In earlier versions of Windows 2000, no events are logged during the certification authority (CA) certificate chain-verification process. However, the HRESULT value and the event log Message ID (if any error is detected) for the current CA certificate chain are returned to a section of top-level code in Windows. If the top-level code detects that the current CA certificate is not valid, the returned event is logged, and it specifies the certificate problem together with the "Certificate Services did not start" message. The Certificate Services component does not start.
In Windows 2000 Server SP4, a specific event is logged for each invalid CA certificate chain during the CA certificate chain-verification process. The event messages that are used are the same as those that are used in Windows 2000 Service Pack 3 (SP3) when Certificate Services does not start successfully. However, if the current CA certificate chain is valid, Certificate Services starts successfully, even though events are logged for the invalid certificate chain (or chains).
In this scenario, the message text for the logged events is misleading. The "Certificate Services did not start" message in the "Description" section of the logged event appears because the same event text from the earlier versions of Windows 2000 is used. This message does not indicate a problem with the current certificate.
Note Although the specific message text that is associated with the logged events is also present in earlier versions of Windows 2000, this message is not displayed unless the current CA certificate chain is not valid.
Note The information in this article does not apply when the CA certificate is no longer valid.
Article ID: 822626 - Last Review: Mar 29, 2017 - Revision: 3