Assume the following scenario:
- A new certification authority is installed.
- After configuring the certification authority role and issuing the certification authority certificate, it should now be installed on the certification authority.
- A hardware security module (HSM) is used to protect the private key of the certification authority certificate.
- The installation of the certificate authority certificate fails with the following error message:
An error was detected while configuring Active Directory Certificate Services. The Active Directory Certificate Services Setup Wizard will need to be rerun to complete the configuration. The new certificate public key does not match the current outstanding request. The wrong request may have been used to generate the new certificate: Object was not found. 0x80090011 (-2146893807 NTE_NOT_FOUND)
No event is logged in the event viewer.
Contrary to the error message, the Subject Key Identifier (SKI) in the certificate request and in the issued certificate is identical.
Cause/Solution
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
This error occurs when no connection to the private key, or to the entire hardware security module is possible. Therefore, it should be checked:
- Configuration of the HSM-specific Key Storage Provider (KSP).
- Permissions on the private key.
- Network connection to the hardware security module.
English 
Deutsch