Enterprise PKI Status Codes
Applies To: Windows Server 2008
The Enterprise PKI snap-in provides a view of the status of the certification authorities (CAs) and Online Responders in one or more public key infrastructures (PKIs). In addition, the Enterprise PKI snap-in can be used to verify the validity and accessibility of authority information access (AIA) locations and certificate revocation list (CRL) distribution points.
For each CA selected, the Enterprise PKI snap-in indicates one of the CA health states listed in the following table.
| Indicator | CA state |
|---|---|
Question mark |
CA health state evaluation |
Green indicator |
CA has no problems |
Yellow indicator |
CA has one or more non-critical problems |
Red indicator |
CA has one or more critical problems |
Red cross over CA icon |
CA is offline |
If your environment includes one or more Online Responders, the Enterprise PKI snap-in can be used to monitor the status of these components. The indicators and health states in the following table apply to Online Responders.
| Indicator | Online Responder state |
|---|---|
Question mark |
Online Responder health state evaluation |
Green indicator |
Online Responder has no problems |
Yellow indicator |
Online Responder has one or more non-critical problems |
Red indicator |
Online Responder has one or more critical problems |
Red cross over CA icon |
Online Responder is offline |
The following status codes apply to CRL distribution points, delta CRL distribution points, and authority information access locations.
| Indicator | CRL distribution point or authority information access state |
|---|---|
Question mark |
Location health state evaluation |
Green indicator |
Data is available and has no problems |
Yellow indicator |
Data is available and has one or more non-critical problems |
Red indicator |
Data is available but has one or more critical problems |
Red cross over CA icon |
Data is not available |
For problems relating to the Online Responder, use the Online Responder snap-in to further diagnose and resolve the problem. For problems relating to CAs, CRL distribution points, and authority information access locations, use the Certification Authority snap-in to further diagnose and resolve the problem. In addition, check the Event log on the computers hosting the Active Directory Certificate Services (AD CS) role services for additional troubleshooting information that can help you identify and resolve any problems. For more information about troubleshooting CA, Online Responder, certificate validation, and revocation checking problems, see Active Directory Certificate Services Troubleshooting (https://go.microsoft.com/fwlink/?LinkId=89215).