Problem running Certutil -repairstore on the 2nd CA cluster node (Network Steve Forum)

Problem running Certutil -repairstore on the 2nd CA cluster node

Hi, Im installing a Win 2008 Certificate Services Cluster, using this instruction: http://technet2.microsoft.com/windowsserver2008/en/library/7b78577c-fbd5-4b28-8f44-d15c26dfcc111033.mspx?mfr=true Ive have installed the first node of the CA cluster, HMS from Utimaco is used.. However, I have a problem setting up the second node. The second node has a connection with the HSM, but when! run the commandcertutil -f -csp "Utimaco CryptoServer Key Storage Provider" -repairstore my "serial", it fails with the following error: C:\Windows\system32>certutil -f -csp "Utimaco CryptoServer Key Storage Provider" -repairstore my "{serial}" my ================ Certificate 0 ================ Serial Number: 19d320000000000000 Issuer: NotBefore: 5/26/2009 2:59 PM NotAfter: 5/25/2014 3:09 PM Subject: CN= CA Version: V0.0 Certificate Template Name (Certificate Type): SubCA Non-root Certificate Template: SubCA, Subordinate Certification Authority Cert Hash(sha1): de 93No key provider information Cannot find the certificate and private key for decryption. CertUtil: -repairstore command FAILED: 0x80092004 (-2146885628) CertUtil: Cannot find object or property. What could be wrong? danielu@avanade

May 26th, 2009 2:57pm

Daniel,please be sure, that both nodes using the same 'Group' when adding the device with the CSP configuration tool. Regards, Christian

Free Windows Admin Tool Kit Click here and download it now

May 27th, 2009 10:41am

Hi, This error indicates the second node cannot find or access the certificate. Please help to collect the following information for research. 1. How did you import the certificate to second node? 2. Could second node access shared disk? 3. Make sure network HSM is available to second node. Please let us know how you configured shared disk and network HSM. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

May 27th, 2009 12:02pm

Hi,This have been solved by using the same "group" name on the 2nd cluster node, as specfied on cluster node 1.This is set in control-panel, Utimaco CSP (CNG).Now it works to execute: certutil -f -csp "Utimaco CryptoServer Key Storage Provider" -repairstore my "serial"The shared disk and HSM has been available to the 2nd node from during this troubleshooting process.I would like to thank Christian Bollich @Utimaco for helping out :)danielu@avanade

Free Windows Admin Tool Kit Click here and download it now

May 27th, 2009 12:28pm

This topic is archived. No further replies will be accepted.