Certificate Services

Hi.

I get an error message from the Certsvc when I try to
start it:

"The revocation function was unable to check revocation
because the revocation server was offline."

And I get these in eventlog:

---
Event Type: Error
Event Source: CertSvc
Event Category: None
Event ID: 100
Date: 2004-08-10
Time: 10:11:54
User: N/A
Computer: EDUSRV01
Description:
Certificate Services did not start: Could not load or
verify the current CA certificate. EDU Issuing CA 1 The
revocation function was unable to check revocation
because the revocation server was offline. 0x80092013 (-
2146885613).

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

---

Event Type: Warning
Event Source: CertSvc
Event Category: None
Event ID: 48
Date: 2004-08-10
Time: 10:11:54
User: N/A
Computer: EDUSRV01
Description:
Revocation status for a certificate in the chain for CA
certificate 0 for EDU Issuing CA 1 could not be verified
because a server is currently unavailable. The
revocation function was unable to check revocation
because the revocation server was offline. 0x80092013 (-
2146885613).

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

---

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: 2004-08-10
Time: 10:11:55
User: N/A
Computer: EDUSRV01
Description:
The Certificate Services service terminated with service-
specific error 2148081683 (0x80092013).

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

---

I found an KB that apply to 2000 server with SP4 but
nothing on Server 2003.

How can I get the Certificate server to function
propperly?

Hi Jon,

do you have two or more tire CA server setup?

It looks to me that CA service that you are trying to start is having
problem finding CRL list from one of it's parent CA servers. Check that all
CRL lists are available, valid and accessible from CA that you are trying to
start. Check that your server trusts all parent CAs.

I hope this helps,

Mike

"Jon" <(E-Mail Removed)> wrote in message
news:33f501c47eb3$5bc2df00$(E-Mail Removed)...
> Hi.
>
> I get an error message from the Certsvc when I try to
> start it:
>
> "The revocation function was unable to check revocation
> because the revocation server was offline."
>
> And I get these in eventlog:
>
> ---
> Event Type: Error
> Event Source: CertSvc
> Event Category: None
> Event ID: 100
> Date: 2004-08-10
> Time: 10:11:54
> User: N/A
> Computer: EDUSRV01
> Description:
> Certificate Services did not start: Could not load or
> verify the current CA certificate. EDU Issuing CA 1 The
> revocation function was unable to check revocation
> because the revocation server was offline. 0x80092013 (-
> 2146885613).
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> ---
>
> Event Type: Warning
> Event Source: CertSvc
> Event Category: None
> Event ID: 48
> Date: 2004-08-10
> Time: 10:11:54
> User: N/A
> Computer: EDUSRV01
> Description:
> Revocation status for a certificate in the chain for CA
> certificate 0 for EDU Issuing CA 1 could not be verified
> because a server is currently unavailable. The
> revocation function was unable to check revocation
> because the revocation server was offline. 0x80092013 (-
> 2146885613).
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> ---
>
> Event Type: Error
> Event Source: Service Control Manager
> Event Category: None
> Event ID: 7024
> Date: 2004-08-10
> Time: 10:11:55
> User: N/A
> Computer: EDUSRV01
> Description:
> The Certificate Services service terminated with service-
> specific error 2148081683 (0x80092013).
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> ---
>
> I found an KB that apply to 2000 server with SP4 but
> nothing on Server 2003.
>
> How can I get the Certificate server to function
> propperly?

How do I verify this?

The problem occurs on the Issuing CA (Enterprise Sub-
ordinary), I allso have a Root CA.

Whitch one is the "Revocation Server"?

/Jon

>-----Original Message-----
>Hi Jon,
>
>do you have two or more tire CA server setup?
>
>It looks to me that CA service that you are trying to
start is having
>problem finding CRL list from one of it's parent CA
servers. Check that all
>CRL lists are available, valid and accessible from CA
that you are trying to
>start. Check that your server trusts all parent CAs.
>
>I hope this helps,
>
>Mike
>
>"Jon" <(E-Mail Removed)> wrote in
message
>news:33f501c47eb3$5bc2df00$(E-Mail Removed)...
>> Hi.
>>
>> I get an error message from the Certsvc when I try to
>> start it:
>>
>> "The revocation function was unable to check revocation
>> because the revocation server was offline."
>>
>> And I get these in eventlog:
>>
>> ---
>> Event Type: Error
>> Event Source: CertSvc
>> Event Category: None
>> Event ID: 100
>> Date: 2004-08-10
>> Time: 10:11:54
>> User: N/A
>> Computer: EDUSRV01
>> Description:
>> Certificate Services did not start: Could not load or
>> verify the current CA certificate. EDU Issuing CA 1
The
>> revocation function was unable to check revocation
>> because the revocation server was offline. 0x80092013
(-
>> 2146885613).
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>> ---
>>
>> Event Type: Warning
>> Event Source: CertSvc
>> Event Category: None
>> Event ID: 48
>> Date: 2004-08-10
>> Time: 10:11:54
>> User: N/A
>> Computer: EDUSRV01
>> Description:
>> Revocation status for a certificate in the chain for CA
>> certificate 0 for EDU Issuing CA 1 could not be
verified
>> because a server is currently unavailable. The
>> revocation function was unable to check revocation
>> because the revocation server was offline. 0x80092013
(-
>> 2146885613).
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>> ---
>>
>> Event Type: Error
>> Event Source: Service Control Manager
>> Event Category: None
>> Event ID: 7024
>> Date: 2004-08-10
>> Time: 10:11:55
>> User: N/A
>> Computer: EDUSRV01
>> Description:
>> The Certificate Services service terminated with
service-
>> specific error 2148081683 (0x80092013).
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>> ---
>>
>> I found an KB that apply to 2000 server with SP4 but
>> nothing on Server 2003.
>>
>> How can I get the Certificate server to function
>> propperly?
>
>
>.
>

