So I have a rather odd issue that I can't seem to figure out. When I apply Microsoft KB2808679 to our Server 2003 R2 Root CA when the server reboots Certificate Services fails to start. When this happens the following events are logged in the Application log on this server:
Event Type: Error
Event Source: CertSvc
Event Category: None
Event ID: 42
Date: 7/23/2013
Time: 2:25:07 PM
User: N/A
Computer: NETWORK
Description:
Could not build a certificate chain for CA certificate 1 for WWDCertAuth. The signature of the certificate can not be verified. 0x80096004 (-2146869244).
For more information, see Help and Support Center at http:/
Event Type: Error
Event Source: CertSvc
Event Category: None
Event ID: 100
Date: 7/23/2013
Time: 2:25:07 PM
User: N/A
Computer: NETWORK
Description:
Certificate Services did not start: Could not load or verify the current CA certificate. WWDCertAuth The signature of the certificate can not be verified. 0x80096004 (-2146869244).
For more information, see Help and Support Center at http:/
If I uninstall the update all works well again.
I found Microsoft article ID 842210 but this doesn't seem to apply as under step 1 where you compare the certificate hashes the number between what is stored in the store and what is stored in the registry is different (which "should" keep the service from starting) already and thus regardless of whether or not the update is installed the service should still fail to start...but it does start so long as update 2808679 is not installed.
I'll admit certificate services is not my strongest point by any means but I've been able to keep it humming along until now. As a side note I know that update KB2661254 also does the same thing in breaking certificate services...at least I understand why that one does (encryption update).
Any ideas?