Error When Performing Post-Deployment Tasks after Installing Active Directory Certificate Services on Server 2019

Andy Baker 20 Reputation points
2024-04-03T20:37:48.9966667+00:00

After adding the Active Directory Certificate Services>Certificate Authority role on Server 2019 Standard, I cannot complete the post-deployment tasks. As soon as I enter credentials with the appropriate permissions, I receive this error message.

Active Directory Certificate Services setup failed with the following error: The parameter is incorrect. 0x80070057. (Win32: 87 Error_Invalid_Parameter)

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,798 questions
0 comments No comments
{count} votes

Accepted answer
  1. Saeed Khalifi 121 Reputation points
    2024-12-31T20:43:08.2966667+00:00

    just change the below registry key, don't forget to change it back to its old value after you're done.

    HKLM\System\CurrentControlSet\Services\CertSvc\Configuration

    SetupStatus (DWORD) Change it to 0×6001

    Change it back to 0x6003 after you're done.

    (It will most likely change back to 0x6003 automatically after setup is complete)


1 additional answer

Sort by: Most helpful
  1. Wesley Li 10,905 Reputation points
    2024-04-05T07:47:16.7+00:00

    Hello

    The error message you’re seeing, “The parameter is incorrect. 0x80070057. (Win32: 87 Error_Invalid_Parameter)”, There are two main reasons for this error:

    Role Misconfiguration: If you’ve added the Active Directory Domain Services role but haven’t promoted the server to a domain controller, this could be causing the issue. If you do not intend for the server to be a domain controller for the domain, then you should remove the AD DS role. If you only want to manage the domain from the server, then you only need to add the AD DS Role Administration Tools.

    Group Policy Settings: This behavior can occur if your environment has the “Log on as a Service” Group Policy setting configured. While the Post-Deployment Configuration task is running, the Windows Server Essentials Management Service is configured to use the ServerAdmin$ account to log on as a service and perform the task. After the Essentials Configurations are complete, the service is configured to use the Local System account.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.