TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Microsoft Edge
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Skype for Business
See all products »
Resources
Channel 9 Video
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Windows Update
Trials
Windows Server 2016
System Center 2016
Windows 10 Enterprise
SQL Server 2016
See all trials »
Related Sites
Microsoft Download Center
Microsoft Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Expert-led, virtual classes
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
Microsoft Official Courses On-Demand
Certifications
Certification overview
Special offers
MCSE Cloud Platform and Infrastructure
MCSE: Mobility
MCSE: Data Management and Analytics
MCSE Productivity
Other resources
Microsoft Events
Exam Replay
Born To Learn blog
Find technical communities in your area
Azure training
Official Practice Tests
Support options
For business
For developers
For IT professionals
For technical support
Support offerings
More support
Microsoft Premier Online
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Home
Library
Wiki
Learn
Gallery
Downloads
Support
Forums
Blogs
Resources For IT Professionals
United States (English)
Россия (Pусский)
中国(简体中文)
Brasil (Português)
Skip to locale bar
Page Details
First published by
Adam Conkle - MSFT
(Microsoft)
When:
13 Jul 2012 11:58 AM
Last revision by
Adam Conkle - MSFT
(Microsoft)
When:
13 Jul 2012 12:01 PM
Revisions:
2
Comments:
0
Options
Original
Wiki
>
TechNet Articles
>
Active Directory Certificate Services (AD CS): How to Restore the pKIEnrollmentService object
>
Original
Active Directory Certificate Services (AD CS): How to Restore the pKIEnrollmentService object
You are currently reviewing an older revision of this page.
Go to current version
Symptoms of a missing pKIEnrollmentService object
The Policy Module "Initialize" method returned an error. Cannot find object or property. The returned status code is
0x80092004 (-2146885628).
Certificate Services could not find required Active Directory information.
The "Enterprise and Stand-alone Policy Module" Policy Module "GetDescription" method returned an error. Cannot find object or property. The returned status code is
0x80092004 (-2146885628). Certificate Services could not find required Active Directory information.
Certificate Services denied request 44 because
Element not found. 0x80070490 (WIN32: 1168).
The request was for CN=certUser.contoso.com. Additional information: Denied by Policy Module
0x80070490
,
Certificate Services could not find required Active Directory information.
Certificate Services could not update security permissions.
Element not found. 0x80070490 (WIN32: 1168)
Restore the pKIEnrollmentService object
Check for the
pkiEnrollmentService
object in
CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=com
using
ADSIEdit
If the
CN=Enrollment Services
container object is also missing, manually create a new container object named
Enrollment Services
before proceeding
In the
Certification Authority
snap-in, right-click on the CA name, go to
All Tasks
and click
Backup CA
Within the Backup wizard, backup both the
CA database
and the
Public/Private Key Pair
Backup the CA locally (
C:\Backup
, etc.)
After the backup is made, in the
Certification Authority
snap-in, right-click on the CA name, go to
All Tasks
and click
Renew CA Certificate
Choose the same key (the
No
selection in the UI)
Check for the
pkiEnrollmentService
object in
CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=com
using
ADSIEdit
Test the enrollment services
Revert to this revision