Category: Security

Force domain controller (or other participants) to use an online responder (OCSP)

By default, Windows systems, even if an online responder (OCSP) is configured, will be sent to a certain number of OCSP requests fall back to a (if available) brevocation list, because this is usually more efficient in such a case. However, this behavior is not always desired.

For example, if one uses smart card logins, one might want to know if Logins were executed with unauthorized issued certificates. In conjunction with the deterministic good of the online responder you can thus create an (almost) seamless Audit trail create for all smartcard logins.

Continue reading „Domänencontroller (oder andere Teilnehmer) zwingen, einen Onlineresponder (OCSP) zu verwenden“

Details of the event with ID 5127 of the source Microsoft-Windows-Security-Auditing

Event Source:Microsoft Windows Security Auditing
Event ID:5127 (0x1407)
Event log:Security
Event type:Information
Event text (English):The OCSP Revocation Provider successfully updated the revocation information. CA Configuration ID: %1 Base CRL Number: %2 Base CRL This Update: %3 Base CRL Hash: %4 Delta CRL Number: %5 Delta CRL Indicator: %6 Delta CRL This Update: %7 Delta CRL Hash: %8
Event text (German):The OCSP response service has successfully updated the revocation information. Certification authority configuration ID: %1 Base revocation list number: %2 Base revocation list, this update: %3 Base revocation list hash: %4 Delta revocation list number: %5 Delta revocation list display: %6 Delta revocation list, this update: %7 Delta revocation list hash: %8
Continue reading „Details zum Ereignis mit ID 5127 der Quelle Microsoft-Windows-Security-Auditing“

Details of the event with ID 5059 of the source Microsoft-Windows-Security-Auditing

Event Source:Microsoft Windows Security Auditing
Event ID:5059 (0x13C3)
Event log:Security
Event type:Information
Event text (English):Key migration operation. Subject: Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Cryptographic Parameters: Provider Name: %5 Algorithm Name: %6 Key Name: %7 Key Type: %8 Additional Information: Operation: %9 Return Code:
Event text (German):Key migration process. Applicant: Security ID: %1 Account name: %2 Account domain: %3 Login ID: %4 Cryptographic parameters: Provider Name: %5 Algorithm Name: %6 Key Name: %7 Key Type: %8 Additional Information: Operation: %9 Return code:
Continue reading „Details zum Ereignis mit ID 5059 der Quelle Microsoft-Windows-Security-Auditing“

Details of the event with ID 5120 of the source Microsoft-Windows-Security-Auditing

Event Source:Microsoft Windows Security Auditing
Event ID:5120 (0x1400)
Event log:Security
Event type:Information
Event text (English):OCSP Responder Service Started.
Event text (German):The OCSP response service has been started.
Continue reading „Details zum Ereignis mit ID 5120 der Quelle Microsoft-Windows-Security-Auditing“

Details of the event with ID 5121 of the source Microsoft-Windows-Security-Auditing

Event Source:Microsoft Windows Security Auditing
Event ID:5121 (0x1401)
Event log:Security
Event type:Information
Event text (English):OCSP Responder Service Stopped.
Event text (German):The OCSP response service has been terminated.
Continue reading „Details zum Ereignis mit ID 5121 der Quelle Microsoft-Windows-Security-Auditing“

Details of the event with ID 5122 of the source Microsoft-Windows-Security-Auditing

Event Source:Microsoft Windows Security Auditing
Event ID:5122 (0x1402)
Event log:Security
Event type:Information
Event text (English):A Configuration entry changed in the OCSP Responder Service. CA Configuration ID: %1 New Value: %2
Event text (German):A configuration entry was changed in the OCSP response service. Certification authority configuration ID: %1 New value: %2
Continue reading „Details zum Ereignis mit ID 5122 der Quelle Microsoft-Windows-Security-Auditing“

Details of the event with ID 5123 of the source Microsoft-Windows-Security-Auditing

Event Source:Microsoft Windows Security Auditing
Event ID:5123 (0x1403)
Event log:Security
Event type:Information
Event text (English):A configuration entry changed in the OCSP Responder Service. Property Name: %1 New Value: %2
Event text (German):A configuration entry has been changed in the OCSP response service. Property name: %1 New value: %2
Continue reading „Details zum Ereignis mit ID 5123 der Quelle Microsoft-Windows-Security-Auditing“

Details of the event with ID 5124 of the source Microsoft-Windows-Security-Auditing

Event Source:Microsoft Windows Security Auditing
Event ID:5124 (0x1404)
Event log:Security
Event type:Information
Event text (English):A security setting was updated on OCSP Responder Service. New Value: %1
Event text (German):A security setting has been updated for the OCSP response service. New value: %1
Continue reading „Details zum Ereignis mit ID 5124 der Quelle Microsoft-Windows-Security-Auditing“

Details of the event with ID 5125 of the source Microsoft-Windows-Security-Auditing

Event Source:Microsoft Windows Security Auditing
Event ID:5125 (0x1405)
Event log:Security
Event type:Information
Event text (English):A request was submitted to OCSP Responder Service.
Event text (German):A request is transmitted to the OCSP response service.
Continue reading „Details zum Ereignis mit ID 5125 der Quelle Microsoft-Windows-Security-Auditing“

Details of the event with ID 5126 of the source Microsoft-Windows-Security-Auditing

Event Source:Microsoft Windows Security Auditing
Event ID:5126 (0x1406)
Event log:Security
Event type:Information
Event text (English):Signing Certificate was automatically updated by the OCSP Responder Service. CA Configuration ID: %1 New Signing Certificate Hash: %2
Event text (German):The signing certificate was automatically updated by the OCSP response service. Certification authority configuration ID: %1 New signature certificate hash: %2
Continue reading „Details zum Ereignis mit ID 5126 der Quelle Microsoft-Windows-Security-Auditing“

Details of the event with ID 4899 of the source Microsoft-Windows-Security-Auditing

Event Source:Microsoft Windows Security Auditing
Event ID:4899 (0x1323)
Event log:Security
Event type:Information
Event text (English):A Certificate Services template was updated. %1 v%2 (Schema V%3) %4 %5 Template Change Information: Old Template Content: %8 New Template Content: %7 Additional Information: Domain Controller: %6
Event text (German):The certificate service template has been updated. %1 v%2 (Scheme V%3) %4 %5 Template information: Template content: %7 Security description: %8 Additional information: Domain Controller: %6
Continue reading „Details zum Ereignis mit ID 4899 der Quelle Microsoft-Windows-Security-Auditing“

Details of the event with ID 4900 of the source Microsoft-Windows-Security-Auditing

Event Source:Microsoft Windows Security Auditing
Event ID:4900 (0x1324)
Event log:Security
Event type:Information
Event text (English):Certificate Services template security was updated. %1 v%2 (Schema V%3) %4 %5 Template Change Information: Old Template Content: %9 New Template Content: %7 Old Security Descriptor: New Security Descriptor: %8 Additional Information: Domain Controller: %6
Event text (German):The security of the certificate service template has been updated. The certificate services have loaded a template. %1 v%2 (Schema V%3) %4 %5 Template change information: Old template content: %9 New template content: %7 Old security description: New security description: %8 Additional information: Domain controller: %6
Continue reading „Details zum Ereignis mit ID 4900 der Quelle Microsoft-Windows-Security-Auditing“

Details of the event with ID 5058 of the source Microsoft-Windows-Security-Auditing

Event Source:Microsoft Windows Security Auditing
Event ID:5058 (0x13C2)
Event log:Security
Event type:Information
Event text (English):Key file operation. Subject: Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Cryptographic Parameters: Provider Name: %5 Algorithm Name: %6 Key Name: %7 Key Type: %8 Key File Operation Information: File Path: %9 Operation: Return Code:
Event text (German):Key file process. Applicant: Security ID: %1 Account name: %2 Account domain: %3 Logon ID: %4 Cryptographic parameters: Provider name: %5 Algorithm name: %6 Key name: %7 Key type: %8 Key file operation information: File path: %9 Operation: Return code:
Continue reading „Details zum Ereignis mit ID 5058 der Quelle Microsoft-Windows-Security-Auditing“

Details of the event with ID 4895 of the source Microsoft-Windows-Security-Auditing

Event Source:Microsoft Windows Security Auditing
Event ID:4895 (0x131F)
Event log:Security
Event type:Information
Event text (English):Certificate Services published the CA certificate to Active Directory Domain Services. Certificate Hash: %1 Valid From: %2 Valid To: %3
Event text (German):The certificate services have published the certification authority certificate in the Active Directory domain services. Certificate hash: %1 Valid from: %2 Valid until: %3
Continue reading „Details zum Ereignis mit ID 4895 der Quelle Microsoft-Windows-Security-Auditing“

Details of the event with ID 4896 of the source Microsoft-Windows-Security-Auditing

Event Source:Microsoft Windows Security Auditing
Event ID:4896 (0x1320)
Event log:Security
Event type:Information
Event text (English):One or more rows have been deleted from the certificate database. Table ID: %1 Filter: %2 Rows Deleted: %3
Event text (German):At least one row was deleted from the certificate database. Table ID: %1 Filter: %2 Deleted rows: %3
Continue reading „Details zum Ereignis mit ID 4896 der Quelle Microsoft-Windows-Security-Auditing“
en_USEnglish
de_DEDeutsch en_USEnglish