Hardware Security Module Reading Time: 3 minutes

What causes NTE_Provider_DLL failure?

In this blog, we are covering an error where the ADCS Service stopped working on Issuing CA. The issue was related to the HSM side as the SafeNet Key Storage provider failed to initialize properly.


ADCS Service failing to start.

Error Code

Log Name Application
Source Microsoft-Windows-CertificationAuthority
Event ID 100
Level Error


Active Directory Certificate Services did not start: Could not load or verify the current CA certificate. Issuing CA Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL).

This error comes in the case of Luna; if it’s Ncipher, you’ll see that the provider of the Ncipher will fail.

Steps done

  • We did run certutil -csplist to check whether the SafeNet Key Storage Provider was configured correctly.
  • If there is a provider failed to pass the test. You can check the configuration under the registry entries under
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration \CA NAME\CSP


This issue often occurs when CA uses the HSM and HSM is incorrectly configured.

  • Verify that the connectivity of HSM is properly configured.
  • HSM’s cryptographic service provider should be loaded/initialized properly (re-register and reconfiguring along with a reboot).

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.


About the Author

Yathaarth Swaroop is a Consultant at Encryption Consulting, working with PKIs, HSMs and working as a consultant with high-profile clients.

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo