Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2010 Active Directory Certificate Services Not Starting

Posted on 2014-03-20
5
Medium Priority
?
325 Views
Last Modified: 2014-05-02
Hi,

I have a situation where inbound emails are not flowing. When i checked the exchange services i discovered that the AD Certificate Service is not running. I tried to start the service but i get the following error message:

Windows could not start the Active Directory Certificate Services on server.
Error 1003: Cannot complete this function.

Could this be the reason inbound mail is not flowing? I did install the CA certificate from Digicert about four months ago and all has been working fine till the recent development.

Your help will be greatly appreciated.

Francis
0
Comment
Question by:fbanda
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39941635
CA service has nothing to do with Exchange in bound \ out bound mail flow

Check your exchange services, trouble shoot mail flow from internal to external and vice versa

You may use Exchange tool box in EMC, remote connectivity analyzer
0
 

Author Comment

by:fbanda
ID: 39941957
Hi Mahesh,

Kindly see output below:

Testing inbound SMTP mail flow for domain 'testing@mcti.gov.zm'.
       The Microsoft Connectivity Analyzer failed to test inbound SMTP mail flow.
       
      Additional Details
       
      Test Steps
       
      Attempting to retrieve DNS MX records for domain 'mcti.gov.zm'.
       One or more MX records were successfully retrieved from DNS.
       
      Additional Details
      Testing Mail Exchanger mkango.zamnet.zm.
       One or more SMTP tests failed for this Mail Exchanger.
       
      Additional Details
       
Elapsed Time: 18236 ms.
       
      Test Steps
       
      Attempting to resolve the host name mkango.zamnet.zm in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 25 on host mkango.zamnet.zm to ensure it's listening and open.
       The specified port is either blocked, not listening, or not producing the expected
response.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       
The connection was established but a banner was never received.
Elapsed Time: 17555 ms.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39941990
Primary reason for email not flowing is lack of disk space on the C drive causing back pressure to kick in.
Although the error you have posted would tend to suggest the port isn't open. If you haven't changed anything (do check your router etc) then speak to your ISP to see if they have closed the port off.

Simon.
0
 

Author Comment

by:fbanda
ID: 39944453
Hi Simon, Mahesh,

Thanks for your posts.
There was only 4.1GB free space on drive C and the .edb file was also on drive C. I moved it to another partition (drive E) and mail seems to be flowing, though it takes time for inbound mail to reach this server (about 30 minutes).
Further, there was a misconfiguration on the receive connector which i corrected.
However, the AD Certificate service is still not running.
Any clues?

Thanks,
Francis
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39946092
Are you sure that certificate services are configured on same server ?

Can you please run net share command in cmd on server and please check if you are able to view CertEnroll shared folder with CA certificate ?

Also go to adsiedit.msc \ configuration \ services\Public Key services and check if there you are able to view Exchange server listed under AIA \ CDP
If yes, just open certificate local mmc on exchange server and export CA root certificate with private key in pfx format
Then try to uninstall CA server role and if successful take one reboot
Post reboot try to install CA role again with existing certificate option and provide above exported certificate, this will hopefully reinstall CA role on exchange server again without issue

Mahesh
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question