Details of the event with ID 8 of the source Microsoft-Windows-EnrollmentWebService

Event Source:Microsoft Windows EnrollmentWebService
Event ID:8 (0x8)
Event log:Microsoft-Windows-EnrollmentWebService/Admin
Event type:Error
Event text (English):The Certificate Enrollment Web Service cannot read the version or the configuration flags from certification authority (CA) "%1." On the Security tab of the CA property sheet, grant Read permission to the account used by the Certificate Enrollment Web Service application pool. If no action is taken, subsequent requests will be rejected.
Event text (German):The version or configuration identifiers of the certification authority "%1" cannot be read by the Certificate Registration Web Service. On the Security tab of the Certification Authority Properties page, grant read permissions to the account used by the Certificate Enrollment Web Service application pool. If no action is taken, future requests are denied.

Parameter

The parameters contained in the event text are filled with the following fields:

  • %1: CAConfig (win:UnicodeString)

The Certificate Enrollment Web Services (Certificate Enrollment Policy Web Service, CEP, and Certificate Enrollment Web Service, CES) enable the automatic request and renewal of certificates from a certification authority via a Web-based interface. This eliminates the need to contact the certification authority directly via Remote Procedure Call (RPC). For a more detailed description, see the article "Certificate request basics via Certificate Enrollment Web Services (CEP, CES)„.

Example events

The Certificate Enrollment Web Service cannot read the version or the configuration flags from certification authority (CA) "CA02.intra.adcslabor.de\ADCS Labor Issuing CA 1." On the Security tab of the CA property sheet, grant Read permission to the account used by the Certificate Enrollment Web Service application pool. If no action is taken, subsequent requests will be rejected.

Description

The event is logged only once, further failed attempts of the same type are not logged again.

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

The event occurs when Key Based Renewal is used and the account under which the IIS application pool (WSEnrollmentServer) is running does not have read permission on the certificate authority.

Clients will see the error code WS_E_ENDPOINT_FAULT_RECEIVED when they attempt a Key based Renewal.

After correcting the permissions, the IIS application pool or the entire web server service should be restarted.

Safety assessment

The security assessment is based on the three dimensions of confidentiality, integrity and availability.

No description has been written for this yet.

Related links:

External sources

One thought on “Details zum Ereignis mit ID 8 der Quelle Microsoft-Windows-EnrollmentWebService”

Comments are closed.

en_USEnglish