Your issuing CA can't reach CRL list of your RootCA.

On your Root CA open Certificate Snap-In. Right click on name of your RootCA
and click View certificate. Under details look for CRL Distribution point
and in the details windows look for the path where revocation list should
be. It should look something like this:

*************************************************
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://crl.microsoft.com/pki/mscorp/crl/mswww1.crl
URL=http://corppki/crl/mswww1.crl
*************************************************

Check if you can reach paths from your subordinate CA and if CRL is valid
(has not expired)

Mike

<(E-Mail Removed)> wrote in message
news:35d801c47ecc$77e21570$(E-Mail Removed)...
> How do I verify this?
>
> The problem occurs on the Issuing CA (Enterprise Sub-
> ordinary), I allso have a Root CA.
>
> Whitch one is the "Revocation Server"?
>
> /Jon
>
> >-----Original Message-----
> >Hi Jon,
> >
> >do you have two or more tire CA server setup?
> >
> >It looks to me that CA service that you are trying to
> start is having
> >problem finding CRL list from one of it's parent CA
> servers. Check that all
> >CRL lists are available, valid and accessible from CA
> that you are trying to
> >start. Check that your server trusts all parent CAs.
> >
> >I hope this helps,
> >
> >Mike
> >
> >"Jon" <(E-Mail Removed)> wrote in
> message
> >news:33f501c47eb3$5bc2df00$(E-Mail Removed)...
> >> Hi.
> >>
> >> I get an error message from the Certsvc when I try to
> >> start it:
> >>
> >> "The revocation function was unable to check revocation
> >> because the revocation server was offline."
> >>
> >> And I get these in eventlog:
> >>
> >> ---
> >> Event Type: Error
> >> Event Source: CertSvc
> >> Event Category: None
> >> Event ID: 100
> >> Date: 2004-08-10
> >> Time: 10:11:54
> >> User: N/A
> >> Computer: EDUSRV01
> >> Description:
> >> Certificate Services did not start: Could not load or
> >> verify the current CA certificate. EDU Issuing CA 1
> The
> >> revocation function was unable to check revocation
> >> because the revocation server was offline. 0x80092013
> (-
> >> 2146885613).
> >>
> >> For more information, see Help and Support Center at
> >> http://go.microsoft.com/fwlink/events.asp.
> >>
> >> ---
> >>
> >> Event Type: Warning
> >> Event Source: CertSvc
> >> Event Category: None
> >> Event ID: 48
> >> Date: 2004-08-10
> >> Time: 10:11:54
> >> User: N/A
> >> Computer: EDUSRV01
> >> Description:
> >> Revocation status for a certificate in the chain for CA
> >> certificate 0 for EDU Issuing CA 1 could not be
> verified
> >> because a server is currently unavailable. The
> >> revocation function was unable to check revocation
> >> because the revocation server was offline. 0x80092013
> (-
> >> 2146885613).
> >>
> >> For more information, see Help and Support Center at
> >> http://go.microsoft.com/fwlink/events.asp.
> >>
> >> ---
> >>
> >> Event Type: Error
> >> Event Source: Service Control Manager
> >> Event Category: None
> >> Event ID: 7024
> >> Date: 2004-08-10
> >> Time: 10:11:55
> >> User: N/A
> >> Computer: EDUSRV01
> >> Description:
> >> The Certificate Services service terminated with
> service-
> >> specific error 2148081683 (0x80092013).
> >>
> >> For more information, see Help and Support Center at
> >> http://go.microsoft.com/fwlink/events.asp.
> >>
> >> ---
> >>
> >> I found an KB that apply to 2000 server with SP4 but
> >> nothing on Server 2003.
> >>
> >> How can I get the Certificate server to function
> >> propperly?
> >
> >
> >.
> >