Certificate propagation service shuts down instantly after starting
Hi there,
Some computers in our domain need to have certificate propagation enabled (for smartcard logons) However, the certificate propagation service fails to start. The services required by the certificate propagation service are running and it uses the local system
account to run. I don't see any errors regarding the startup failure, only "The certificate propgation service entered the stopped state"
What could this be?
July 5th, 2012 4:45am
Hi ,
Did you receive any error when trying to start Certificate propagation service manually?
It seems this service is controlled by the domain configuration. Thus, you cannot change the status manually.
The certificate propagation service applies when a logged-on user inserts a smart card in a reader that is attached to the computer. This action causes the certificate to be read from the smart
card. The certificates are then added to the user's Personal store. The service action is controlled by using Group Policy. For information about Group Policy and Group Policy settings, see Smart
Card Group Policy and Registry Settings.
More information about Certificate Propagation Service, please see:
http://technet.microsoft.com/en-us/library/ff404288.aspx
Here is a document about deploying smart cards with Windows Vista for your reference.
See "Windows Vista Smart Card Infrastructure" on the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkID=111969).Tracy Cai
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
July 6th, 2012 3:28am
Hi tracy,
When trying to start the service manually it says:
"The certificate propagation service on local computer started and then stopped. Some services stop automatically if they are not in use by other services or programs"
I have a co worker with a similar AD account/computer (resides in the same OU and has the same group policy) and he can start/stop the service without a single problem.
The option "allow service to interact with desktop" is turned off under the logon tab of the service properties.
July 6th, 2012 5:07am
Removing all "ActivIdentity" software from the system was the solution. This third party software hijacked the smartcard propagation.
Free Windows Admin Tool Kit Click here and download it now
July 6th, 2012 5:43am
Removing all "ActivIdentity" software from the system was the solution. This third party software hijacked the smartcard propagation.
July 6th, 2012 5:43am
Hi ,
I am glad to hear that you have found the solution. Thank you for coming back and let us know the result:).
Best Regards.Tracy Cai
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
July 8th, 2012 9:23pm