none
Standalone Root CA error upon submitting renew request from his SubCA RRS feed

  • Question

  • Hi,

    I have standalone root ca server 2008 Enterprise 32bit SP1 and SubCA Server 2008 R2 Standard 64bit SP2,

    When I submit renew CA Certificate request (same key) from SubCA in my root ca I get an error parameter is incorrect,

    The first and only request that was issued by root ca to SubCA  was in 2011, When I compare 2011 and 2019 renew ca requests I see only 1 difference - in 2011 SubCA  was SP1 and now its SP2 while root remains SP1,

    Can this be the reason for the error as root CA SP1 cannot accept renew CA Certificate request from a server that runs SP2? 

    Saturday, September 14, 2019 10:54 AM

Answers

  • Ok, you can close this case,

    Apparently the connection between the ROOT CA and his HSM wasn't established properly,

    Once I managed to solve that everything worked fine.

    • Marked as answer by Leon Limbaev Thursday, September 26, 2019 3:51 PM
    Thursday, September 26, 2019 3:51 PM

All replies

  • That would be very unusual. Are you sure you’ve got the name of the Root CA right?

    Evgenij Smirnov

    http://evgenij.smirnov.de

    Sunday, September 15, 2019 12:11 PM
  • Hello,
    Thank you for posting in our TechNet forum.

    To better understand our question, please congirm the following information:

    1. According to our description, do we mean we renew the sub CA certificate on sub CA server by right -clicking CA name->All Tasks->Renew CA Certificate?





    Or do we mean we renew the sub CA certificate on sub CA server by right -clicking CA name->All Tasks->Submit new request?





    2. What detailed error message do we receive?



    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 16, 2019 6:02 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 18, 2019 2:00 AM
    Moderator
  • Hi, Sorry for the late reply,

    I have 3 screen shots with the pictures but it won't let me attach it here.


    • Edited by Leon Limbaev Wednesday, September 18, 2019 7:32 AM
    Wednesday, September 18, 2019 6:35 AM
  • Hi,
    Maybe our account is the new account we just requested, and we don't have permission to upload screenshots. We can try to describe our problem in words.


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 19, 2019 6:19 AM
    Moderator
  • Ok,

    In the event viewer it says error id 53, Active Directory Certificate Services denied request 9 because The parameter is incorrect, 0X80090027 (-2146893785), Additional information: Error Constructing or Publishing Certificate.

    This standalone root CA already issued once certificate in 2011 and been offline since,

    Now when I generate request in SubCA to renew the 2011 certificate it gives me this error,

    When I compare the 2 requests the only difference is the SP of Windows Server SubCA that was in 2011 SP1 and now its SP2 while Root CA remains SP1.

    Sunday, September 22, 2019 10:56 AM
  • Hi,
    How do we renew SubCA certificate?

    On sub CA server by right -clicking CA name->All Tasks->Submit new request?

    On sub CA server by right -clicking CA name->All Tasks->Renew CA Certificate?

    Or other method such as command?


    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 24, 2019 9:26 AM
    Moderator
  • Exactly the way you described and showed in the pictures earlier in this post.

    Wednesday, September 25, 2019 6:48 AM
  • Hi,
    Do we use new public and private key pair?


    We can check if there is any error in PKIview.msc?


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 26, 2019 9:10 AM
    Moderator
  • Ok, you can close this case,

    Apparently the connection between the ROOT CA and his HSM wasn't established properly,

    Once I managed to solve that everything worked fine.

    • Marked as answer by Leon Limbaev Thursday, September 26, 2019 3:51 PM
    Thursday, September 26, 2019 3:51 PM
  • Hi,
    Thank you for your update and sharing.

    Have a nice day!



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 27, 2019 1:02 AM
    Moderator