Retired Microsoft Blog disclaimer
This directory is a mirror of retired "Windows PKI Team" TechNet blog and is provided as is. All posting authorship and copyrights belong to respective authors.
Original URL:
Post name: Request File Can’t be Located during CA Certificate Renewal
Original author: Amerk [MSFT]
Posting date: 2012-05-29T14:39:21+00:00

During my work with a customer renewing their Issuing CA’s certificate based on the steps documented in this article, I discovered that the Request file generated couldn’t be located in the default location of %systemDrive% . The Issuing CA didn’t log any errors in the Event Log, nor did it post any error messages. I also searched for all files with the extension *.req on all drives, and still couldn’t find the file.

After some more research, I discovered that my customer changed the default location of the RequestFileName Registry Key during their installation to a drive that no longer exists on the CA. The location configured was a:\%1_%3%4.req. I followed these steps to fix this issue:

  1. Start the Registry Editor
  2. Navigate to HKLM\System\CurrentControlSet\Services\Certsvc\Configuration\<CASanitizedName>
  3. Locate the Registry String RequestFileName
  4. Change the value from a:\%1_%3%4.req to C:\%1_%3%4.req
  5. Stop and Start the Certification Active Directory Certificate Services service

I was then able to create the Request File and submit it to the Offline Root CA to process it.


Share this article:


Comments are closed.