Click here to get back home

Certificate Authority service fails to start due to corrupt log fi
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Certificate Authority service fails to start due to corrupt log fi Chris Martin 04-22-2008
Posted by Chris Martin on April 22, 2008, 10:00 pm
Please log in for more thread options
 We have a two layer CA system, a root CA and a group of subordinate CAs the
answer for various types of certificates.

The root CA service currently fails to start saying there is a corrupt log
file. I have run esentutl on the database (minor inconsistencies fixed) and
the log file (doesn't recover the log file, saying that it's corrupt:

"C:\WINDOWS\system32\CertLog>esentutl /r edb

Microsoft(R) Windows(R) Database Utilities
Version 5.2
Copyright (C) Microsoft Corporation. All Rights Reserved.

Initiating RECOVERY mode...
Logfile base name: edb
Log files: <current directory>
System files: <current directory>

Performing soft recovery...

Operation terminated with error -501 (JET_errLogFileCorrupt, Log file is
corrupt
) after 0.219 seconds."

This server hasn't issued a new cert in months, is there a way to delete or
clean the log file? If I just move or rename the log file the CA service
can't start because it's missing. Is there a way to get around this?

Regards,

Chris Martin
SysAdmin
Medfin

Posted by Paul Adare on April 23, 2008, 5:07 am
Please log in for more thread options
 On Tue, 22 Apr 2008 19:00:00 -0700, Chris Martin wrote:

> This server hasn't issued a new cert in months, is there a way to delete or
> clean the log file? If I just move or rename the log file the CA service
> can't start because it's missing. Is there a way to get around this?

Surely you have a backup of your root CA? Looks like you're going to have
to restore from backup. Failing that, if you have access to the root CA
certificate and private key you can rebuild the CA using all of the same
information you used initially and use the existing CA key and certificate.
If you can't do either of the above then I'd suggest that you open a case
with Microsoft Support.

--
Paul Adare
http://www.identit.ca
Modem: A contraction. As in "Give me some modem cookies."

Similar ThreadsPosted
RPC Security Service fails to start on Windows 2003 Server July 12, 2007, 6:11 am
'NT Authority\Network Service' Account July 26, 2005, 4:03 am
The privilege to start a Windows service June 13, 2006, 6:37 am
allow start/stop a specific service through GPO November 14, 2006, 8:37 am
set service start permissions to Administrator only August 17, 2007, 6:13 pm
Create Certificate Request for Windows2003 certificate authority without using website March 22, 2006, 8:07 am
Setting Permission to user to start a service October 19, 2006, 4:11 am
start/stop service as user from task scheduler April 3, 2006, 11:25 am
KDC service hangs on start + cert error in event log at every boot March 30, 2007, 2:58 am
Re: Previous post should say Grant user right to remotely start stop Service - can anybody help? March 10, 2006, 1:04 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap