Cannot Install Enterprise Certification Authority On Windows 2008

Problem:

While trying to install Enterprise CA on Windows 2008 machine you receive an error message: “Installation Succeeded with Errors”.

Symptoms:

In the Event log you see the following Events:

Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Date: 4/20/2009 11:06:09 AM
Event ID: 5
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: dc1.w2k8microsoft.local
Description:
Active Directory Certificate Services could not find required registry information. The Active Directory Certificate Services may need to be reinstalled.

Log Name: System
Source: Service Control Manager
Date: 4/20/2009 11:50:57 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: dc1.w2k8microsoft.local
Description:
The Active Directory Certificate Services service terminated with the following error:

Cannot complete this function.

Additionaly when you try to start the certificate service, you receive error message: “Cannot complete this function 0x3eb(win32:1003)”

Resolution:

Check the permission on "CN=Public Key Service,CN=Services,CN=Configuration,DC=Domain,DC=Com", make sure that Enterprise admin and domain admin have full control.

Open Adsiedit.msc and navigate to CN=Public Key Service and check the permission for Domain admins and Enterprise Admins.

image

Once you have fixed the permission issue the problem will go away and you can reinstall the CA service.

Comments