Details of the event with ID 53 of the source Microsoft-Windows-CertificationAuthority

Event Source:Microsoft-Windows-CertificationAuthority
Event ID:53 (0x35)
Event log:Application
Event type:Warning
Symbolic Name:MSG_DN_CERT_DENIED_WITH_INFO
Event text (English):Active Directory Certificate Services denied request %1 because %2. The request was for %3. Additional information: %4
Event text (German):The request %1 was rejected because %2. The request was for %3. More information: %4
Continue reading „Details zum Ereignis mit ID 53 der Quelle Microsoft-Windows-CertificationAuthority“

Use the Onlineresponder (OCSP) with a SafeNet Hardware Security Module (HSM)

With the SafeNet Key Storage Provider it is not possible to set permissions on the private keys: the Microsoft Management Console (MMC) will crash.

Continue reading „Den Onlineresponder (OCSP) mit einem SafeNet Hardware Security Module (HSM) verwenden“

Which Cryptographic Service Provider (CSP) should be used for the Network Device Enrollment Service (NDES)?

When configuring a certificate template for the Registration Authority (RA) certificates for the Network Device Enrollment Service (NDES), the question arises, especially when using Hardware Security Modules (HSM), which Cryptographic Service Provider (CSP) of the HSM manufacturer should be used.

Continue reading „Welcher Cryptographic Service Provider (CSP) sollte für den Registrierungsdienst für Netzwerkgeräte (NDES) verwendet werden?“

Certificate request fails with error message "Bad Data. 0x80090005 (-2146893819 NTE_BAD_DATA)."

Assume the following scenario:

  • A user sends a certificate request to a certificate authority.
  • The certificate request fails with the following error message:
Bad Data. 0x80090005 (-2146893819 NTE_BAD_DATA).
Denied by Policy Module.
Continue reading „Die Beantragung eines Zertifikats schlägt fehl mit Fehlermeldung „Bad Data. 0x80090005 (-2146893819 NTE_BAD_DATA).““

Checking the connection to the private key of a certificate (e.g. when using a hardware security module)

For a function test or during troubleshooting, it can be useful to check whether the private key of a certificate is usable. If the key is secured with a hardware security module (HSM), for example, there are significantly more dependencies and possibilities for errors than with a software key.

Continue reading „Überprüfen der Verbindung zum privaten Schlüssel eines Zertifikate (z.B. bei Einsatz eines Hardware Security Moduls)“

Restoring a certification authority from backup

The following describes how to restore a certification authority from backup. In addition to the disaster case, this procedure is also part of the Migration of a certification authority to a new server.

Continue reading „Wiederherstellung einer Zertifizierungsstelle aus der Sicherung (Backup)“

Restoration of a Certification Authority Certificate with Hardware Security Module (HSM)

The following describes how to restore a certificate authority certificate with software key.

Restoring the certification authority certificate may be necessary for the following reasons:

Continue reading „Wiederherstellung eines Zertifizierungsstellenzertifikats mit Hardware Security Modul (HSM)“

Role configuration for Network Device Enrollment Service (NDES) fails with error message "Failed to enroll RA certificates. The endpoint is a duplicate. 0x800706cc (WIN32: 1740 RPC_S_DUPLICATE_ENDPOINT)".

Assume the following scenario:

  • One installs a Network Device Enrollment Service (NDES) server.
  • One has the necessary permissions to install the role (local administrator, enterprise administrator).
  • The role configuration fails with the following error message:
Failed to enroll RA certificates. The endpoint is a duplicate. 0x800706cc (WIN32: 1740 RPC_S_DUPLICATE_ENDPOINT)
Continue reading „Die Rollenkonfiguration für den Registrierungsdienst für Netzwerkgeräte (NDES) schlägt fehl mit Fehlermeldung „Failed to enroll RA certificates. The endpoint is a duplicate. 0x800706cc (WIN32: 1740 RPC_S_DUPLICATE_ENDPOINT)““

Viewing the certificate store of the online responder (OCSP) and checking the signature certificates

Sometimes it is necessary to verify a signature certificate of an online responder, for example when the connection to the (if present) Hardware Security Module (HSM) has to be verified. The online responder uses its own certificate store when the certificates are automatically retrieved from a certificate authority.

Continue reading „Einsicht in den Zertifikatspeicher des Onlineresponders (OCSP) und Überprüfung der Signaturzertifikate“
en_USEnglish