The certification authority service does not start and throws the error message "Object was not found. 0x80090011 (-2146893807 NTE_NOT_FOUND)".

Assume the following scenario:

  • A certification authority is implemented in the network.
  • The certification authority service does not start.
  • When trying to start the Certification Authority service, you get the following error message:
Object was not found. 0x80090011 (-2146893807 NTE_NOT_FOUND)

A corresponding Event with no. 100 can also be found in the event display of the certification authority:

Active Directory Certificate Services did not start: Could not load or verify the current CA certificate. ADCS Labor Issuing CA 2 Object was not found. 0x80090011 (-2146893807 NTE_NOT_FOUND).

Possible causes

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem and is available under a free license. It can downloaded via GitHub and can be used free of charge.

This error may occur if no connection to the hardware security module can be established, e.g. because it is not switched on, because a firewall prevents the connection, or because the login data at the HSM are incorrect.

It can also occur if a hardware security module is used and its Key Storage Provider (KSP) requires user interaction (for enabling access to the private key, e.g. Operator Card Set Protection for Thales/nCipher HSMs). In this case, the startup type for the certificate authority service should be set to "manual" and the service should be started manually by an administrator.

Related links: