Category: Certificate Enrollment Web Services

Overview of Windows events generated by the Certificate Enrollment Policy (CEP) service

The following is an overview of the events generated by the Certificate Enrollment Policy (CEP) service in the Windows Event Viewer.

The Certificate Registration Policy Service events are not officially documented. The following list was generated using the Windows Event Log Messages (WELM) tool.

Continue reading „Übersicht über die vom Zertifikatregistrierungs-Richtliniendienst (CEP) generierten Windows-Ereignisse“

Overview of Windows events generated by the Certificate Enrollment Web Service (CES).

The following is an overview of the events generated by the Certificate Enrollment Web Service (CES) in the Windows Event Viewer.

The events of the Certificate Enrollment Web Service are not officially documented. The following list was generated using the Windows Event Log Messages (WELM) tool.

Continue reading „Übersicht über die vom Zertifikatregistrierungs-Webdienst (CES) generierten Windows-Ereignisse“

Certificate Enrollment Web Service (CES) request fails with error code "WS_E_ENDPOINT_FAULT_RECEIVED".

Assume the following scenario:

  • A Certificate Enrollment Web Service (CES) is implemented in the network.
  • A certificate request is sent to the CES.
  • The certificate request fails with the following error message:
A message containing a fault was received from the remote endpoint. 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)
Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit dem Fehlercode „WS_E_ENDPOINT_FAULT_RECEIVED““

Performing a functional test for the Certificate Enrollment Policy Web Service (CEP)

After installing a Certificate Enrollment Policy Web Service (CEP), or after more extensive maintenance work, an extensive functional test should be performed to ensure that all components are working as desired.

Continue reading „Funktionstest durchführen für den Certificate Enrollment Policy Web Service (CEP)“

Required Windows security permissions for the Certificate Enrollment Web Service (CES)

Assuming one implements Microsoft's Active Directory Administrative Tiering Model, or applies similar hardening measures to one's servers, this will impact the CES components.

Continue reading „Benötigte Windows-Sicherheitsberechtigungen für den Zertifikatregistrierungs-Webdienst (CES)“

Configure the Certificate Enrollment Web Service (CES) to work with a Group Managed Service Account (gMSA).

For security reasons, it may make sense to operate the CES with a Group Managed Service Account (gMSA) instead of a normal domain account. This option offers the charming advantage that the password of the account is changed automatically, and thus this step does not have to be done manually, which is unfortunately forgotten far too often.

Continue reading „Den Certificate Enrollment Web Service (CES) für den Betrieb mit einem Group Managed Service Account (gMSA) konfigurieren“

Required Firewall Rules for Certificate Enrollment Policy (CEP) Web Service

Implementing a Certificate Enrollment Policy (CEP) web service often requires planning the firewall rules to be created on the network. The following is a list of the required firewall rules and any pitfalls.

Continue reading „Benötigte Firewallregeln für den Zertifikatregistrierungsrichtlinien-Webdienst (CEP)“

Required firewall rules for the Certificate Enrollment Web Service (CES)

Implementing a Certificate Enrollment Web Service (CES) often requires planning the firewall rules to be created on the network. The following is a list of the required firewall rules and any pitfalls.

Continue reading „Benötigte Firewallregeln für den Zertifikatregistrierungs-Webdienst (CES)“

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_INTERNET_NAME_NOT_RESOLVED".

Assume the following scenario:

  • You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
  • The operation fails with the following error message:
The name or address could not be resolved 0x80072ee7 (INet: 12007 ERROR_INTERNET_NAME_NOT_RESOLVED)
Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „ERROR_INTERNET_NAME_NOT_RESOLVED““

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_INTERNET_TIMEOUT".

Assume the following scenario:

  • You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
  • The operation fails with the following error message:
The operation timed out 0x80072ee2 (INet: 12002 ERROR_INTERNET_TIMEOUT)
Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „ERROR_INTERNET_TIMEOUT““

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "WS_E_ENDPOINT_FAILURE".

Assume the following scenario:

  • You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
  • The operation fails with the following error message:
The remote endpoint could not process the request. 0x803d000f (-2143485937 WS_E_ENDPOINT_FAILURE)
Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „WS_E_ENDPOINT_FAILURE““

Certificate Enrollment Web Service (CES) request fails with error code "WS_E_INVALID_ENDPOINT_URL".

Assume the following scenario:

  • You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
  • The operation fails with the following error message:
Certificate Request Processor: The endpoint address URL is invalid. 0x803d0020 (-2143485920 WS_E_INVALID_ENDPOINT_URL)
Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „WS_E_INVALID_ENDPOINT_URL““

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "WS_E_ENDPOINT_UNREACHABLE".

Assume the following scenario:

  • You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
  • The operation fails with the following error message:
The remote endpoint was not reachable. 0x803d0010 (-2143485936 WS_E_ENDPOINT_UNREACHABLE)
Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „WS_E_ENDPOINT_UNREACHABLE““

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_WINHTTP_CANNOT_CONNECT".

Assume the following scenario:

  • You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
  • The operation fails with the following error message:
Certificate Request Processor: A connection with the server could not be established 0x80072efd (WinHttp: 12029 ERROR_WINHTTP_CANNOT_CONNECT)
Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „ERROR_WINHTTP_CANNOT_CONNECT““

Requesting certificates via Certificate Enrollment Web Service (CES) fails with error code "ERROR_WINHTTP_TIMEOUT".

Assume the following scenario:

  • You try to request a certificate via a Certificate Enrollment Web Service (CEP) from an Active Directory-integrated certification authority (Enterprise Certification Authority).
  • The operation fails with the following error message:
Certificate Request Processor: The operation timed out 0x80072ee2 (WinHttp: 12002 ERROR_WINHTTP_TIMEOUT)
Continue reading „Die Beantragung eines Zertifikats über den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlercode „ERROR_WINHTTP_TIMEOUT““
en_USEnglish
de_DEDeutsch en_USEnglish