none
Certutil returns 0x8007007e (WIN32/HTTP: 126 ERROR_MOD_NOT_FOUND)

    שאלה

  • Having weird problem on one issuing ca, when I run certutil on that server, it everytime returns 0x8007007e (WIN32/HTTP: 126 ERROR_MOD_NOT_FOUND): certadm.dll and same for certenroll.dll

    Any ideas what's causing this?

    יום רביעי 29 אוקטובר 2014 07:42

תשובות

  • Solved for my case!

    Once I deleted the registry key "debug" with value 0xffffffff that is located in CA configuration in below path, I do not receive any more these errors in output: hklm/system/currentcontrolset/services/certsvc/configuration/ca server name

    • הוצע כתשובה על-ידי AhmadJY יום שני 20 מרץ 2017 08:03
    • סומן כתשובה על-ידי Narcoticoo יום שלישי 21 מרץ 2017 14:25
    יום שני 20 מרץ 2017 08:03

כל התגובות

  • Hi,

    Would you please tell us are there any related error messages in the Event Logs of the problematic CA?

    If there are, please post them out for further analyzing.

    Best Regards,

    Amy

    יום חמישי 30 אוקטובר 2014 05:33
    מנחה דיון
  • There aren't any errors in the event log. This only happens when certutil.exe is used, for example if I try to run certutil.exe -dump, it outputs everything but the error described above is shown. This doesn't happen on other CAs in the environment.

    יום חמישי 30 אוקטובר 2014 16:41
  • Hi,

    Looks like there is something wrong with the Certutil.exe, please try to replace it with a version from a healthy machine. The Certutil.exe is under System32 folder.

    Best Regards,

    Amy

    יום שישי 31 אוקטובר 2014 02:13
    מנחה דיון
  • The certutil.exe is exactly the same on a working machine, so the problem isn't there...  also certadm.dll and certenroll.dl are exactly the same on a working machine.

    שבת 01 נובמבר 2014 08:23
  • Hi Narcoticoo,

    The issue should be caused by the server missing some certificate service dll and exe files. You need to capture the Process Monitor to find which dll or exe files are missing:

    1) Logon as domain admin and download Process Monitor from the following link:
        URL: < http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx>
    2) Extract the ZIP file on the server, restart the computer and then run Processmon.exe
    3) While Process Monitor is running, click the microscope icon in the toolbar to stop the capture (CTRL+E) and clear the initial logs (CTRL+X). (Don’t close it)

    Note: Turn off any network access (including Internet Explorer access, network share access, etc) and turn off 3rd party applications (as many as possible

    Capture:
     
    a. In Process Monitor window, create a path filter "c:\Windows\system32"


    b. Start the capture (CTRL+E).
     
    c. Reproduce the issue.
     
    d. When the error appears, (in Process Monitor) please stop the capture (CTRL+E), Save (File -> Save ) the Process Monitor log.

    Then you can find which files that are missing, copy the missing files from other working server.

    Thanks.


    • נערך על-ידי Bryan Yu-MSFT יום רביעי 12 נובמבר 2014 02:33 1
    • סומן כתשובה על-ידי Bennie ChenModerator יום חמישי 04 דצמבר 2014 09:28
    • סימון כתשובה בוטל על-ידי Narcoticoo יום חמישי 02 אפריל 2015 11:12
    יום רביעי 12 נובמבר 2014 02:32
  • Any updates?
    יום חמישי 20 נובמבר 2014 05:04
  • Nope. I tried looking at procmon already before you suggested it, I didn't find anything missing at that point. I have to check it again.

    The CA itself is working just fine, it's just the certutil tool that has the hickups.

    יום חמישי 20 נובמבר 2014 18:03
  • Hi , have the issue resoved? If not, please try to change the filter to "contains" and check if it helps.

    יום חמישי 27 נובמבר 2014 11:36
  • This is still not resolved. I've followed this guide https://technet.microsoft.com/fi-fi/library/hh824869.aspx?f=255&MSPPError=-2147217396, but still the issue persists... As noted before, procmon does not provide any useful information while running certutil.exe


    • נערך על-ידי Narcoticoo שבת 18 אפריל 2015 05:04
    שבת 18 אפריל 2015 05:03
  • This is still not resolved. I've followed this guide https://technet.microsoft.com/fi-fi/library/hh824869.aspx?f=255&MSPPError=-2147217396, but still the issue persists... As noted before, procmon does not provide any useful information while running certutil.exe


    Hi,

    I have the same issue, may I know how did you solve it?

    יום שלישי 07 מרץ 2017 06:05
  • This is still not resolved. I've followed this guide https://technet.microsoft.com/fi-fi/library/hh824869.aspx?f=255&MSPPError=-2147217396, but still the issue persists... As noted before, procmon does not provide any useful information while running certutil.exe


    Hi,

    I have the same issue, may I know how did you solve it?


    Like said, still not solved...
    יום שלישי 07 מרץ 2017 08:21
  • We think that this issue that we have on our Windows 2012 R2 Sub CA is OS issue not PKI issue, that is because if we run the same commands from a Windows 10 machine against the PKI server, we do not receive this error. We are thinking of migrating the CA (backup and restore) on a new Windows 2012 R2 member server and see the results.
    יום שישי 17 מרץ 2017 07:29
  • Hi,

    I restored the CA database and private key to new Windows 2012 R2 server and it is working, but once I imported the registry (The one I backed up from the original PKI server on which we have the issue) I experience the same issue; so it seems there is some issue on the registry for the SUB CA.

    My plan now is to restore again the PKI database and the private key on a new server then before importing the registry, I will compare between registry settings related to PKI in the original server with this new server and see what is different....

    יום שני 20 מרץ 2017 07:27
  • Solved for my case!

    Once I deleted the registry key "debug" with value 0xffffffff that is located in CA configuration in below path, I do not receive any more these errors in output: hklm/system/currentcontrolset/services/certsvc/configuration/ca server name

    • הוצע כתשובה על-ידי AhmadJY יום שני 20 מרץ 2017 08:03
    • סומן כתשובה על-ידי Narcoticoo יום שלישי 21 מרץ 2017 14:25
    יום שני 20 מרץ 2017 08:03
  • Solved for my case!

    Once I deleted the registry key "debug" with value 0xffffffff that is located in CA configuration in below path, I do not receive any more these errors in output: hklm/system/currentcontrolset/services/certsvc/configuration/ca server name


    I'll test this tomorrow, thanks!
    יום שני 20 מרץ 2017 16:38
  • I can confirm, this worked! Thanks AhmadJY!

    יום שלישי 21 מרץ 2017 14:25
  • I do NOT have "debug" key on CA, so I can not remove it (hence not a solution to me)

    I get this error on Win 10 1803 17134.48 clients only with CA on Server 2012 R2

    All other 1607 clients work fine! (hence it is not CA issue)


    • נערך על-ידי scerazy יום שישי 18 מאי 2018 09:01
    יום שישי 18 מאי 2018 07:58
  • Same error from Powershell (as per last post in this thread)
    Get-Certificate -Template "Remote Desktop Authentication" -DnsName testdns.domain.com -url 'https:/<CAserver>/ADPolicyProvider_CEP_Kerbos/service.svc/CEP' -CertStoreLocation cert:\localmachine\my
    Get-Certificate : CX509EnrollmentPolicyWebService::LoadPolicy: The specified module could not be found. 0x8007007e
    (WIN32/HTTP: 126 ERROR_MOD_NOT_FOUND)
    At line:1 char:1
    + Get-Certificate -Template "Remote Desktop Authentication" -DnsName se ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Get-Certificate], Exception
        + FullyQualifiedErrorId : System.Exception,Microsoft.CertificateServices.Commands.GetCertificateCommand


    • נערך על-ידי scerazy יום שישי 18 מאי 2018 08:59
    יום שישי 18 מאי 2018 08:54