Event ID 39 — AD CS Access Control

Applies To: Windows Server 2008

Certification authority (CA) access control permissions ensure that authorized components and users can complete required tasks. Access control errors can identify potential problems associated with insufficient or inappropriate use of permissions.

Event Details

Product: Windows Operating System
ID: 39
Source: Microsoft-Windows-CertificationAuthority
Version: 6.0
Symbolic Name: MSG_E_SERVER_IDENTITY
Message: Active Directory Certificate Services did not start: The Certification Authority DCOM class for %1 could not be registered. %2. Use the Services snap-in to change the logon context for the certification authority.

Resolve

Correct DCOM registration errors

To perform this procedure, you must have membership in local Administrators, or you must have been delegated the appropriate authority.

To correct DCOM registration errors:

  1. On the computer hosting the CA, click Start, point to Administrative Tools, and click Services.
  2. Right-click Active Directory Certificate Services, and click Properties.
  3. Click the Log On tab, and confirm that Local System account is selected.
  4. If it is not selected, click Local System account, and then click OK.
  5. Right-click the service and then click Restart

Caution: Because of the security requirements for the Active Directory Certificate Services (AD CS) service, logon accounts other than LOCAL_SYSTEM are not supported.

Verify

To perform this procedure, you must have membership in local Administrators on the computer hosting the certification authority (CA), or you must have been delegated the appropriate authority.

To confirm that the CA logon context is correct:

  1. On the computer hosting the CA, click Start, point to Administrative Tools, and click Services.
  2. Confirm that the word Started  appears in the Status belong for the Active Directory Certificate Services service.

AD CS Access Control

Active Directory Certificate Services