DaveBorg
asked on
AD Certifcate Services will not start on SBS2011
AD Certificate service will not start on an SBS server. Errors include "Keyset does not exist 0x80090016" and AD Certificate services terminated with service specific error 2146893802. Using certutil I can see that two keys exist - one that expired in 2016 fails the encryption test. The other, recently created passes signature test. When running the CA MMC I get no results because the service is not running. Keys can be seen in IE certificate properties. I am unable to delete the expired key command failed 0x800706ba the RPC server is unavailable. Security on C:\ProgramData\Microsoft\C rypto\RSA\ MachineKey s is correct. Tried esentutl. Shows clean shutdown. Tried bot a recovery and a repair but neither has helped. I don't seem to be having any certificate problems but I do want to migrate away from SBS to standalone Exchange and S2016 and I expect this certificate issue will cause problems. Don't have any suitable backups of the certificates.
ASKER
Thanks LVL17. Based on the article, I tried uninstalling and reinstalling Certificate services on a replica virtual machine. IT did seem to fix the problem but I am not sure how this will play out in a live environment. I will try this in the live system in the next few days.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
https://www.experts-exchange.com/questions/27847382/Active-Directory-Certificate-Authority-will-not-start.html
all the best