Details of the event with ID 80 of the source Microsoft-Windows-CertificateServicesClient-CertEnroll

Event Source:Microsoft-Windows-CertificateServicesClient-CertEnroll
Event ID:80 (0x825A0050)
Event log:Application
Event type:Warning
Event text (English):Certificate enrollment for %1 cannot enroll for a %2 certificate because the certificate enrollment server %3 is ROBO and only renewal is supported
Event text (German):The certificate registration for %1 cannot register for a %2 certificate because the %3 certificate registration server is a ROBO server and only renewal is supported.
Continue reading „Details zum Ereignis mit ID 80 der Quelle Microsoft-Windows-CertificateServicesClient-CertEnroll“

The role configuration for the Certificate Enrollment Web Service (CES) fails with error message "Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)".

Assume the following scenario:

  • A role configuration for the Certificate Enrollment Web Service (CES) is performed.
  • The role configuration fails with the following error message:
CCertificateEnrollmenServerSetup::InitializeInstallDefaults: Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)
Continue reading „Die Rollenkonfiguration für den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlermeldung „Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)““

The role configuration for the Certificate Enrollment Web Service (CES) fails with error message "The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE".

Assume the following scenario:

  • A role configuration for the Certificate Enrollment Web Service (CES) is performed.
  • The role configuration fails with the following error message:
The Certificate Enrollment Web Service Setup failed because the CA "CA02.intra.adcslabor.de\ADCS Labor Issuing CA 1" cannot be contacted. Check the name, and confirm that the CA is properly configured and available. The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_SERVER_UNAVAILABLE)   
Continue reading „Die Rollenkonfiguration für den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlermeldung „The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE““

Details of the event with ID 11 of the source Microsoft-Windows-EnrollmentWebService

Event Source:Microsoft Windows EnrollmentWebService
Event ID:11 (0xB)
Event log:Microsoft-Windows-EnrollmentWebService/Admin
Event type:Information
Event text (English):The Certificate Enrollment Web Service is enabled for key based renewal. Client certificates without subject information in the Active Directory database can be used to renew certificates.
Event text (German):The Certificate Enrollment Policy Web service is enabled for key-based renewal. Certificates can be renewed with client certificates without requester information in the Active Directory database.
Continue reading „Details zum Ereignis mit ID 11 der Quelle Microsoft-Windows-EnrollmentWebService“

Details of the event with ID 10 of the source Microsoft-Windows-EnrollmentWebService

Event Source:Microsoft Windows EnrollmentWebService
Event ID:10 (0xA)
Event log:Microsoft-Windows-EnrollmentWebService/Admin
Event type:Error
Event text (English):The Certificate Enrollment Web Service cannot operate because an incompatible configuration was selected. To resolve this issue, remove the Certificate Enrollment Web Service. If you want to use key based renewal, enable both client certificate authentication and renewal-only mode. If you want to use user name and password authentication or Windows authentication, disable key based renewal, and then run Setup again.
Event text (German):The certificate enrollment policy web service cannot be executed because an incompatible configuration has been selected. Remove the Certificate Enrollment Policy Web Service to resolve the issue. If you want to use key-based renewal, enable both client certificate authentication and renewal-only mode. If you want to use username and password authentication or Windows authentication, disable key-based renewal and run Setup again.
Continue reading „Details zum Ereignis mit ID 10 der Quelle Microsoft-Windows-EnrollmentWebService“

Details of the event with ID 3 of the source Microsoft-Windows-EnrollmentWebService

Event Source:Microsoft Windows EnrollmentWebService
Event ID:3 (0x3)
Event log:Microsoft-Windows-EnrollmentWebService/Admin
Event type:Error
Event text (English):The Certificate Enrollment Web Service failed to start. The certification authority (CA) "%1" is not an enterprise CA.
Event text (German):Error starting the certificate enrollment web service. The certificate authority "%1" is not an enterprise certificate authority.
Continue reading „Details zum Ereignis mit ID 3 der Quelle Microsoft-Windows-EnrollmentWebService“

