Hardware Security Module

What causes NTE_Provider_DLL failure?

the ADCS Service stopped working on Issuing CA

Read Time: 3 minutes

In this blog, we are covering an error where the ADCS Service stopped working on Issuing CA. The issue was related to the HSM side as the SafeNet Key Storage provider failed to initialize properly.

Issue

ADCS Service failing to start.

Error Code

Log Name Application
Source Microsoft-Windows-CertificationAuthority
Event ID 100
Level Error

Description

Active Directory Certificate Services did not start: Could not load or verify the current CA certificate. Issuing CA Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL).

This error comes in the case of Luna; if it’s Ncipher, you’ll see that the provider of the Ncipher will fail.

Steps done

  • We did run certutil -csplist to check whether the SafeNet Key Storage Provider was configured correctly.
  • If there is a provider failed to pass the test. You can check the configuration under the registry entries under
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration \CA NAME\CSP

Solution

This issue often occurs when CA uses the HSM and HSM is incorrectly configured.

  • Verify that the connectivity of HSM is properly configured.
  • HSM’s cryptographic service provider should be loaded/initialized properly (re-register and reconfiguring along with a reboot).

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download
Encryption Services

About the Author

Yathaarth Swaroop is a Consultant at Encryption Consulting, working with PKIs, HSMs and working as a consultant with high-profile clients.

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo