Installation of a certificate authority fails with error code "Bad Data. 0x80090005 (-2146893819 NTE_BAD_DATA)."

Assume the following scenario:

  • An attempt is made to install a certificate authority
  • The role configuration fails with the following error message:
An error occurred when creating the new key container "ADCS Labor Issuing CA 3". Please make sure the CSP is installed correctly or select another CSP.
Bad Data. 0x80090005 (-2146893819 NTE_BAD_DATA).

The Certification Authority will use the Event #5 log.

Cause

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

Can occur when a SafeNet Hardware Security Module (HSM) is used and the key pair cannot be generated.

Possible causes may include:

  • The user who installs the Certificate Authority role has no permissions on the partition.
  • The partition policy for the HSM partition must allow multipurpose keys.
  • If the error code "CKR_PIN_EXPIRED" is logged in the LunaKSP.log (Safenet Key Storage Provider log file), the initial password for the partition must be changed for the Crypto Officer.

Please note that the user name must be entered with correct upper/lower case when assigning permissions to the key storage provider. The domain name must be written in all uppercase letters.

New try

After the underlying cause has been eliminated, the role configuration can be tried again.

However, the certification authority role must first be uninstalled before attempting a new role configuration.

It may also be necessary to delete the registration for the certification authority before reinstalling the certification authority role. As a consequential error, certificate templates may not be published after the correct role configuration. See article "After installing or migrating a certificate authority to a new server, you can no longer publish your own certificate templates" for more information.

Related links:

External sources

One thought on “Die Installation einer Zertifizierungsstelle schlägt fehl mit Fehlercode „Bad Data. 0x80090005 (-2146893819 NTE_BAD_DATA).“”

Comments are closed.

en_USEnglish