Windows Server Essentials 2016 - Essentials Services Stopped, Essential Dashboard Wont Open with Local Cert Errors

Michael Clark 0 Reputation points
2023-07-11T10:10:12.51+00:00

I've had a problem with a Windows Server Essentials 2016 Server for quite some time now and have spent the last couple of days trying to fix the problem. I know that this is an old OS but if somebody has some insight any help would be greatly appreciated. All Windows Essentials Services, apart from the backup service are in a stopped state and cannot be started. The problem with this is that I cannot open the Essentials dashboard to do any kind of task.

I have narrowed the problem down to the Windows Server Essentials Provider Registry Service, When trying to start it I get the following error message.

"Windows could not start the Windows Server Essentials Provider Registry Service Service on Local Computer. Error 1067: The process terminated unexpectedly."

I also get a similar message when trying to start all the other Essential services but they all depend on the above Provider Registry Service.

My next port of call was to check the service log to see if I could see why these were failing. Upon checking the Provider Registry Service Log I found the below:

[9228] 230711.104510.1656: PRS: Information: [0] : OnStart: service "ServiceProviderRegistry" starting up. [9228] 230711.104510.2438: PRS: Information: [0] : This is a server, so our server registry is the local one. [9228] 230711.104510.2438: PRS: Information: [0] : Part of a domain, adding SPN registration. [9228] 230711.104510.2438: PRS: Information: [0] : Finished Provider Registry Service Initialization [9228] 230711.104510.2438: PRS: Information: [0] : Starting to open host... [9228] 230711.104510.3375: WssgCertMgmt: Found 0 matching certs without verification: [9228] 230711.104510.3375: WssgCertMgmt: Collection Empty [9228] 230711.104510.3532: IDENTITY: Local machine cert not found, trying to import the root cert backup to fix [9228] 230711.104510.3532: IDENTITY: Starting certutil.exe process [9228] 230711.104510.4313: IDENTITY: Process Exit Code: 0 [9228] 230711.104510.4313: IDENTITY: root "Trusted Root Certification Authorities" [9228] 230711.104510.4313: IDENTITY: Signature matches Public Key [9228] 230711.104510.4313: IDENTITY: Related Certificates: [9228] 230711.104510.4313: IDENTITY: [9228] 230711.104510.4313: IDENTITY: Exact match: [9228] 230711.104510.4313: IDENTITY: Element 7: [9228] 230711.104510.4313: IDENTITY: Serial Number: 377b596e6d8f85b347f3a11f63a208fb [9228] 230711.104510.4313: IDENTITY: Issuer: CN=internal-WIN2K16SRV01-CA [9228] 230711.104510.4313: IDENTITY: NotBefore: 13/03/2017 17:29 [9228] 230711.104510.4313: IDENTITY: NotAfter: 05/03/2057 17:29 [9228] 230711.104510.4313: IDENTITY: Subject: CN=internal-WIN2K16SRV01-CA [9228] 230711.104510.4313: IDENTITY: Signature matches Public Key [9228] 230711.104510.4313: IDENTITY: Root Certificate: Subject matches Issuer [9228] 230711.104510.4313: IDENTITY: Cert Hash(sha1): 4ed0dca65d9fbde12a084832277830facd6abac5 [9228] 230711.104510.4313: IDENTITY: [9228] 230711.104510.4313: IDENTITY: Certificate "internal-WIN2K16SRV01-CA" already in store. [9228] 230711.104510.4313: IDENTITY: CertUtil: -addstore command completed successfully. [9228] 230711.104510.4313: IDENTITY: 458.433.0:<2023/7/11, 10:45:10>: 0x8009310b (ASN: 267 CRYPT_E_ASN1_BADTAG) [9228] 230711.104510.4313: IDENTITY: Certutil succeeded [9228] 230711.104510.4469: WssgCertMgmt: Found 0 matching certs without verification: [9228] 230711.104510.4469: WssgCertMgmt: Collection Empty [9228] 230711.104510.4469: WssgCertMgmt: Collection Empty [9228] 230711.104510.4469: IDENTITY: IsLocalMachineCertExpired: failed to get local machine cert [9228] 230711.104510.4469: PfBinding: Error: [0] : _SetServiceCert - Unable to find valid machine certificate on local store. [9228] 230711.104510.4469: PfBinding: Error: [133] : Service "ServiceProviderRegistry" failed to start: Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderException: Failed to configure the ServiceHost (see inner exception). ---> Microsoft.WindowsServerSolutions.Certificates.CertificatesException: Unable to find valid machine certificate on local store. at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProductConfiguratorBase._SetServiceCert(X509CertificateRecipientServiceCredential svcCertCred) at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProductConfiguratorBase._ConfigureServiceHost(ServiceHost serviceHost) at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProductConfiguratorBase.ConfigureServiceHost(ServiceHost serviceHost) --- End of inner exception stack trace --- at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProductConfiguratorBase.ConfigureServiceHost(ServiceHost serviceHost) at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistry.Program.ConfigureEndpointsNormalMode(ServiceHost host) at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistry.ServiceShell.OpenHost()

It looks like it cannot find the cert and therefore fails to start. Another problem is that the thumbprint on the cert is incorrect and have tried to rectify it using the below fix from an Windows Server 2012 article.

https://www.mcbsys.com/blog/2020/11/errors-after-server-essentials-local-certificate-renewal/

Unfortunately after changing the thumbprint in the IDENTITY registry key to the right one we still see the same problem.

Thanks.

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,315 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Dave Patrick 426K Reputation points MVP
    2023-07-11T13:05:49.96+00:00

    You could try a repair install by running setup.exe from the root of the install media but time may be better spent standing up a new one, patch fully, migrate roles over and move on.

    --please don't forget to upvote and Accept as answer if the reply is helpful--