Sysadmins LV
Vadims Podāns
Vadims Podāns
  • I work at
PKI Solutions
Microsoft Most Valuable Professional: Windows PowerShell
Protected by Copyscape DMCA Takedown Notice Search Tool
  • Home
  • Main blog
  • You receive ‘The handle is invalid. 0x80070006 (WIN32: 6)’ when dumping CA database

You receive ‘The handle is invalid. 0x80070006 (WIN32: 6)’ when dumping CA database

SYPTOMS

Consider the following scenario: you are dumping CA database by using certutil, PowerShell or any other tool that utilizes ICertView2 interface and at some point you receive the following error

Certutil:

  • CertUtil: -view command FAILED: 0x80070006 (WIN32: 6)
CertUtil: The handle is invalid.

PowerShell (when using ICertView interface):

  • CEnumCERTVIEWROW::Next: The handle is invalid. 0x80070006 (WIN32: 6)

CAUSE

This error can be caused because of handle expiration. There are two functions that control database access handle validity:

1) When the connection is opened by calling ICertView2::OpenConnection the next action must be taken within a ViewIdleMinutes period. If no action (OpenView method call) is taken within this period, the handle is released. By default, ViewIdleMinutes is 8 minutes.

2) When ICertView::OpenView method is called, the handle is valid for the period specified in the ViewAgeMinutes. If the CA database dump operation exceeds this parameter, the handle is forcedly released and the error is returned. By default, ViewAgeMinutes is 16 minutes.

STATUS

This is by design.

SOLUTION

If there is a need to extend handle validity for large output, you can increase ViewAgeMinutes property by modifying CA configuration:

  1. Log on to CA server with local administrator permissions;
  2. Open elevated command prompt;
  3. type the following commands in the command prompt: 
    certutil –setreg CA\ViewAgeMinutes X
    where X – is a number that represents handle validity in minutes.
  4. Restart certificate services.

WORKAROUND

No workaround is available.

APPLIES TO

  • Active Directory Certificate Services (all versions)
Share this article:

Comments:

T?ki
T?ki 07.04.2014 20:57 (GMT+3) You receive ‘The handle is invalid. 0x80070006 (WIN32: 6)’ when dumping CA database

Hi, thank you for this! I just got this error last week. ... I was trying to export a dump from a huge database through mmc (with Export list) and got this error. The error message was put in the csv file. Really useful!!! Thanks! Peter

Jim Hark
Jim Hark 10.12.2019 22:03 (GMT+3) You receive ‘The handle is invalid. 0x80070006 (WIN32: 6)’ when dumping CA database

This site has been so helpful. I'm glad I can share a workaround for this issue.

Setting ViewAgeMinutes is nice if you can do it, but if you can't there IS a wordaround. Add code to check for the invalid handle error. To resume your query you'll need to recreate the connection. For me, in PowerShell, after detecting the error, I do this:

   

 

    $CA = 'MyCaServer\MyCaName'
    $CVRC_COLUMN_SCHEMA = 0

    $CaView = New-Object -Com CertificateAuthority.View
    $CaView.OpenConnection($CA)

    # this selects all columns. You should select just the ones you need.
    $colCount = $CaView.GetColumnCount($CVRC_COLUMN_SCHEMA)
    $CaView.SetResultColumnCount($colCount)
    (0..($colCount-1)) | ForEach {$CAView.SetResultColumn($_)}

    # Additional View configuration code goes here (SetRestriction, etc.)

    $viewRow = $CAView.OpenView()
    $viewRow.Skip($rowCount)

The key is using the view's Skip method to pick up where you left off. You'll need to track the number of rows you've read. There are some limitations, for example if you're sorting your results to put most recient first then this will not work if the CA database is being updated.

Post your comment:

Please, solve this little equation and enter result below. Captcha