The certification authority service does not start and throws the error message "The device that is required by this cryptographic provider is not ready for use. 0x80090030 (-2146893776 NTE_DEVICE_NOT_READY)"

Assume the following scenario:

• A certification authority is implemented in the network.
• The certification authority service does not start.
• When trying to start the Certification Authority service, you get the following error message:

The device that is required by this cryptographic provider is not ready for use. 0x80090030 (-2146893776 NTE_DEVICE_NOT_READY)

A corresponding Event with no. 100 can also be found in the event display of the certification authority:

Active Directory Certificate Services did not start: Could not load or verify the current CA certificate. ADCS Labor Issuing CA 2 The device that is required by this cryptographic provider is not ready for use. 0x80090030 (-2146893776 NTE_DEVICE_NOT_READY).

Possible causes

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

• This error may occur if no connection to the Hardware Security Module can be established, e.g. because it is not switched on, because a firewall prevents the connection, or because the login data at the HSM are not correct. See also article "Details of the event with ID 100 of the source Microsoft-Windows-CertificationAuthority„.

Related links:

• Details of the event with ID 100 of the source Microsoft-Windows-CertificationAuthority
• Perform functional test for a Certification Authority