Sysadmins LV
Vadims Podāns
Vadims Podāns
  • I work at
PKI Solutions
Microsoft Most Valuable Professional: Windows PowerShell
Protected by Copyscape DMCA Takedown Notice Search Tool

Historical Content Alert

This is a historical content for Windows NT 4.0 product and is presented for informative purposes only. All content in this directory is copyrighted and owned by Microsoft.

Troubleshooting Server Issues

This topic explains how to solve issues that arise when running Microsoft® Certificate Server.

Server Diagnostics Mode

This version of Microsoft® Certificate Server can be run in a special diagnostics mode as a stand-alone application that displays server activities. To run in diagnostics mode, open a Command Prompt window and use the following command syntax:

certsrv -z

Notes The Certificate Authority service should be stopped before attempting to run the server in the diagnostics mode.

If you attempt to run the server from a Command Prompt window without the -z option, there will be a delay and then the server will run in diagnostics mode as if the -z option had been used.

Do not run multiple copies of CertSrv simultaneously.

When CertSrv is running in the diagnostics mode it displays a log of its actions in the console window. The diagnostic output can also be redirected to an output device other than console. For example, to redirect output to a file, use the following syntax:

certsrv -z > diagnose.txt

To terminate the server when it is running in diagnostics mode, follow these steps
  1. Make sure the server console window includes the keyboard focus (click the console window if unsure).

  2. Press CTRL+C or click the Command Prompt window's Close box.

Alternatively, you can terminate the server when it is running in diagnostics mode using Task Manager. It will also terminate automatically when the administrator logs off the system.

Symptoms, Causes, and Remedies

Symptom: The server fails to start and issues the error diagnostic "DBInitRequestQueue - failed to connect to data source."

Cause and Remedy: A possible cause is that the ODBC driver setup has not been completed correctly. The Access (.mdb) ODBC driver must be installed and the CertSrv data source added for that driver.

Symptom: The following error appears when attempting to start the Certificate Server: "Microsoft OLE DB Provider for ODBC Drivers error '80004005' . [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified (file name and line number appear here)."

Cause and Remedy: A possible cause is related to Internet Information Server (IIS) and Certificate Server interaction. In Internet Services Manager, stop the World Wide Web Service and restart it. Then restart Certificate Server.

Symptom: After a certificate request is submitted, a certificate is not issued as expected and CertReq returns the following diagnostic: "Certificate not issued: ICertRequest::Submit failed."

Cause and Remedy: A possible cause is that the server is not running at the time the request is submitted. If the server is supposed to be running as a service, use the Services applet in the Control Panel to see whether the Certificate Authority service is currently running, and start the service if it is not running. Or if the server is supposed to be running as an application, use the Task Manager to see whether the server is currently running, and start the server application if it is not running. For more information on starting the server application, see Running Certificate Server.

Symptom: After a certificate request is submitted, a certificate is not issued as expected and CertReq.exe stops responding or CertSrv.exe issues an error diagnostic.

Cause and Remedy: A possible cause is that a policy module has been registered, but is now missing or does not match the GUID in the system registry. Certsrv.exe uses the registry to determine if a class named CertificateAuthority.Policy exists in the root of HKEY_CLASSES_ROOT. Delete this key or to eliminate the policy module registration by running the following from the command prompt:

RegSvr32 /u certpdef.dll

Then register a new policy module:

RegSvr32 policy.dll

Symptom: After a certificate request is submitted, CertReq.exe stops responding and a certificate is not issued as expected.

Cause and Remedy: A possible cause is that a policy module that provides a user interface, such as the policyvb.dll sample, is attempting to run while the Certificate Authority service is running on a log on account other than the system account. This will cause CertReq.exe to stop responding because it is waiting for the policy module to interact with the Microsoft Windows® desktop (but that can only work correctly when running under the system account). The Certificate Authority service can only run under the user account on which Microsoft Certificate Server was installed, and cannot run on the system account. This means that policy modules such as policyvb.dll that provide a user interface can only be used with CertSrv.exe running in the diagnostics mode using the -z option.

Share this article: