Announcement

Collapse
No announcement yet.

Active Directory Certificate Services - Crash on Install

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Certificate Services - Crash on Install

    Hi All,
    I have scoured the Googles looking for an answer to my issue but I have turned up with no solution, hence I am turning to you all for help.
    I am attempting to install Active Directory Certificate Services on one of our Domain Controllers, but to no avail.

    The server is Windows 2008 R2 with SP1.

    Currently the Active Directory Domain Services role is installed, along with File Services, DNS Server and Web Server (IIS)

    Here is where I am stuck:

    Going into the Server Manager and clicking on Add Roles I then click on the checkbox for Active Directory Certificate Services, immediately MMC crashes with the following information.

    Description:
    Stopped working

    Problem signature:
    Problem Event Name: CLR20r3
    Problem Signature 01: mmc.exe
    Problem Signature 02: 6.1.7600.16385
    Problem Signature 03: 4a5bc808
    Problem Signature 04: mscorlib
    Problem Signature 05: 2.0.0.0
    Problem Signature 06: 53a1233d
    Problem Signature 07: 4227
    Problem Signature 08: a9
    Problem Signature 09: System.AccessViolationException
    OS Version: 6.1.7601.2.1.0.272.7
    Locale ID: 1033

    Read our privacy statement online:
    http://go.microsoft.com/fwlink/?link...8&clcid=0x0409

    If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt

    Here is one other user I found that apparently is experiencing the same issue, but unfortunately no one answered their question.
    http://www.edugeek.net/forums/window...cate-role.html

    Here is what I have tried so far:
    I tried running the install from the command line using DISM to install the certificate services.
    The command states that it has completed successfully, but the role is not installed.
    I have even rebooted and it does not appear.

    DISM Instructions: https://technet.microsoft.com/en-us/...(v=ws.10).aspx

    I tried running a hotfix that was mentioned here:
    https://social.technet.microsoft.com...m=winservergen
    But it did not fix the issue.

    I tried running sfc /scannow which ran successfully but did not fix the issue.
    Its logs had the following issues but I havent been able to decode them in such a way to see if it would fix this issue.

    2017-02-27 13:14:14, Info CSI 00000330 [SR] Beginning Verify and Repair transaction
    2017-02-27 13:14:14, Info CSI 00000331 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845 bb1d97efda\utc.app.json do not match actual file [l:24{12}]"utc.app.json" :
    Found: {l:32 b:N0sTJYY9E+Swk3BEdDAvJvreUCGkSrZGJdNMAR+JdSM=} Expected: {l:32 b:6510UErwHGoFg3sRd3gzh3HSbTceuHem3Rnk0NraKS8=}
    2017-02-27 13:14:14, Info CSI 00000332 [SR] Cannot repair member file [l:24{12}]"utc.app.json" of Microsoft-Windows-Unified-Telemetry-Client, Version = 6.1.7601.18839, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-02-27 13:14:14, Info CSI 00000333 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845 bb1d97efda\telemetry.ASM-WindowsDefault.json do not match actual file [l:66{33}]"telemetry.ASM-WindowsDefault.json" :
    Found: {l:32 b:kVmUvsMJDu+krskUgUqAR2u/XKKA81bzLOPAmxtQF6g=} Expected: {l:32 b:EeQJzlVPvq9GNIcA2FEwrOjEeuDam1G+ol3x61gKasQ=}
    2017-02-27 13:14:14, Info CSI 00000334 [SR] Cannot repair member file [l:66{33}]"telemetry.ASM-WindowsDefault.json" of Microsoft-Windows-Unified-Telemetry-Client, Version = 6.1.7601.18839, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-02-27 13:14:14, Info CSI 00000335 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845 bb1d97efda\utc.app.json do not match actual file [l:24{12}]"utc.app.json" :
    Found: {l:32 b:N0sTJYY9E+Swk3BEdDAvJvreUCGkSrZGJdNMAR+JdSM=} Expected: {l:32 b:6510UErwHGoFg3sRd3gzh3HSbTceuHem3Rnk0NraKS8=}
    2017-02-27 13:14:14, Info CSI 00000336 [SR] Cannot repair member file [l:24{12}]"utc.app.json" of Microsoft-Windows-Unified-Telemetry-Client, Version = 6.1.7601.18839, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-02-27 13:14:14, Info CSI 00000337 [SR] This component was referenced by [l:162{81}]"Package_250_for_KB3022345~31bf3856ad364e35~amd64~ ~6.1.1.2.3022345-814_neutral_GDR"
    2017-02-27 13:14:14, Info CSI 00000338 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845 bb1d97efda\telemetry.ASM-WindowsDefault.json do not match actual file [l:66{33}]"telemetry.ASM-WindowsDefault.json" :
    Found: {l:32 b:kVmUvsMJDu+krskUgUqAR2u/XKKA81bzLOPAmxtQF6g=} Expected: {l:32 b:EeQJzlVPvq9GNIcA2FEwrOjEeuDam1G+ol3x61gKasQ=}
    2017-02-27 13:14:14, Info CSI 00000339 [SR] Cannot repair member file [l:66{33}]"telemetry.ASM-WindowsDefault.json" of Microsoft-Windows-Unified-Telemetry-Client, Version = 6.1.7601.18839, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-02-27 13:14:14, Info CSI 0000033a [SR] This component was referenced by [l:162{81}]"Package_250_for_KB3022345~31bf3856ad364e35~amd64~ ~6.1.1.2.3022345-814_neutral_GDR"
    2017-02-27 13:14:14, Info CSI 0000033b Hashes for file member \??\C:\ProgramData\Microsoft\Diagnosis\DownloadedS ettings\utc.app.json do not match actual file [l:24{12}]"utc.app.json" :
    Found: {l:32 b:N0sTJYY9E+Swk3BEdDAvJvreUCGkSrZGJdNMAR+JdSM=} Expected: {l:32 b:6510UErwHGoFg3sRd3gzh3HSbTceuHem3Rnk0NraKS8=}
    2017-02-27 13:14:14, Info CSI 0000033c Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845 bb1d97efda\utc.app.json do not match actual file [l:24{12}]"utc.app.json" :
    Found: {l:32 b:N0sTJYY9E+Swk3BEdDAvJvreUCGkSrZGJdNMAR+JdSM=} Expected: {l:32 b:6510UErwHGoFg3sRd3gzh3HSbTceuHem3Rnk0NraKS8=}
    2017-02-27 13:14:14, Info CSI 0000033d [SR] Could not reproject corrupted file [ml:520{260},l:114{57}]"\??\C:\ProgramData\Microsoft\Diagnosis\Downloaded Settings"\[l:24{12}]"utc.app.json"; source file in store is also corrupted
    2017-02-27 13:14:14, Info CSI 0000033e Hashes for file member \??\C:\ProgramData\Microsoft\Diagnosis\DownloadedS ettings\telemetry.ASM-WindowsDefault.json do not match actual file [l:66{33}]"telemetry.ASM-WindowsDefault.json" :
    Found: {l:32 b:kVmUvsMJDu+krskUgUqAR2u/XKKA81bzLOPAmxtQF6g=} Expected: {l:32 b:EeQJzlVPvq9GNIcA2FEwrOjEeuDam1G+ol3x61gKasQ=}
    2017-02-27 13:14:14, Info CSI 0000033f Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845 bb1d97efda\telemetry.ASM-WindowsDefault.json do not match actual file [l:66{33}]"telemetry.ASM-WindowsDefault.json" :
    Found: {l:32 b:kVmUvsMJDu+krskUgUqAR2u/XKKA81bzLOPAmxtQF6g=} Expected: {l:32 b:EeQJzlVPvq9GNIcA2FEwrOjEeuDam1G+ol3x61gKasQ=}
    2017-02-27 13:14:14, Info CSI 00000340 [SR] Could not reproject corrupted file [ml:520{260},l:114{57}]"\??\C:\ProgramData\Microsoft\Diagnosis\Downloaded Settings"\[l:66{33}]"telemetry.ASM-WindowsDefault.json"; source file in store is also corrupted


    I cannot at this time upgrade the DC to server 2012 or 2016.
    At this point I am at a loss. I do not want to have to reinstall our domain controller in order to get this to work, but I have run out of ideas on how to fix this issue.

    Thanks.

  • #2
    If it is an MMC issue, can you try adding the role using PowerShell?
    https://technet.microsoft.com/en-us/...or=-2147217396
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Scanning thru those logs, it looks like you've had some file corruptions which SFC says it can't fix (hash values don't match between expected and found). Either one or more updates went bad or something has corrupted the Windows source file store which is used for recovery. What kind of antivirus or anti-malware are you running? Have you tried turning those off and repeating the SFC or ADCS install again?
      *RicklesP*
      MSCA (2003/XP), Security+, CCNA

      ** Remember: credit where credit is due, and reputation points as appropriate **

      Comment

      Working...
      X