Solved

AD Certficate Services Service will not stay started

Posted on 2013-11-19
6
394 Views
Last Modified: 2013-12-04
Hi

We have an SBS 2008 server that has the following error when trying to start the Active Directory Certificate Services Service. It starts initially then immediately stops with the following error being logged:

Event ID 17, CertificationAuthority

Active Directory Certificate Services did not start; Unable to initialize the database connection for domain-server-CA. Unable to access the file. 0xc800040B (ESE: - 1032)

From the error code it looks as if the database file within system32\certlogs\ is either locked or doesn't have the correct permissions?

I have checked the permissions against a working SBS 2008 server and they are system, administrators and backup operator's with Full Control

It appears as if this has been a background problem for a while so I don't think I'd be able to restore the 1MB database file and am nervous about perhaps having to consider re-installing the role.

Look forward to your advice
0
Comment
Question by:Assist-Netopa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39660436
You need to  reinitialize CA database
follow steps in below article
http://technet.microsoft.com/en-us/library/cc774578(v=ws.10).aspx
Thanks
0
 

Author Comment

by:Assist-Netopa
ID: 39668670
Mahesh

Thanks for the article however we have further problems:

If we run the integrity check esentutl /g it warns us the database is not up to date and we should run the recovery /r switch first.

When we run /r in the article is says use esentutl /r <databasename> however that is wrong the /r switch is looking for the base log file name which we guessed is edb?

When we run esentutl /r edb it says what is attached in the DOS window?


Some background info:

Initially we were missing the log files which I think had been moved accidentally during a tidy up for C drive space and perhaps the root cause of our issue. I moved them back in but there is a gap between the last modified date and log files of two months, see the logfiles.jpg

Any ideas what to try next? Typically we need this to re-issue the self-assigned certificate which has now expired

Thanks very much
esentutl--r-Error.JPG
Logfiles.jpg
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39668704
You need to remove and reinstall the Certificate Authority role on SBS 2008 server. This is expressly supported by MS.
http://technet.microsoft.com/en-us/library/dd421659(v=ws.10).aspx

Mahesh
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:Assist-Netopa
ID: 39674761
Thanks

We will try that procedure and see if that cures it, was trying to avoid that but it looks like it's necessary.
0
 

Author Comment

by:Assist-Netopa
ID: 39695056
Mahesh

Re-installing the certificate authority worked, it had been preventing us renewing the self assigned certificate.

Thanks
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39695120
it had been preventing us renewing the self assigned certificate.


Sorry,
I am not getting..

Which certificate you are trying to renew please ?

Mahesh
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question