The Certificate Authority service fails to start and throws the error message "Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL)."

Assume the following scenario:

  • A certification authority is implemented in the network.
  • The certification authority service does not start.
  • When trying to start the Certification Authority service, you get the following error message:
Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL).

A corresponding Event with no. 100 can also be found in the event display of the certification authority:

Active Directory Certificate Services did not start: Could not load or verify the current CA certificate. ADCS Labor Issuing CA 2 Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL).

Possible causes

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem and is available under a free license. It can downloaded via GitHub and can be used free of charge.

Occurs when the Key Storage Provider (KSP) could not be loaded and therefore there is no access to the private key.

The server in question used the Cavium Key Storage Provider (AWS CloudHSM). The Cavium Key Storage Provider log files are written to the following directory:

C:\Program Files\Amazon\CloudHSM\

Please note that the entries in the log file are entered in UTC time and may therefore differ from the locally configured regional time.

There were among others the following entries:

ERR: send_cached_info_to_app: No preferred server found
ERR: send_cached_info_to_app: No preferred server found
ERR: buffered_on_event: listenmain network error, closing conn.
INF: buffered_on_event: Added accepted conn:00000123456789AB to zombie list
ERR: buffered_on_event: listenmain network error, closing conn.
INF: buffered_on_event: Added accepted conn:00000123456789AC to zombie list

Thus, no connection to the HSM endpoints could be established. The error occurred immediately after a reboot of the system in question.

Similarly, this can also occur with the SafeNet Key Storage Provider.

Related links:

External sources

One thought on “Der Zertifizierungsstellen-Dienst startet nicht und wirft die Fehlermeldung „Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL).“”

Comments are closed.

en_USEnglish