Wednesday, September 19, 2012

"Cannot start service SPAdminV4 on computer '.'." error on SharePoint configuration wizard


This entry is for those environments with the June 2012 CU for SharePoint 2010 (And as Mike notes in the comments 2012 December CU) .  This patch causes CRL checks to be enforced, which in turn affects some native functionality of SharePoint AdminV4 service.
When running the SharePoint Product Configuration Wizard, the configuration will fail with the following error:


Failed to create the configuration database.
An exception of type System.InvalidOperationException was thrown.  Additional exception information: Cannot start service SPAdminV4 on computer '.'.


In order to bypass the CRL Check for SPAdminV4 service startup, the following steps need to be completed on each SharePoint server.
 
1.) Add a new computer policy which alters the options for retrieving certificate validation on a network.
2.) Add host file entries into the local computer host file.
  • Alter the computer policy
    • Click on Start-Run
    • Type in "GPEdit.msc" and click "OK"
    • Expand Computer Configuration-Windows Settings-Security Settings-Public Key Policies
    • Double-click "Certificate Path Validation Settings"
    • Click on the "Network Retrieval" tab
    • Check the box "Define these policy settings"
    • Uncheck "Automatically update certificates in the Microsoft Root Certificate Program (recommended)" and "Allow issuer certificate (AIA) retrieval during path validation (recommended"
    • Click on "OK"
    • Close out of GPEdit.msc
  • Add host file entries
    • Click on Start-Run
    • Type in "C:\Windows\System32\Drivers\Etc" and click "OK"
    • Double-click the file "Hosts"
    • Select "Notepad" as the program to open the file
    • Insert the following lines into the hosts file
      • 0.0.0.0 crl.microsoft.com
      • 0.0.0.0 crl.verisign.com
      • 0.0.0.0 ocsp.verisign.com
      • 0.0.0.0 SVRSecure-G2-crl.verisign.com
      • 0.0.0.0 SVRSecure-G3-crl.verisign.com
      • 0.0.0.0 www.download.windowsupdate.com
      • 0.0.0.0 SVRSecure-G2-aia.verisign.com
    • Save the file and exit notepad

10 comments:

Andre Radtke said...

You fu***** saved my day :D
I was struggling a whole day until I bumped to your blogpost!

Happy now, luv ya :D !

Bryan said...

Glad I was able to help, gotta love those vague MSFT error messages...and thanks for pointing out the typo!

Anonymous said...

Thanks a lot. This worked perfect at my end...

Was driving me insane as two servers joined the farm properly but two new servers that were provisioned ... didnt ..

Looks like there is a difference with our VM templates..

Cheers

Mike said...

2012' December CU has the same error and the same resolution. Fantastic!

Anonymous said...

Thank you so much for this post!

Anonymous said...

Awesome fix! That did the trick for me.

Anonymous said...

realy help me!! tnx!
котбы только думал

Robert Gullick said...

You can also create a config file to bypass CRL. This is what should be in the file.







File name
WSSADMIN.exe.config

Place the file in the BIN folder with the executable.

This can also be done for STSADM and PSCONFIG.

This will speed up the commands for any offline (a.k.a. no Internet access) SharePoint server.

Nelson Gomes said...

Thank you for save my "prod" night :)

Anonymous said...

Thanks

That works perfectly !