During my work with a customer renewing their Issuing CA’s certificate based on the steps documented in this article , I discovered that the Request file generated couldn’t be located in the default location of %systemDrive% . The Issuing CA didn’t log any errors in the Event Log, nor did it post any error messages. I also searched for all files with the extension *.req on all drives, and still couldn’t find the file.
After some more research, I discovered that my customer changed the default location of the RequestFileName Registry Key during their installation to a drive that no longer exists on the CA. The location configured was a:%1_%3%4.req. I followed these steps to fix this issue:
- Start the Registry Editor
- Navigate to HKLMSystemCurrentControlSetServicesCertsvcConfiguration<CASanitizedName>
- Locate the Registry String RequestFileName
- Change the value from a:%1_%3%4.req to C:%1_%3%4.req
- Stop and Start the Certification Active Directory Certificate Services service
I was then able to create the Request File and submit it to the Offline Root CA to process it.
© Microsoft. This article was originally published by Microsoft’s Core Infrastructure and Security Blog. You can find the original article here.