Active Directory Certificate Services: resolving Offline Root startup issues

A screen capture of the Active Directory Certification Authority management console, displaying a dialog window with an error message statement.

Lab tested

In my lab today, I was testing some ideas on implementing Transport Layer Security (TLS). It was about the time I needed the certificate and encountered an issue.

What broke?

The Certificate Services service was stopped. When manually started, the following error message was displayed:

The revocation function was unable to check revocation because the revocation server was offline.

Nice one! A little reading made realise the Certificate Revocation List (CRL) file was required to be renewed, as an Offline Root Certificate Authority was in use at my lab.

The solution

With thanks to Jeff Kyker for his page on the topic, the fix was very simple. The steps he provides are easy to follow.

I would also like to thank Shannon Fritz for putting the details in his post.

Big help, gentlemen!

About the author

Paul Angus's picture

Paul Angus

Paul is a security and infrastructure professional with over 13 years of experience in the Information Technology sector.

Before transitioning to the IT sector, the knowledge gained working along side senior management, civil engineers, surveyors, town planners and graphic designers helped to shape his unique perspective.
Last updated: 
2015-07-05 20:31


PKIView.exe will also help to diagnose these types of issues...

Add new comment