Services (AD CS).
Verify
The certificate database must be available in order for the Active Directory Certificate Services (AD CS) service to start.
To perform this procedure, you must have membership in local Administrators on the computer hosting the certification authority (CA), or you must have been delegated the appropriate authority.
To confirm that the CA database connection has been enabled:
On the computer hosting the CA, click Start, point to Administrative Tools, and click Services.
If Started is displayed in the Status column for the Active Directory Certificate Services service, the CA database connection has been enabled.