Partager via


AD CS Certificate Request (Enrollment) Processing

Applies To: Windows Server 2008

One of the primary functions of a certification authority (CA) is to evaluate certificate requests from clients and, if predefined criteria are met, issue certificates to those clients. In order for certificate enrollment to succeed, a number of elements must be in place before the request is submitted, including a CA with a valid CA certificate; properly configured certificate templates, client accounts, and certificate requests; and a way for the client to submit the request to the CA, have the request validated, and install the issued certificate.

Events

Event ID Source Message

3

Microsoft-Windows-CertificationAuthority

The certificate request failed.

7

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services denied request %1 because %2. The request was for %3.

10

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services was unable to build a new certificate or certificate chain: %1.

21

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services could not process request %1 due to an error: %2. The request was for %3.

22

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services could not process request %1 due to an error: %2. The request was for %3. Additional information: %4

23

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services could not process request %1 due to an error: %2. The request was for %3. The certificate would contain an encoded length that is potentially incompatible with older enrollment software. Submit a new request using different length input data for the following field: %4

53

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services denied request %1 because %2. The request was for %3. Additional information: %4

56

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services denied request %1. The request was for %2.

57

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services denied request %1. The request was for %2. Additional information: %3

79

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services could not publish a certificate for request %1 to the following location: %2. %3.%5%6

80

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services could not publish a certificate for request %1 to the following location on server %4: %2. %3.%5%6

97

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services %1 will reduce the maximum lifetime of the issued certificate for request %2 because the lifetime of the CA certificate is shorter than the validity period set in the registry. Consider renewing the CA certificate or reducing the validity period in the registry.

108

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services could not delete a certificate for request %1 from the following location: %2. %3.%5%6

109

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services could not delete a certificate for request %1 from the following location on server %4: %2. %3.%5%6

128

Microsoft-Windows-CertificationAuthority

An Authority Key Identifier was passed as part of the certificate request %1. This feature has not been enabled. To enable a CA key to be specified for certificate signing, run: "certutil -setreg ca\UseDefinedCACertInRequest 1" and then restart the service.

132

Microsoft-Windows-CertificationAuthority

The certification authority (CA) was unable to perform a decryption operation. This error can occur when an advanced encryption algorithm such as Advanced Encryption Standard (AES) is used and the CA has not been configured to use a CryptoAPI Next Generation (CNG) key storage provider. If this error occurred during certificate enrollment, check the certificate template to confirm that advanced encryption for key archival is not enabled.

AD CS Certification Authority (CA)

Active Directory Certificate Services