Certificate Services won't start on a new off-line root CA.

From: msnews.microsoft.com (eric_james_chamberlain@hotmail.com)
Date: 02/08/03

• Next message: D@annyBoy: "Re: OE blocking attachments"
• Previous message: Bob: "Attempts to open Port 3955 - II"
• Next in thread: krish shenoy[MS]: "Re: Certificate Services won't start on a new off-line root CA."
• Reply: krish shenoy[MS]: "Re: Certificate Services won't start on a new off-line root CA."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "msnews.microsoft.com" <eric_james_chamberlain@hotmail.com>
Date: Fri, 7 Feb 2003 21:39:55 -0800

I'm attempting to setup an off-line root CA. This is on a clean install of
Windows 2000AS with SP3 and all the critical updates. I'd like to use a
Schlumberger e-gate 32K smart card to store the CA private key. I select
the Schlumberger CSP and 2048-bit when I generate the CA certificate. The
private key appears on the card, and the certificate appears in the
certificate store. When I then try and start the Certificate Services, I am
prompted for the PIN, I enter it, and then I get the following error
messages:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: 2/6/2003
Time: 10:30:05 AM
User: N/A
Computer: AD-PE01
Description:
The Certificate Services service terminated with service-specific error
2148073485.

Application Log:

Event Type: Error
Event Source: CertSvc
Event Category: None
Event ID: 42
Date: 2/6/2003
Time: 10:30:05 AM
User: N/A
Computer: AD-PE01
Description:
Certificate Services did not start: Could not build CA certificate chain for
UCB Root CA. Key does not exist. 0x8009000d (-2146893811).

I have searched google, but can't find any reference to these error
messages. The closest I can find is KB article 295162, but the folder
mentioned in the resolution already has Administrator and SYSTEM Full
Control and the error numbers I receive are different.

--
Eric Chamberlain, CISSP

---

• Next message: D@annyBoy: "Re: OE blocking attachments"
• Previous message: Bob: "Attempts to open Port 3955 - II"
• Next in thread: krish shenoy[MS]: "Re: Certificate Services won't start on a new off-line root CA."
• Reply: krish shenoy[MS]: "Re: Certificate Services won't start on a new off-line root CA."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Certificate Services fails to start ... However for the certificate services has corrupted, ... For now the certificate service is running properly, ... Microsoft CSS Online Newsgroup Support ... If you see a User DSN named CertSrv that is using the Access database, ... (microsoft.public.windows.server.sbs) Re: Certificate Services fails to start ... Under Database, click Select. ... you may need to reinstall the Certificate ... Backup the CA private key, certificate, and database. ... Uninstall Certificate Services. ... (microsoft.public.windows.server.sbs) Re: Certificate Services fails to start ... Microsoft CSS Online Newsgroup Support ... certificate service is now running. ... However for the certificate services has corrupted, ... >>Please follow below steps to try to resolve the issue: ... (microsoft.public.windows.server.sbs) Re: Questions ... deployment tool and certificate services. ... we do have more convenient means to create server /client certificate ... (microsoft.public.dotnet.framework.webservices) Re: CA Q ... I'm gonna start a new Root CA company. ... that I've done so far is issue a certificate to my IIS webserver. ... that possesses that the private key is reasonably the party that was issued the key and that the keys can used used for the attempted operation. ... This is where certification authorities come into play - they provide the trust structure. ... (microsoft.public.cert.exam.mcse)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)