Steve McAuliffe
asked on
The Active Directory Certificate Services service terminated with service-specific error %%-2146893807
In the system log there was an event 7024 :The Active Directory Certificate Services service terminated with service-specific error %%-2146893807.
In the application logs, there was an event 100:
Active Directory Certificate Services did not start: Could not load or verify the current CA certificate. XXXXX XXXX XXX CA Object was not found. 0x80090011 (-2146893807).
Active Directory Certificate Services (certsvc) starts for a few seconds then stops.
This issue happened after we installed microsoft security, OS and critical patches in this Windows 2008 Standard SP1 CA server.
My first thought was to rollback 30+ updates that was installed that day. Then I thought before I do that, I should check if that is the fix or not.
Any ideas?
In the application logs, there was an event 100:
Active Directory Certificate Services did not start: Could not load or verify the current CA certificate. XXXXX XXXX XXX CA Object was not found. 0x80090011 (-2146893807).
Active Directory Certificate Services (certsvc) starts for a few seconds then stops.
This issue happened after we installed microsoft security, OS and critical patches in this Windows 2008 Standard SP1 CA server.
My first thought was to rollback 30+ updates that was installed that day. Then I thought before I do that, I should check if that is the fix or not.
Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
After hours of troubshooting, we did not fix the issue. We decided to just rebuild another CA server and remove the CA role from the server where certsrv won't stay started.
%System Drive%\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\
System and Administrators (group) should have Full Control and the Owner should be the Adminstrators group.