asked on AD Certficate Services Service will not stay started
Hi
We have an SBS 2008 server that has the following error when trying to start the Active Directory Certificate Services Service. It starts initially then immediately stops with the following error being logged:
Event ID 17, CertificationAuthority
Active Directory Certificate Services did not start; Unable to initialize the database connection for domain-server-CA. Unable to access the file. 0xc800040B (ESE: - 1032)
From the error code it looks as if the database file within system32\certlogs\ is either locked or doesn't have the correct permissions?
I have checked the permissions against a working SBS 2008 server and they are system, administrators and backup operator's with Full Control
It appears as if this has been a background problem for a while so I don't think I'd be able to restore the 1MB database file and am nervous about perhaps having to consider re-installing the role.
Look forward to your advice
We have an SBS 2008 server that has the following error when trying to start the Active Directory Certificate Services Service. It starts initially then immediately stops with the following error being logged:
Event ID 17, CertificationAuthority
Active Directory Certificate Services did not start; Unable to initialize the database connection for domain-server-CA. Unable to access the file. 0xc800040B (ESE: - 1032)
From the error code it looks as if the database file within system32\certlogs\ is either locked or doesn't have the correct permissions?
I have checked the permissions against a working SBS 2008 server and they are system, administrators and backup operator's with Full Control
It appears as if this has been a background problem for a while so I don't think I'd be able to restore the 1MB database file and am nervous about perhaps having to consider re-installing the role.
Look forward to your advice
Microsoft Legacy OSMicrosoft Server OS
Last Comment
Mahesh
ASKER
Mahesh
Thanks for the article however we have further problems:
If we run the integrity check esentutl /g it warns us the database is not up to date and we should run the recovery /r switch first.
When we run /r in the article is says use esentutl /r <databasename> however that is wrong the /r switch is looking for the base log file name which we guessed is edb?
When we run esentutl /r edb it says what is attached in the DOS window?
Some background info:
Initially we were missing the log files which I think had been moved accidentally during a tidy up for C drive space and perhaps the root cause of our issue. I moved them back in but there is a gap between the last modified date and log files of two months, see the logfiles.jpg
Any ideas what to try next? Typically we need this to re-issue the self-assigned certificate which has now expired
Thanks very much
esentutl--r-Error.JPG
Logfiles.jpg
Thanks for the article however we have further problems:
If we run the integrity check esentutl /g it warns us the database is not up to date and we should run the recovery /r switch first.
When we run /r in the article is says use esentutl /r <databasename> however that is wrong the /r switch is looking for the base log file name which we guessed is edb?
When we run esentutl /r edb it says what is attached in the DOS window?
Some background info:
Initially we were missing the log files which I think had been moved accidentally during a tidy up for C drive space and perhaps the root cause of our issue. I moved them back in but there is a gap between the last modified date and log files of two months, see the logfiles.jpg
Any ideas what to try next? Typically we need this to re-issue the self-assigned certificate which has now expired
Thanks very much
esentutl--r-Error.JPG
Logfiles.jpg
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks
We will try that procedure and see if that cures it, was trying to avoid that but it looks like it's necessary.
We will try that procedure and see if that cures it, was trying to avoid that but it looks like it's necessary.
ASKER
Mahesh
Re-installing the certificate authority worked, it had been preventing us renewing the self assigned certificate.
Thanks
Re-installing the certificate authority worked, it had been preventing us renewing the self assigned certificate.
Thanks
it had been preventing us renewing the self assigned certificate.
Sorry,
I am not getting..
Which certificate you are trying to renew please ?
Mahesh
follow steps in below article
http://technet.microsoft.com/en-us/library/cc774578(v=ws.10).aspx
Thanks