Tuesday 10 March 2015

Active Directory Certificate Services (AD CS) Root Certificate Authority “A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487 CERT_E_UNTRUSTEDROOT)"

I am not sure quite how this happened, I was in the middle of configuring the root certificate authority using my notes which I have implemented loads of AD CS infrastructures (http://blog.ryanbetts.co.uk/2015/01/implementing-two-tier-active-directory.html) and until today I have never had this issue before. The only thing was that VMware Tools restarted the VM when I was in the middle of configuring the Certificate Authority.
When you try and start the AD CS service you are faced with the error “A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487 CERT_E_UNTRUSTEDROOT)”.

It was a simple fix, but threw me for a minute. You need to manually import the root certificate that is generated and placed in the C:\Windows\System32\CertSrv\CertEnroll folder on the root certificate authority itself. 

Install the certificate in the Local Computer store and have the wizard automatically choose which store it places the certificate into.

You should then be able to start the AD CS service.