Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Symptoms of a missing pKIEnrollmentService object
- The Policy Module "Initialize" method returned an error. Cannot find object or property. The returned status code is 0x80092004 (-2146885628). Certificate Services could not find required Active Directory information.
- The "Enterprise and Stand-alone Policy Module" Policy Module "GetDescription" method returned an error. Cannot find object or property. The returned status code is 0x80092004 (-2146885628). Certificate Services could not find required Active Directory information.
- Certificate Services denied request 44 because Element not found. 0x80070490 (WIN32: 1168). The request was for CN=certUser.contoso.com. Additional information: Denied by Policy Module 0x80070490, Certificate Services could not find required Active Directory information.
- Certificate Services could not update security permissions. Element not found. 0x80070490 (WIN32: 1168)
Restore the pKIEnrollmentService object
- Check for the pkiEnrollmentService object in CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=com using ADSIEdit
- If the CN=Enrollment Services container object is also missing, manually create a new container object named Enrollment Services before proceeding
- In the Certification Authority snap-in, right-click on the CA name, go to All Tasks and click Backup CA
- Within the Backup wizard, backup both the CA database and the Public/Private Key Pair
- Backup the CA locally (C:\Backup, etc.)
- After the backup is made, in the Certification Authority snap-in, right-click on the CA name, go to All Tasks and click Renew CA Certificate
- Choose the same key (the No selection in the UI)
- Check for the pkiEnrollmentService object in CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=com using ADSIEdit
- Test the enrollment services