Certificate Services did not start.
Certification authorities (CAs) need adequate system resources and operating system components to function. If a server has insufficient memory or hard disk space, or if operating system components become unavailable, attempts to start Active Directory Certificate Services (AD CS) can fail.
Correct general problems that prevent Active Directory Certificate Services from starting
To perform these procedures, you must have Manage CA permission, or you must have been delegated the appropriate authority.
Fix general problems that can prevent Active Directory Certificate Services from starting
To fix general problems that can prevent Active Directory Certificate Services (AD CS) from starting:
On the computer hosting the CA, click Start, point to Administrative Tools, and click Services.
Check the status of the AD CS service. If the service is not running, attempt to restart it and observe if the error recurs or if other errors or warnings appear.
Restart the computer and try steps 1 and 2 again.
Check the event log message for a code that describes the specific reason that startup failed. If not, check the event log for additional errors and warnings preceding or following this error message and correct these errors.
If the problem persists and you can reproduce the issue, use the following procedure, Create a CA debug log, to obtain additional information.
Create a CA debug log
To create a CA debug log:
On the computer hosting the CA, click Start, type cmd and press ENTER.
Type certutil -setreg ca\debug 0xffffffe3 and press ENTER.
Reproduce the issue.
To disable logging, type certutil -delreg ca\debug.
You do not need to stop or restart the certsvc service when using these specific commands. Logging will be enabled or disabled immediately.
The %windir%\certsrv.log file contains advanced diagnostic information that may be useful if you need to contact Microsoft Customer Service and Support.
To confirm that the CA service has started correctly:
On the computer hosting the CA, click Start, point to Administrative Tools, and click Certification Authority.
Select the CA name and click Start to start the service.
Check the Event log for any startup errors from source Microsoft-Windows-CertificationAuthority.
If the CA service starts with no errors, the CA error has been resolved.
Target | Microsoft.Windows.CertificateServices.CARole.2008 | ||
Category | EventCollection | ||
Enabled | True | ||
Event_ID | 63 | ||
Event Source | Microsoft-Windows-CertificationAuthority | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | High | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Application |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Windows.EventProvider | Default |
Alert | WriteAction | System.Health.GenerateAlert | Default |
WriteToCertSvcEvents | WriteAction | Microsoft.Windows.CertificateServices.CARole.CertSvcEvents.Publisher | Default |
WriteToDB | WriteAction | Microsoft.SystemCenter.CollectEvent | Default |
<Rule ID="Microsoft.Windows.CertificateServices.CARole.2008.CertSvcEvents.63" Enabled="true" Target="CS!Microsoft.Windows.CertificateServices.CARole.2008" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">63</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Microsoft-Windows-CertificationAuthority</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="WriteToCertSvcEvents" TypeID="Microsoft.Windows.CertificateServices.CARole.CertSvcEvents.Publisher"/>
<WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">
<Priority>2</Priority>
<Severity>2</Severity>
<AlertMessageId>$MPElement[Name="AlertMessageIDb3ee1df594514fb0a9c9bbef46e0c374"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>
<SuppressionValue>$Data/PublisherName$</SuppressionValue>
<SuppressionValue>$Data/LoggingComputer$</SuppressionValue>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>