Details of the event with ID 4 of the source Microsoft-Windows-EnrollmentWebService

Event Source:Microsoft Windows EnrollmentWebService
Event ID:4 (0x4)
Event log:Microsoft-Windows-EnrollmentWebService/Admin
Event type:Error
Event text (English):The Certificate Enrollment Web Service failed to start. A valid certification authority (CA) configuration is not specified in the web.config file. Please specify a CA configuration in the web.config file.
Event text (German):Error when starting the certificate enrollment web service. No valid certification authority configuration was specified in the "web.config" file. Specify a certification authority configuration in the "web.config" file.
Continue reading „Details zum Ereignis mit ID 4 der Quelle Microsoft-Windows-EnrollmentWebService“

Details of the event with ID 5 of the source Microsoft-Windows-EnrollmentWebService

Event Source:Microsoft Windows EnrollmentWebService
Event ID:5 (0x5)
Event log:Microsoft-Windows-EnrollmentWebService/Admin
Event type:Information
Event text (English):The Certificate Enrollment Web Service has been stopped.
Event text (German):The certificate enrollment web service has been terminated.
Continue reading „Details zum Ereignis mit ID 5 der Quelle Microsoft-Windows-EnrollmentWebService“

Details of the event with ID 6 of the source Microsoft-Windows-EnrollmentWebService

Event Source:Microsoft Windows EnrollmentWebService
Event ID:6 (0x6)
Event log:Microsoft-Windows-EnrollmentWebService/Admin
Event type:Warning
Event text (English):The Certificate Enrollment Web Service is in renewal-only mode. New enrollment requests cannot be processed when the Certificate Enrollment Web Service is in renewal-only mode. If you want to enable new enrollment requests, configure both the CA and the Certificate Enrollment Web Service for new enrollment requests.
Event text (German):The certificate enrollment web service is in renewal-only mode. New enrollment requests cannot be processed if the certificate enrollment web service is in renewal-only mode. If you want to enable new enrolment requests, configure the certification authority and the certificate enrolment web service for new enrolment requests.
Continue reading „Details zum Ereignis mit ID 6 der Quelle Microsoft-Windows-EnrollmentWebService“

Details of the event with ID 7 of the source Microsoft-Windows-EnrollmentWebService

Event Source:Microsoft Windows EnrollmentWebService
Event ID:7 (0x7)
Event log:Microsoft-Windows-EnrollmentWebService/Admin
Event type:Error
Event text (English):The Certificate Enrollment Web Service is attempting to use renewal-only mode, but certification authority (CA) "%1" does not support this mode. To use renewal-only mode, configure the Certificate Enrollment Web Service to use a CA that is installed on a computer that is running at least Windows Server 2008 R2. Then, configure the CA by running the following command on the CA: certutil -setreg policy\editflags +EDITF_ENABLERENEWONBEHALFOF. Otherwise, disable renewal-only mode. If no action is taken, subsequent requests will be rejected.
Event text (German):The certificate enrollment web service attempts to use renewal-only mode. However, this mode is not supported by the certification authority "%1". If you want to use renewal-only mode, configure the Certificate Enrollment Web Service to use a CA that is installed on a computer running Windows Server 2008 R2 or later, and then configure the CA itself by running the command "certutil -setreg policy\editflags +EDITF_ENABLERENEWONBEHALFOF". Otherwise, deactivate the renewal-only mode. If no action is performed, future requests will be rejected.
Continue reading „Details zum Ereignis mit ID 7 der Quelle Microsoft-Windows-EnrollmentWebService“

Details of the event with ID 8 of the source Microsoft-Windows-EnrollmentWebService

