Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Event ID 1010 1

Status
Not open for further replies.
JCDugas

JCDugas

MIS
Joined
Dec 26, 2001
Messages
270
Location
US
Event Type: Warning
Event Source: Winlogon
Event Category: None
Event ID: 1010
Date: 12/23/2003
Time: 9:12:26 AM
User: N/A
Computer: CYPRESS
Description:
Automatic enrollment against the certification authority NELC for a certificate of type DomainController has failed. (0x80090008) Invalid algorithm specified.
. Another certification authority will be tried.


I cannot seem to request a Domain Controller certificate. I get this error when doing it manually.

"The certificate cannot be installed because of a problem with the cryptographic hardware."

Any ideas??

I performed a DCPromo on this server and then this started to occur.

Thanks,

Jeremy
 
Sort by date Sort by votes
Make sure you are viewing hidden and operating system files. Then check the permissions on c:\documents and settings\all users\application data\microsoft\crypto\RSA\MachineKeys.

They should be:

Administrators:Full Control:This folder only
Everyone:Special:This folder only
List Folder / Read Data
Read Attributes
Read Extended Attributes
Create Files / Write Data
Create Folders / Append Data
Write Attributes
Write Extended Attributes
Read Permissions

The "allow inheritable permissions from parent to propogate to this object" should NOT be checked.

Then check the permissions on the RSA folder (above machinekeys). You should have the following explicit ACE:

Administrators:Full Control:This folder only

And the following inherited ACEs:

System:Full Control:This folder, subfolders, and files
Administrators:Full Control:This folder, subfolders, and files
CREATOR OWNER:Full Control:Subfolders and files only
Users:Read & Execute:This folder, subfolders, and files
Everyone:Read & Execute:This folder, subfolders, and files
Power Users:Special:This folder, subfolders, and files
Traverse Folder / Execute Data
List Folder / Read Data
Read Attributes
Read Extended Attributes
Create Files / Write Data
Create Folders / Append Data
Write Attributes
Write Extended Attributes
Delete Subfolders and Files
Delete
Read Permissions

Make sure the "Allow inheritable permissions from parent to propagate to this object" is checked.
 
Upvote 0 Downvote
This is not the same error referenced in that article. The error in the article is (0x80090020).
 
Upvote 0 Downvote
0x80090008 means NTE_BAD_ALGID

0x80090020 means NTE_FAIL

There's a bit more specificity in your error, but you're still trying to use an algorithm that isn't supported by the version of cryptsvc.dll. This is the same as the cause.

 
Upvote 0 Downvote
You certainly could be right, but I have seen this be caused by permissions problems numerous times. Usually, adding system:F to the RSA folder fixes the issue.

But we need to hear from the original poster on what SP he is running.
 
Upvote 0 Downvote
Thanks for all the reponses. Service Pack 3 is installed.

I've tried mlichstein's post and will let you know if I experience any other issues.

Thanks again!
 
Upvote 0 Downvote
thanks mlichstein! That fixed my issue.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

andyferris
  • Locked
  • Question Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
470
RRankin355
RRankin355
blpcrs
  • Locked
  • Question Question
Disk Space warning in real time in Event Viewer?
Replies
0
Views
518
blpcrs
blpcrs
Fireksf
  • Locked
  • Question Question
Avaya IPOCC not generate Report, Please any body if you a have any idea help me.
Replies
1
Views
487
MarkSweetland
MarkSweetland
amanua
  • Locked
  • Question Question
Event ID 4776 Security Log
Replies
0
Views
350
amanua
amanua
amanua
  • Locked
  • Question Question
Event ID 13508 Sysvol replication problems
Replies
0
Views
315
amanua
amanua

Part and Inventory Search

Sponsor

Back
Top