Unable to Start AD CA Certification Service
Posted on 2016-09-09
Active Directory Certificate Authority Root
When I attempt to start the certificate service, I get the error:
The system cannot find the file specified. 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)
The policy module for a CA is missing or incorrectly registered. To view or change the policy module settings, right-click on the CA, click Properties, and then click on the Policy Module tab.
So I click on Properties and the “Policy Module tab”. I click on “Select”, which brings up “Set Active Policy Module”. The only option to select is “Windows Default” which is already selected. I click OK and try to start the Certification Service and receive same error.
I checked the registry key:
That has a string value named “Active” with a value of CertificateAuthority_MicrosoftDefault.Policy
Just to make sure I reregistered the certpdef.dll but that didn’t change anything.
The Event Viewer says:
Active Directory Certificate Services did not start: Could not load or verify the current CA certificate. (Name of our certificate authority) The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND).
Our certificate server is a 2012R2 member server. I migrated the certificate services from a 2003 member server which is being deactivated.
The local group: “Certificate Service DCOM Access” membership is Authenicated Users
The AD group: “Certificate Service DCOM Access” membership is Authenicated Users, Domain Users, and Domain Computers.
The Enterprise group “Cert Publishers” sole member is our certificate server.
In Active Directory Sites and Services/Services/Public Key Services
AIA Contains the certificationAuthority object for our root CA and the certificate server has full permissions.
Contains the Name of our Certification Server which contains cRLDistributionPoint object with the name of our Certification Authority and our certificate server has full permissions.
Does anyone have an idea about how to fix this?