Certificate Services fails to start

From: Benkman (Benkman_at_discussions.microsoft.com)
Date: 11/22/04

Date: Sun, 21 Nov 2004 17:35:12 -0800

I have a Windows 2000 (SP4) Standalone Root CA running Certificate Services.

Key storage is in an nCipher nShield F2 HSM using the nCipher enahnced CSP.

Certificate Services was starting but when I last booted up the Root CA and
loaded the keys into HSM Certificate Services failed to start with the
following errors:

Application Log:
The description for Event ID ( 42 ) in Source ( CertSvc ) and Support for
details. The following information is part of the event: xxxxxCA, A
certificate chain processed correctly, but terminated in a root certificate
which is not trusted by the trust provider. 0x800b0109 (-2146762487), 0.

System Log:
Certsvc EventID: 7024
The Certificate Services service terminated with service-specific error

I see article 822626 refers to these errors but in this case certificate
sevices still does not start.

The Root CA has a 4096-bit key and I'm thinking that this error could be
related to a timeout issue accessing the key within HSM.

Has anyone experienced similar problems like this? Can anyone describe the
detail of the Validation process for the Root CA?

Please Help!