Solved

AD Certficate Services Service will not stay started

Posted on 2013-11-19
6
387 Views
Last Modified: 2013-12-04
Hi

We have an SBS 2008 server that has the following error when trying to start the Active Directory Certificate Services Service. It starts initially then immediately stops with the following error being logged:

Event ID 17, CertificationAuthority

Active Directory Certificate Services did not start; Unable to initialize the database connection for domain-server-CA. Unable to access the file. 0xc800040B (ESE: - 1032)

From the error code it looks as if the database file within system32\certlogs\ is either locked or doesn't have the correct permissions?

I have checked the permissions against a working SBS 2008 server and they are system, administrators and backup operator's with Full Control

It appears as if this has been a background problem for a while so I don't think I'd be able to restore the 1MB database file and am nervous about perhaps having to consider re-installing the role.

Look forward to your advice
0
Comment
Question by:Assist-Netopa
  • 3
  • 3
6 Comments
 
LVL 36

Expert Comment

by:Mahesh
ID: 39660436
You need to  reinitialize CA database
follow steps in below article
http://technet.microsoft.com/en-us/library/cc774578(v=ws.10).aspx
Thanks
0
 

Author Comment

by:Assist-Netopa
ID: 39668670
Mahesh

Thanks for the article however we have further problems:

If we run the integrity check esentutl /g it warns us the database is not up to date and we should run the recovery /r switch first.

When we run /r in the article is says use esentutl /r <databasename> however that is wrong the /r switch is looking for the base log file name which we guessed is edb?

When we run esentutl /r edb it says what is attached in the DOS window?


Some background info:

Initially we were missing the log files which I think had been moved accidentally during a tidy up for C drive space and perhaps the root cause of our issue. I moved them back in but there is a gap between the last modified date and log files of two months, see the logfiles.jpg

Any ideas what to try next? Typically we need this to re-issue the self-assigned certificate which has now expired

Thanks very much
esentutl--r-Error.JPG
Logfiles.jpg
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39668704
You need to remove and reinstall the Certificate Authority role on SBS 2008 server. This is expressly supported by MS.
http://technet.microsoft.com/en-us/library/dd421659(v=ws.10).aspx

Mahesh
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:Assist-Netopa
ID: 39674761
Thanks

We will try that procedure and see if that cures it, was trying to avoid that but it looks like it's necessary.
0
 

Author Comment

by:Assist-Netopa
ID: 39695056
Mahesh

Re-installing the certificate authority worked, it had been preventing us renewing the self assigned certificate.

Thanks
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39695120
it had been preventing us renewing the self assigned certificate.


Sorry,
I am not getting..

Which certificate you are trying to renew please ?

Mahesh
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question