This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 48%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
I've had a problem with a Windows Server Essentials 2016 Server for quite some time now and have spent the last couple of days trying to fix the problem. I know that this is an old OS but if somebody has some insight any help would be greatly appreciated. All Windows Essentials Services, apart from the backup service are in a stopped state and cannot be started. The problem with this is that I cannot open the Essentials dashboard to do any kind of task.
I have narrowed the problem down to the Windows Server Essentials Provider Registry Service, When trying to start it I get the following error message.
"Windows could not start the Windows Server Essentials Provider Registry Service Service on Local Computer. Error 1067: The process terminated unexpectedly."
I also get a similar message when trying to start all the other Essential services but they all depend on the above Provider Registry Service.
My next port of call was to check the service log to see if I could see why these were failing. Upon checking the Provider Registry Service Log I found the below:
[9228] 230711.104510.1656: PRS: Information: [0] : OnStart: service "ServiceProviderRegistry" starting up. [9228] 230711.104510.2438: PRS: Information: [0] : This is a server, so our server registry is the local one. [9228] 230711.104510.2438: PRS: Information: [0] : Part of a domain, adding SPN registration. [9228] 230711.104510.2438: PRS: Information: [0] : Finished Provider Registry Service Initialization [9228] 230711.104510.2438: PRS: Information: [0] : Starting to open host... [9228] 230711.104510.3375: WssgCertMgmt: Found 0 matching certs without verification: [9228] 230711.104510.3375: WssgCertMgmt: Collection Empty [9228] 230711.104510.3532: IDENTITY: Local machine cert not found, trying to import the root cert backup to fix [9228] 230711.104510.3532: IDENTITY: Starting certutil.exe process [9228] 230711.104510.4313: IDENTITY: Process Exit Code: 0 [9228] 230711.104510.4313: IDENTITY: root "Trusted Root Certification Authorities" [9228] 230711.104510.4313: IDENTITY: Signature matches Public Key [9228] 230711.104510.4313: IDENTITY: Related Certificates: [9228] 230711.104510.4313: IDENTITY: [9228] 230711.104510.4313: IDENTITY: Exact match: [9228] 230711.104510.4313: IDENTITY: Element 7: [9228] 230711.104510.4313: IDENTITY: Serial Number: 377b596e6d8f85b347f3a11f63a208fb [9228] 230711.104510.4313: IDENTITY: Issuer: CN=internal-WIN2K16SRV01-CA [9228] 230711.104510.4313: IDENTITY: NotBefore: 13/03/2017 17:29 [9228] 230711.104510.4313: IDENTITY: NotAfter: 05/03/2057 17:29 [9228] 230711.104510.4313: IDENTITY: Subject: CN=internal-WIN2K16SRV01-CA [9228] 230711.104510.4313: IDENTITY: Signature matches Public Key [9228] 230711.104510.4313: IDENTITY: Root Certificate: Subject matches Issuer [9228] 230711.104510.4313: IDENTITY: Cert Hash(sha1): 4ed0dca65d9fbde12a084832277830facd6abac5 [9228] 230711.104510.4313: IDENTITY: [9228] 230711.104510.4313: IDENTITY: Certificate "internal-WIN2K16SRV01-CA" already in store. [9228] 230711.104510.4313: IDENTITY: CertUtil: -addstore command completed successfully. [9228] 230711.104510.4313: IDENTITY: 458.433.0:<2023/7/11, 10:45:10>: 0x8009310b (ASN: 267 CRYPT_E_ASN1_BADTAG) [9228] 230711.104510.4313: IDENTITY: Certutil succeeded [9228] 230711.104510.4469: WssgCertMgmt: Found 0 matching certs without verification: [9228] 230711.104510.4469: WssgCertMgmt: Collection Empty [9228] 230711.104510.4469: WssgCertMgmt: Collection Empty [9228] 230711.104510.4469: IDENTITY: IsLocalMachineCertExpired: failed to get local machine cert [9228] 230711.104510.4469: PfBinding: Error: [0] : _SetServiceCert - Unable to find valid machine certificate on local store. [9228] 230711.104510.4469: PfBinding: Error: [133] : Service "ServiceProviderRegistry" failed to start: Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderException: Failed to configure the ServiceHost (see inner exception). ---> Microsoft.WindowsServerSolutions.Certificates.CertificatesException: Unable to find valid machine certificate on local store. at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProductConfiguratorBase._SetServiceCert(X509CertificateRecipientServiceCredential svcCertCred) at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProductConfiguratorBase._ConfigureServiceHost(ServiceHost serviceHost) at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProductConfiguratorBase.ConfigureServiceHost(ServiceHost serviceHost) --- End of inner exception stack trace --- at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProductConfiguratorBase.ConfigureServiceHost(ServiceHost serviceHost) at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistry.Program.ConfigureEndpointsNormalMode(ServiceHost host) at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistry.ServiceShell.OpenHost()
It looks like it cannot find the cert and therefore fails to start. Another problem is that the thumbprint on the cert is incorrect and have tried to rectify it using the below fix from an Windows Server 2012 article.
https://www.mcbsys.com/blog/2020/11/errors-after-server-essentials-local-certificate-renewal/
Unfortunately after changing the thumbprint in the IDENTITY registry key to the right one we still see the same problem.
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
You could try a repair install by running setup.exe from the root of the install media but time may be better spent standing up a new one, patch fully, migrate roles over and move on.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Hi Dave,
Thanks for the reply, I was hoping to get a fix rather than a complete re-install scenario. I'm hoping that there will be some sort of fix with the certificate.
Regards.