Event Source:Microsoft Windows EnrollmentWebService
Event ID:8 (0x8)
Event log:Microsoft-Windows-EnrollmentWebService/Admin
Event type:Error
Event text (English):The Certificate Enrollment Web Service cannot read the version or the configuration flags from certification authority (CA) "%1." On the Security tab of the CA property sheet, grant Read permission to the account used by the Certificate Enrollment Web Service application pool. If no action is taken, subsequent requests will be rejected.
Event text (German):The version or configuration identifiers of the certification authority "%1" cannot be read by the Certificate Registration Web Service. On the Security tab of the Certification Authority Properties page, grant read permissions to the account used by the Certificate Enrollment Web Service application pool. If no action is taken, future requests are denied.
Continue reading „Details zum Ereignis mit ID 8 der Quelle Microsoft-Windows-EnrollmentWebService“

Details of the event with ID 9 of the source Microsoft-Windows-EnrollmentWebService

Event Source:Microsoft Windows EnrollmentWebService
Event ID:9 (0x9)
Event log:Microsoft-Windows-EnrollmentWebService/Admin
Event type:Error
Event text (English):The Certificate Enrollment Web Service is attempting to use renewal-only mode, but certification authority (CA) "%1" does not support this mode. To use renewal-only mode, configure the CA by running the following command on the CA: certutil -setreg policy\editflags +EDITF_ENABLERENEWONBEHALFOF. Otherwise, disable renewal-only mode. If no action is taken, subsequent requests will be rejected.
Event text (German):The certificate enrollment web service tries to use the renewals-only mode. However, this mode is not supported by the "%1" certificate authority. If you want to use renewals-only mode, configure the certification authority. To do this, run the following command for the certification authority: "certutil -setreg policy\editflags +EDITF_ENABLERENEWONBEHALFOF". Otherwise, disable the renewals-only mode. If no action is taken, future requests are denied.
Continue reading „Details zum Ereignis mit ID 9 der Quelle Microsoft-Windows-EnrollmentWebService“

Details of the event with ID 2 of the source Microsoft-Windows-EnrollmentWebService

Event Source:Microsoft Windows EnrollmentWebService
Event ID:2 (0x2)
Event log:Microsoft-Windows-EnrollmentWebService/Admin
Event type:Error
Event text (English):The Certificate Enrollment Web Service failed to start. Confirm that the Certificate Enrollment Web Service is properly installed, and restart Internet Information Services (IIS) by using iisreset.exe. If the problem persists, enable tracing in the web.config file, restart IIS, attempt to enroll for a certificate again from any client, and then contact Microsoft Customer Service and Support with the trace file information. %1
Event text (German):Error starting the certificate registration web service. Ensure that the Certificate Enrollment Web Service is installed correctly and restart Internet Information Services (IIS) by using the iisreset.exe file. If the problem persists, enable tracing in the web.config file, restart IIS, retrieve policy information again from any client, and then contact Microsoft Customer Service and Support with the information in the tracing file. %1
Continue reading „Details zum Ereignis mit ID 2 der Quelle Microsoft-Windows-EnrollmentWebService“

Details of the event with ID 1 of the source Microsoft-Windows-EnrollmentWebService

Event Source:Microsoft Windows EnrollmentWebService
Event ID:1 (0x1)
Event log:Microsoft-Windows-EnrollmentWebService/Admin
Event type:Information
Event text (English):The Certificate Enrollment Web Service has started.
Event text (German):The certificate enrollment web service has been started.
Continue reading „Details zum Ereignis mit ID 1 der Quelle Microsoft-Windows-EnrollmentWebService“

Customize the Certificate Enrollment Web Service (CES) after migrating a certificate authority to a new server

If a Certificate Enrollment Web Service (CES) is operated in the network, it is necessary to use the "Migration of an Active Directory integrated certification authority (Enterprise Certification Authority) to another server" requires that the configuration of the CES is adapted to the new situation.

A configuration string (Config String) is stored in the configuration of the CES, which contains the server name of the connected certification authority. If this changes, the configuration must be adjusted accordingly.

Continue reading „Den Zertifikatbeantragungs-Webdienst (CES) nach der Migration einer Zertifizierungsstelle auf einen neuen Server anpassen“
en_USEnglish