AD CS Key Archival and Recovery
Applies To: Windows Server 2008
Active Directory Certificate Services (AD CS) requires key recovery agent certificates, exchange (XCHG) certificates, and keys in order to support key archival. The functioning of key recovery agent certificates, XCHG certificates, and the cryptographic service providers (CSPs) needed to create them is critical to a public key infrastructure.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services key archival is only supported on Enterprise and Datacenter editions of Windows Server. %1 | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services could only verify %1 of %2 key recovery certificates required to enable private key archival. Requests to archive private keys will not be accepted. | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services encountered an error loading key recovery certificates. Requests to archive private keys will not be accepted. %1 | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services will not use key recovery certificate %1 because it could not be verified for use as a Key Recovery Agent. %2 %3 | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services ignored key recovery certificate %1 because it could not be loaded. %2 %3 | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services could not use the provider specified in the registry for encryption keys. %1 | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services could not use the default provider for encryption keys. %1 | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services switched to the default provider for encryption keys. %1 | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services could not create an encryption certificate. %1. %2. | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services encountered errors validating configured key recovery certificates. Requests to archive private keys will no longer be accepted. | |
Microsoft-Windows-CertificationAuthority |
Key recovery certificate %1 is about to expire and will not be used after it has expiration. Contact your adminstrator to renew this certificate. %2 %3 |