The certification authority service does not start and throws the error message "Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL)."

Assume the following scenario:

A certification authority is implemented in the network.
The certification authority service does not start.
When trying to start the Certification Authority service, you get the following error message:

Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL).

A corresponding Event with no. 100 can also be found in the event display of the certification authority:

Active Directory Certificate Services did not start: Could not load or verify the current CA certificate. ADCS Labor Issuing CA 2 Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL).

Possible causes

Occurs when the Key Storage Provider (KSP) could not be loaded and therefore there is no access to the private key.

The server in question used the Cavium Key Storage Provider (AWS CloudHSM). The Cavium Key Storage Provider log files are written to the following directory:

C:\Program Files\Amazon\CloudHSM\

Please note that the entries in the log file are entered in UTC time and may therefore differ from the locally configured regional time.

There were among others the following entries:

ERR: send_cached_info_to_app: No preferred server found
ERR: send_cached_info_to_app: No preferred server found
ERR: buffered_on_event: listenmain network error, closing conn.
INF: buffered_on_event: Added accepted conn:00000123456789AB to zombie list
ERR: buffered_on_event: listenmain network error, closing conn.
INF: buffered_on_event: Added accepted conn:00000123456789AC to zombie list

Thus, no connection to the HSM endpoints could be established. The error occurred immediately after a reboot of the system in question.

Similarly, this can also occur with the SafeNet Key Storage Provider.

One thought on “Der Zertifizierungsstellen-Dienst startet nicht und wirft die Fehlermeldung „Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL).“”

Pingback: Details about the event with ID 100 of the source Microsoft-Windows-CertificationAuthority - Uwe Gradenegger

Comments are closed.

The Certificate Authority service fails to start and throws the error message "Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL)."

Possible causes

Related links:

External sources

One thought on “Der Zertifizierungsstellen-Dienst startet nicht und wirft die Fehlermeldung „Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL).“”