Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Certutil Tool Fails to Enumerate CA if Root CA Was Upgraded to Windows Server 2008 R2 from Windows Server 2003 with Shared Folder Option Enabled

Certutil Tool Fails to Enumerate CA if Root CA Was Upgraded to Windows Server 2008 R2 from Windows Server 2003 with Shared Folder Option Enabled

Symptoms

If a root Certification Authority (CA) running the 64-bit edition of Windows Server 2003 with the shared folder installation option is upgraded to Windows Server 2008 R2, the Certutil tool may fail to enumerate the CA information and instead displays the following output:

C:\>certutil

459.141.0:<2009/12/16, 9:30:39>: 0x54b (WIN32: 1355)
812.107.0:<2009/12/16, 9:30:39>: 0x54b (WIN32: 1355)
301.3521.0:<2009/12/16, 9:30:39>: 0xc0000005 (-1073741819): 0x0 @ 0x000007FEF9821D83
CertUtil: -dump command FAILED: 0xc0000005 (-1073741819)
410.7615.0:<2009/12/16, 9:30:39>: 0x80070002 (WIN32: 2): C:\Windows\system32\ntdsbmsg.dll
814.685.0:<2009/12/16, 9:30:39>: 0x80070002 (WIN32: 2): ntdsbmsg.dll
CertUtil: The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
301.3752.0:<2009/12/16, 9:30:39>: 0xc0000005 (-1073741819)
410.7615.0:<2009/12/16, 9:30:39>: 0x80070002 (WIN32: 2): C:\Windows\system32\ntdsbmsg.dll
814.685.0:<2009/12/16, 9:30:39>: 0x80070002 (WIN32: 2): ntdsbmsg.dll

 

↑ Back to the top

Cause

Due to a known issue, an uninitialized data structure is accessed which results in an access violation error.

The shared folder feature acts as a location where users can find information about certification authorities. This option is useful only if you are installing a stand-alone CA and do not have Active Directory. It is not a commonly used feature since the configuration information was able to be stored in Active Directory starting with Windows 2000.

↑ Back to the top

Resolution

You can delete the ConfigurationDirectory registry key to resolve the error. Please follow the steps below to delete the key.

Important: This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

  1. Open the Regedit tool and navigate to the following location:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Certsvc\Configuration\ConfigurationDirectory

  2. On the File menu, click Export to save a backup of the key.

  3. On the Edit menu, click Delete and click Yes to confirm the delete operation.

↑ Back to the top

More Information

Microsoft has confirmed that this is a problem in the Microsoft products listed in the "Applies to" section.

↑ Back to the top

Keywords: vkball, kb

↑ Back to the top

Article Info
Article ID : 2012810
Revision : 1
Created on : 1/8/2017
Published on : 3/4/2010
Exists online : False
Views : 122