none
Unable to configure or remove the AD CS role. RRS feed

  • Question

  • Hello everyone,

    yesterday I added the Active Directory Certificate Services (AD CS) role to one of my servers, however, when I tried to configure the settings I was greeted by an Error. "Value does not fall within the expected range."

    This resulted in me being unable to continue with the configuration. I then proceeded to install the latest updates and restarting the server. The configuration would still just show the error and stay unusable.

    I then tried if I could just remove the role and add it again, however, I was greeted with the same error when trying to remove the role.

    I then went to see if I could just configure the AD CS manually without the wizard, but after starting the Certification Authority tool via the Server Manager I was greeted with a new Error. "Cannot manage Active Directory Certificate Services. The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)".

    After looking around the web I could find some people fighting this error code, but none of them had a problem similar to mine.

    My question is now, if there is a way to "forcefully" remove the role to reapply it again or if there is a way to "repair" the role so it would be configurable again.

    Thanks in advance.

    Saturday, July 13, 2019 11:11 AM

Answers

  • Hello again,

    thank you all for your patience. I've been busy for the last few days.

    I could not get the system back to normal using DISM. However, I got my hands on a Windows server 2019 version so I decided to upgrade the server in question to a clean Windows Server 2019 install (was Windows Server 2016 latest patch) and set everything up from scratch.

    You can consider this request as solved, even though this is just a (bad) workaround, as I will not be able to post any updates on the Windows Server 2016 related problem.

    Thank you anyway,

    Best Regards,

    Jonas

    • Marked as answer by JonasEb Friday, July 19, 2019 8:24 PM
    Friday, July 19, 2019 8:24 PM

All replies

  • Hello,
    Thank you for posting in our TechNet forum.

    1. What is the operating system version of our server?

    2. Is the server we installed just now?
    Or what role did this server play before?


    Meanwhile, we can repair the system with the following commands. Open CMD, run as Administrator and type the following commands:

    sfc scannow
    dism /online /cleanup-image /scanhealth
    dism /online /cleanup-image /checkhealth
    dism /online /cleanup-image /restorehealth
    Then we can try to configure the ADCS.




    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 15, 2019 3:17 AM
    Moderator
  • Check out links below might help: 

    http://clintboessen.blogspot.com/2013/11/cannot-manage-active-directory.html

    https://www.dtonias.com/cannot-manage-active-directory-certificate-services-0x424-error/


    Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Monday, July 15, 2019 7:04 AM
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?

    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, July 17, 2019 7:36 AM
    Moderator
  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.
    Thanks for your time and have a nice day!




    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 19, 2019 10:28 AM
    Moderator
  • Hello again,

    thank you all for your patience. I've been busy for the last few days.

    I could not get the system back to normal using DISM. However, I got my hands on a Windows server 2019 version so I decided to upgrade the server in question to a clean Windows Server 2019 install (was Windows Server 2016 latest patch) and set everything up from scratch.

    You can consider this request as solved, even though this is just a (bad) workaround, as I will not be able to post any updates on the Windows Server 2016 related problem.

    Thank you anyway,

    Best Regards,

    Jonas

    • Marked as answer by JonasEb Friday, July 19, 2019 8:24 PM
    Friday, July 19, 2019 8:24 PM