none
error Archiving Private Key

    Question

  • hey  there

    usually i handle with those problems very well

    but this is a little complicated , yesterday I tried to request new certificate on my ca and got the failed message error :

    error Archiving Private Key, the certificate authority is not configure for key archival.

    but the certificate template is configure for that:

    Archive subject's encryption private key on pick on

    i also restart the service and try again , no success

    And another thing, my recovery agents configured also to Archive KEY: Archive the key pick on

    your assistance please

    thanks

    Sunday, August 24, 2014 11:50 AM

Answers

  • Hey Evgene

    Thanks for posting

    That problem related to Enormous CA Database:

    1. Looking for the Request ID that include The disposition message,

    2.It must be deleted ,manually from CA DB:

    Run the command:      

    Certutil -deleterow month/day/year Request

    Filled with the exactly date of the Request ID

    3.We need to backup the Ca DB :

    Certutil -backupDB backupDirectory

    After that stop an run the ca service

    Also run that command for ca authority start working:

    Esentutl /d Path\CaDatabase.edb

    Notice after changes.

    And be very careful !


    I'd be glad to answer any question

    • Marked as answer by Evgene Hooler Sunday, August 24, 2014 12:16 PM
    Sunday, August 24, 2014 12:00 PM

All replies

  • Are there any certificates under Key Recovery Agents tab? Are they valid? Does KRA count number matches actual KRA certificate count?

    My weblog: en-us.sysadmins.lv
    PowerShell PKI Module: pspki.codeplex.com
    PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
    Check out new: SSL Certificate Verifier
    Check out new: PowerShell FCIV tool.

    Sunday, August 24, 2014 11:59 AM
  • Hey Evgene

    Thanks for posting

    That problem related to Enormous CA Database:

    1. Looking for the Request ID that include The disposition message,

    2.It must be deleted ,manually from CA DB:

    Run the command:      

    Certutil -deleterow month/day/year Request

    Filled with the exactly date of the Request ID

    3.We need to backup the Ca DB :

    Certutil -backupDB backupDirectory

    After that stop an run the ca service

    Also run that command for ca authority start working:

    Esentutl /d Path\CaDatabase.edb

    Notice after changes.

    And be very careful !


    I'd be glad to answer any question

    • Marked as answer by Evgene Hooler Sunday, August 24, 2014 12:16 PM
    Sunday, August 24, 2014 12:00 PM
  • hey vadim

    there was one certificate but not vaild

    i followed what shuki's wrote below,

    and something was real stuck in my ca db

    after restart the service - the new requests  magically works without no failures  

    i am really appreciate that too

    thanks everyone!


    Sunday, August 24, 2014 12:16 PM