DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 959117 - Last Review: March 24, 2010 - Revision: 2.0

Source: Microsoft Support

RAPID PUBLISHING

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.

Symptom



When you try to start the Certification Authority (CA) Service it fails to start.

You may experience the following symptoms:

·         After the machine on which the CA (Certificate Authority) is installed the CA Service appears to be started, but attempts to stop the CA Service are failing.

 

·         The following error appears in the event log:

Event Type: Error

Event Source: DCOM

Event Category: None

Event ID: 10010

Date: 10.03.2008

Time: 13:41:10

User: N/A

Computer: CA_Server

Description:

The server {D99E6E73-FC88-11D0-B498-00A0C90312F3} did not register with DCOM within the required timeout.

 

·         "d99e6e73-fc88-11d0-b498-00a0c90312f3" resolves to CCertAdminD

·         When attempting to ping the CA locally or remotely using "certutil -ping" after longer period of time it fails with "Server execution failed 0x80080005 (-2146959355)" which resolves to CO_E_SERVER_EXEC_FAILURE

·         Internally the following error corresponds to the error displayed by certutil:

ole32!CClientContextActivator::CreateInstance returns 80080005

·         Output of rpcdump is showing that the Certificate Server RPC Interfaces are not registered:

"

UUID: 91ae6020-9e3c-11cf-8d7c-00aa00c091be

ncalrpc:[OLEBB84529DBB4F460BBE49579DD000]

 

UUID: 91ae6020-9e3c-11cf-8d7c-00aa00c091be

ncacn_np:\\\\W2K3TESTCA[\\pipe\\cert]

 

UUID: 91ae6020-9e3c-11cf-8d7c-00aa00c091be

ncacn_ip_tcp:10.10.10.10[1089]

"

Cause



This type of behavior can be caused by the following:

1. During the CA installation the CSP is set not to interact with the desktop

 

2. When the remote desktop session is created without "console" switch and CA is installed and administered from this session

 

3. In all other scenarios in which CryptExportPublicKeyInfo does not properly return due to errors in the CSP or HSM

Resolution



1.       If the CA is administered using remote desktop make sure that console switch and session is specified.

 

2.       Make sure that the CSP used for the CA keys can interact with the desktop.

 

3.       If the HSM is used for the CA Keys, make sure that it is properly configured.

 

4.       Make sure that CryptExportPublicKeyInfo returns successfully.

More Information



The problem can be traced during the failed CA service startup when the CryptExportPublicKeyInfo (this function is defined on crypt32.dll) fails to get the required info from the 3rd party CSP. This problem causes CA server not to properly start and RPC interfaces not to be registered. All that leads to the inconsistent and confusing behavior.  

DISCLAIMER

MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.

APPLIES TO
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise x64 Edition
Keywords: 
kbnomt kbrapidpub KB959117
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support