Cert Authority DB is Damaged

[Guest]

I have an AD integrated subordinate Certificate Authority. As of recently,
the service won't run at startup and when I try to start the CA manually, I
get the error message "The database is damaged".
I don't have a System State backup for the server and I haven't backed up
the CA separately.
Is there some way to repair or otherwise get back the CA DB?

Thanks.

 

[David Cross [MS]]

Unfortunately since you do not have a backup, there may be little you can do
to recover. this is a rare instance - I have only heard of 1 or 2 cases of a
damaged database iin 5+ years. You may be able to try running eseutil.exe
which is typically found with exchange server installations.

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.


Top Whitepapers:

Auto-enrollment whitepaper:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx

Best Practices for implementing Windows Server 2003 PKI:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx

Troubleshooting Certificate Status and Revocation whitepaper:
http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx

Windows Server 2003 web enrollment and troubleshooting guide:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx

 

[Guest]

Well, eseutil did something. I now get a different error message (EDB: -1209).
I used the /p switch, which is to repair. I am guessing that the utility
expects it to be an Exchange DB.

There were probably only about 20 certificates issued by the server, so it
won't be a huge amount of work to replace them.
It is a bit of a catch 22 though, because the only way I know of tracking
down the computers and users who were issued certificates is by looking at
the database of the Cert Server.
Unless there's someplace else to look?

Thanks.

Unfortunately since you do not have a backup, there may be little you can do
to recover. this is a rare instance - I have only heard of 1 or 2 cases of a
damaged database iin 5+ years. You may be able to try running eseutil.exe
which is typically found with exchange server installations.

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.


Top Whitepapers:

Auto-enrollment whitepaper:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx

Best Practices for implementing Windows Server 2003 PKI:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx

Troubleshooting Certificate Status and Revocation whitepaper:
http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx

Windows Server 2003 web enrollment and troubleshooting guide:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx

I have an AD integrated subordinate Certificate Authority. As of recently,
the service won't run at startup and when I try to start the CA manually,
I
get the error message "The database is damaged".
I don't have a System State backup for the server and I haven't backed up
the CA separately.
Is there some way to repair or otherwise get back the CA DB?

Thanks.