Re: Cert Authority DB is Damaged

From: Charlie (Charlie_at_discussions.microsoft.com)
Date: 07/14/05 

Date: Wed, 13 Jul 2005 19:16:01 -0700

Well, eseutil did something. I now get a different error message (EDB: -1209).
I used the /p switch, which is to repair. I am guessing that the utility
expects it to be an Exchange DB.

There were probably only about 20 certificates issued by the server, so it
won't be a huge amount of work to replace them.
It is a bit of a catch 22 though, because the only way I know of tracking
down the computers and users who were issued certificates is by looking at
the database of the Cert Server.
Unless there's someplace else to look?

Thanks.

"David Cross [MS]" wrote:

> Unfortunately since you do not have a backup, there may be little you can do
> to recover. this is a rare instance - I have only heard of 1 or 2 cases of a
> damaged database iin 5+ years. You may be able to try running eseutil.exe
> which is typically found with exchange server installations.
>
> --
> David B. Cross [MS]
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> Top Whitepapers:
>
> Auto-enrollment whitepaper:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
>
> Best Practices for implementing Windows Server 2003 PKI:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
>
> Troubleshooting Certificate Status and Revocation whitepaper:
> http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx
>
> Windows Server 2003 web enrollment and troubleshooting guide:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
> "Charlie" <Charlie@discussions.microsoft.com> wrote in message
> news:F0284061-10BF-4A0F-B1A1-2EC00ECD7771@microsoft.com...
> >I have an AD integrated subordinate Certificate Authority. As of recently,
> > the service won't run at startup and when I try to start the CA manually,
> > I
> > get the error message "The database is damaged".
> > I don't have a System State backup for the server and I haven't backed up
> > the CA separately.
> > Is there some way to repair or otherwise get back the CA DB?
> >
> > Thanks.
>
>
>

Relevant Pages

  • Re: Secure VPN access
    ... with it's security option for the client. ... After getting the VPN connection I check the Ip settings and found the ... point to the head ISP's DNS server. ... > Computer certificates for L2TP/IPSec VPN connections ...
    (microsoft.public.windows.server.sbs)
  • RE: L2TP/IPSEC site-to-site question
    ... seems more difficult on Windows and Isa 2000 mix, ... If I want to use certificates what type I have to use? ... > site-to-site VPN connection. ... > Site-to-Site VPN in ISA Server 2004 ...
    (microsoft.public.isa)
  • Re: Vista wireless using IAS and WPA-Enterprise
    ... certificates, which may be more than the limit that the IAS server can send ... on a Web site or if you use IAS in Windows Server 2003 ... Vista wireless using IAS and WPA-Enterprise ...
    (microsoft.public.windows.server.networking)
  • RE: L2TP/IPSEC site-to-site question
    ... Microsoft Internet Security and Acceleration (ISA) Server 2004 ... >site-to-site vpn connection. ... >My concerns are about the certificates part. ...
    (microsoft.public.isa)
  • Re: IAS EAP (PEAP)
    ... > IAS is registered with AD so I am okay there. ... If you create the server cert using the information below, ... Use this procedure to configure IAS server certificates for use with PEAP ...
    (microsoft.public.internet.radius)