Error: Communicating with MSCA at stage 500

Applies to:  

TrustAuthority 14.2


There is a problem running TrustAuthority 14.2 on the same system with Microsoft CA. This should never be done in a production environment but can be done in a testing purpose. This article covers the issues you may run into with this setup.

More Info:

After the upgrade to version 14.2, when you enroll a cert, it fails at stage 500.

The error is:  

"The format of the specified domain name is invalid. (hresult 0x0800704bc)"


The logs show a more complete error message:

"An error occurred communicating with the CA \VED\Policy\Certificate Authority Templates\MS CA (Internal)\MS CA Webserver (2yr).  Error: The format of the specified domain name is invalid. (Exception from HRESULT: 0x800704BC).  Additional error data    at Interop.CERTCLIENTLib.CCertRequestClass.Submit(Int32 Flags, String strRequest, String strAttributes, String strConfig) at Venafi.Drivers.CertificateAuthority.Microsoft.MSCA_Service.PostCSRWithSans(String connection, String cadn, String ownerdn, String template, String csr, Dictionary`2 sans, Int32& requestid, String& error)"

The error occurs using either domain admin as credentials or the service account with at least read / write / enroll on the Web Server Certificate template and the MSCA.  


Workaround for this issue is to run the Venafi Trust Protection Platform service as a user that has rights to the local MSCA. Is using Windows Authentication with MS SQL the service account would need to have rights to the local MSCA.


Was this article helpful?
1 out of 1 found this helpful