Certificate Services failing after installing SP4

J

Jim Hampson

Was working prior to SP4 install this morning. The service seems to start
and then immediately terminate.

Getting the following error in the system event log.
Event ID: 7024
Source: Service Control Manager
Description: The Certificate Services service terminated with
service-specific error 2148081683.

And these events in the application log.
Type: Warning
Event ID: 48
Source: CertSvc
Description: Revocation status for a certificate in the CA certificate chain
for MyCompany Intermediate CA could not be verified because a server is
currently unavailable. The revocation function was unable to check
revocation because the revocation server was offline. 0x80092013
(-2146885613).

Followed by:

Type: Error
Event ID: 100
Source: CertSvc
Description: Certificate Services did not start: Could not load or verify
the current CA certificate. MyCompany Intermediate CA The revocation
function was unable to check revocation because the revocation server was
offline. 0x80092013 (-2146885613).

This server is a stand alone subordinate CA with an offline stand alone Root
CA. This server is running SUS and IIS (sus and cert enrollment)

Any help appreciated.

Jim
 
T

Tim Sattler

Hello!

I have no solution to offer. However, we have exactly the same
problem, i.e., same messages in the event log, after applying SP4.
Everything was working perfectly before.

System:
Microsoft Enterprise Subordinate CA on W2K with off-line Root CA

Does anyone know a solution which doesn't require reinstalling the CA?

Regards
Tim
 
I

Isaac Morton

Hello!

I have no solution to offer. However, we have exactly the same
problem, i.e., same messages in the event log, after applying SP4.
Everything was working perfectly before.

System:
Microsoft Enterprise Subordinate CA on W2K with off-line Root CA

Does anyone know a solution which doesn't require reinstalling the CA?

Regards
Tim
Click to expand...

Hey Tim,

If you still need a fix, I just received a fix from Microsoft on the
same issue (I hope it's the same one). We also have an offline Root CA
that was showing this message right after SP4 because of a microsoft
"security update" to the CA. Type the following at a command prompt,
without the quotes of course.

"certutil.exe -setreg CA\LogLevel 2"

Then start the Certificate Services

Basically from what I understand, this removes the requirement to
validate the entire chain of CAs in order to start the service, so
offline CAs need not be contacted.

Hope it helps,
-Isaac
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

certificate revocation error 1
certificate revocation error 0
Certificate Services 2
Outlook 2007: Disable Security Certificate Warning 9
W2003 CA in W2000 domain 1
Certificate Authority Problem 3
Certificate Authority 1
Certificate Enrollment Denied By CA Server- HELP! 2

Top