Event ID 15 — AD CS Program Resource Availability

Applies To: Windows Server 2008 R2

Certification authorities (CAs) need adequate system resources and operating system components to function. If a server has insufficient memory or hard disk space, or if operating system components become unavailable, attempts to start Active Directory Certificate Services (AD CS) can fail.

Event Details

Product: Windows Operating System
ID: 15
Source: Microsoft-Windows-CertificationAuthority
Version: 6.1
Symbolic Name: MSG_CERTIF_MISMATCH
Message: Active Directory Certificate Services did not start: Version does not match certif.dll.

Resolve

Resolve a version mismatch on core AD CS files

In order for Active Directory Certificate Services (AD CS) to function correctly after an upgrade, all components, including Certserv.exe and Certcli.dll, must be upgraded. To resolve this error, you can confirm whether a mismatch exists and then either restore the certification authority (CA) from a backup or reinstall AD CS.

To perform this procedure, you must have Manage CA permission, or you must have been delegated the appropriate authority.

To determine whether the version information matches:

  1. On the computer hosting the CA, click Start Search, type Certserv.exe, and then press ENTER.
  2. Right-click Certserv.exe, and click Properties
  3. Click the Details tab, and note the information under the File version heading.
  4. Click Start Search, type Certcli.dll, and then press ENTER.
  5. Right-click Certcli.dll, and click Properties
  6. Click the Details tab, and note the information under the File version heading.
  7. Compare the version numbers of the two files to see whether they are the same or different.
  8. If a mismatch exists, replace either Certserv.exe or Certcli.dll with a matching version. You may need to go to backup media to locate matching versions.
  9. If you cannot restore the individual files or otherwise address the problem, you may have to restore the CA from a backup or reinstall the CA.

Verify

To perform this procedure, you must have membership in local Administrators on the computer hosting the certification authority (CA), or you must have been delegated the appropriate authority.

To confirm that the CA service is available:

  1. On the computer hosting the CA, click Start, type cmd and press ENTER.

  2. Type certutil -config <CAconfig> -ping and press ENTER.

    CAconfig is the CA configuration string, in the form CAhostname\CAname.

AD CS Program Resource Availability

Active Directory Certificate Services