During my work with a customer renewing their Issuing CA’s certificate based on the steps documented in this article, I discovered that the Request file generated couldn’t be located in the default location of %systemDrive% . The Issuing CA didn’t log any errors in the Event Log, nor did it post any error messages. I also searched for all files with the extension *.req on all drives, and still couldn’t find the file.
After some more research, I discovered that my customer changed the default location of the RequestFileName Registry Key during their installation to a drive that no longer exists on the CA. The location configured was a:\%1_%3%4.req. I followed these steps to fix this issue:
- Start the Registry Editor
- Navigate to HKLM\System\CurrentControlSet\Services\Certsvc\Configuration\<CASanitizedName>
- Locate the Registry String RequestFileName
- Change the value from a:\%1_%3%4.req to C:\%1_%3%4.req
- Stop and Start the Certification Active Directory Certificate Services service
I was then able to create the Request File and submit it to the Offline Root CA to process it.