Certificate Enrollment Control has stopped working on localhost AD CA server?


I'm having strange issue with my current AD CA server, when I try to generate a certificate by using the url https://localhost/certsrv/certrqma.asp I got the following error eventhough I did the following steps:

  1. Login to the server using DOMAIN\Administrator credentials
  2. Turn Off DEP by using the following command: bcdedit /set {current} nx AlwaysOff

OS: Windows Server 2008 SP2 standard 32 bit

the Error pop up message:

[Window Title]
Microsoft Windows

[Main Instruction]
Certificate Enrollment Control has stopped working

A problem caused the program to stop working correctly. Please close the program.

[Close the program]

Here's the Error pop up message:

Message from webpage
An unexpected error (0x000001CE) occurred while getting the CSP list.

Here's the Error log:

    Log Name:      Application
    Source:        Application Error
    Date:          6/02/2012 3:29:54 PM
    Event ID:      1000
    Task Category: (100)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      ADCASrv01-VM.domain.com
    Faulting application CertEnrollCtrl.exe, version 6.0.6001.18000, time stamp 0x47918d6d, faulting module scksp.dll_unloaded, version, time stamp 0x49e037f2, exception code 0xc0000005, fault offset 0x6ef33b1d, process id 0x3490, application start time 0x01cce487f9651aea.

Any help and guidance will be greatly appreciated.




1 Answer


CertEnrollCtrl.exe is a client-side ActiveX control used to enroll certificates, and it looks like it's crashing for you. (That's why you're seeing DEP error messages-- the program is failing and a thread of execution is heading off into non-executable memory. Disabling DEP isn't going to help because the root cause is a failure and, ultimately, a bug in the program's exception handling.)

I'd try accessing the web management interface from a remote computer to see if the control crashes in the same manner. I'm betting it will not. That doesn't tell you why it's crashing when execute server-side, but debugging that failure is well beyond the scope of Server Fault. There is a hotfix version of the certificate enrollment control that might be worth checking out.

You can rule out the certificate authority itself by using the MMC to enroll a certificate. Assuming that works the failure is likely isolated to the certificate enrollment control.

answered on Server Fault Feb 6, 2012 by Evan Anderson

User contributions licensed under CC BY-SA 3.0