Answered my own Q.
1. Move all files from C:\Windows\System32\CertLog except the .EDB file 2. Run esentutl.exe /p C:\Windows\System32\CertLog\acuereqol-CA1-CA.edb 3. Start service Before resorting to that, I did an integrity check against the EDB file and it came up clean. Esentutl /r terminated with an (JET_errLogFileCorrupt) error, so I was pretty far down the list of things to try. Dave From: [email protected] [mailto:[email protected]] On Behalf Of Dave Lum Sent: Monday, August 31, 2015 1:17 PM To: [email protected] Subject: [NTSysADM] Certificate Authority server oops I have a Certificate Authority server that had a drive issue (it's a VM) as on reboot it ran CHKDSK and cleaned up a bunch of errors. The problem is the cleanup killed the Certification Authority service. When it tries to start get this in the event logs: "certsrv.exe (1416) The log range read from the file "C:\Windows\system32\CertLog\edb.log" at offset 40960 (0x000000000000a000) for 4096 (0x00001000) bytes failed verification due to a range checksum mismatch. The expected checksum was 4789645856152457912 (0x42783d878fe392b8) and the actual checksum was 4789645856152457912 (0x42783d878fe392b8). The read operation will fail with error -501 (0xfffffe0b). If this condition persists then please restore the logfile from a previous backup" And "certsrv.exe (1416) Corruption was detected during soft recovery in logfile C:\Windows\system32\CertLog\edb.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 10 (0x0000000A). This logfile has been damaged and is unusable." Due to a SNAFU, the most recent backup I have is from almost three months ago (it's a snapshot actually, but it works). Is that a worthwhile backup? It's easy enough to re-establish the trust with the domain via NETDOM, but I know there have been a few internal certs issued by this server between 6/11/15 and now. Thoughts? Dave Attention: Information contained in this message and or attachments is intended only for the recipient(s) named above and may contain confidential and or privileged material that is protected under State or Federal law. If you are not the intended recipient, any disclosure, copying, distribution or action taken on it is prohibited. If you believe you have received this email in error, please contact the sender, delete this email and destroy all copies. Attention: Information contained in this message and or attachments is intended only for the recipient(s) named above and may contain confidential and or privileged material that is protected under State or Federal law. If you are not the intended recipient, any disclosure, copying, distribution or action taken on it is prohibited. If you believe you have received this email in error, please contact the sender, delete this email and destroy all copies.
