| Event Source: | Microsoft-Windows-OnlineResponderRevocationProvider |
| Event ID: | 16 (0x10) |
| Event log: | Application |
| Event type: | Warning |
| Event text (English): | For configuration %1, Online Responder revocation provider failed to update the CRL Information: %2. |
| Event text (German): | The online responder blocking provider could not update the revocation list information to configure %1: %2. |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: CAConfigurationId (win:UnicodeString)
- %2: ErrorCode (win:UnicodeString)
The Online Responder (Online Certificate Status Protocol, OCSP) is an alternative way of providing revocation status information for certificates. Entities that want to check the revocation status of a certificate do not have to download the complete list of all revoked certificates thanks to OCSP, but can make a specific request for the certificate in question to the online responder. For a more detailed description, see the article "Basics Online Responder (Online Certificate Status Protocol, OCSP)„.
Example events
For configuration ADCS Labor Issuing CA 1 (0), Online Responder revocation provider failed to update the CRL Information: The object identifier does not represent a valid object. 0x800710d8 (WIN32: 4312 ERROR_OBJECT_NOT_FOUND).
Description
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
Occurs when the online responder cannot update the underlying blacklist.
Error code ERROR_OBJECT_NOT_FOUND
Occurs when the blacklist is not found on the configured web server. The web server providing the blacklists will report HTTP error code 404.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
If this event occurs, availability is acutely endangered or already impaired, so an alert should be issued.
Related links:
- Overview of Windows events generated by the online responder (OCSP)
- Overview of the audit events generated by the online responder (OCSP)
English 
Deutsch
One thought on “Details zum Ereignis mit ID 16 der Quelle Microsoft-Windows-OnlineResponderRevocationProvider”
Comments are closed.