Thursday, August 7, 2008

Certificate Services unable to start

If you are unable to start certificate services on your CA server and receiving following errors in your CA event viewer

Event Type: Error

Event Source: CertSvc

Event Category: None

Event ID: 100

Date: 8/7/2008

Time: 4:44:20 PM

User: N/A

Computer: XXXXXXXX

Description:

Certificate Services did not start: Could not load or verify the current CA certificate. XXXX Issuing CA The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning

Event Source: CertSvc

Event Category: None

Event ID: 48

Date: 8/7/2008

Time: 4:44:20 PM

User: N/A

Computer: XXXXXX

Description:

Revocation status for a certificate in the chain for CA certificate 0 for XXXX Issuing CA could not be verified because a server is currently unavailable. The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

This issue should be occurring because CA is not able to find the CRL. For fixing this issue try to run following command on CA server

certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE

After this command restart the Certificate service again and the service should run without any issues.