SChannel Error 36870 0xffffffff

[Jack Dobiash]

Hello, about two weeks ago I started getting the
following error on one of my domain controllers:

Event Type: Error
Event Source: Schannel
Event Category: None
Event ID: 36870
Date: 3/9/2004
Time: 8:10:19 AM
User: N/A
Computer: FS-11
Description:
A fatal error occurred when attempting to access the SSL
server credential private key. The error code returned
from the cryptographic module is 0xffffffff.


I did some research and someone said that my computer
might not be able to complete the trust chain on the
certificate that is being used for SChannel. Using
dsstore -dcmon, I found the following:

*** Testing FS-11
** Issuers for Certs in Enterprise Root on FS-11
CTGR Root CA
CTGR Root CA
CTGR Root CA
CTGR Root CA
CTGR Root CA
** KDC Certs for this DC
(Autoenrolled cert)
Issuer:: CTGR Root CA
Subject:: fs-11.grandronde.org
SerialNumber:: 6xxxxxx0000000000003
ERROR Line: 838 -> CertVerifyCertificateChainPolicy -
Chain Status failure Error
:: 80092013

1 KDC certs for FS-11

---------------------

Now, anyone know how to fix this? I can see that the
Trust for the Chain is indeed broken, so how do I go
about repairing it? Thanks!

Jack Dobiash
jack.dobiash at grandronde.org
Confederated Tribes of Grand Ronde

 

[Jack Dobiash]

I swear I always find an answer after I post something in
here

Here is what I did, and I *think* it worked.

Opened up MMC and loaded the Certificates Store for the
Local Computer (while on the Domain Controller), I found
the Certificate I was having troubles with and right
clicked on it, went to All Tasks and then "Renew with
Same Key". This put the private key back into the
certificate.