I have a 2-tier PKI infrastructure; 1 offline stand-alone Root CA and 1 Enterprise Subordinate Issuing CA. Both are running Windows 2012 R2. The Enterprise Subordinate Issuing CA has been running for months but today I have discovered that the
Active Directory Certificate Services service will not start.
The event viewer reports the following error:
Event ID: 7024
Description:
The Active Directory Certificate Services service terminated with the following service-specific error:
The revocation function was unable to check revocation because the revocation server was offline.
I tried executing "certutil -setreg ca\CRLFlags -CRLF_REVCHECK_IGNORE_OFFLINE" but it didn't help.
Any ideas on how I can resolve this issue?
Steve