Event Source: | Microsoft-Windows-CertificateServicesClient-CertEnroll |
Event ID: | 13 (0xC25A000D) |
Event log: | Application |
Event type: | Error |
Event text (English): | Certificate enrollment for %1 failed to enroll for a %2 certificate with request ID %4 from %3 (%5). |
Event text (German): | The certificate enrollment for %1 failed to enroll for a certificate %2 with request ID %4 of %3 (%5). |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: Context (win:UnicodeString)
- %2: TemplateName (win:UnicodeString)
- %3: CA (win:UnicodeString)
- %4: RequestId (win:UnicodeString)
- %5: ErrorCode (win:UnicodeString)
Example events
Certificate enrollment for Local system failed to enroll for an ADCSLaborRemoteDesktopAuthentication certificate with request ID N/A from CA02.intra.adcslabor.de\ADCS Labor Issuing CA 1 (3dfcad0610880e9745d768c2fd4ae989ef530b30).
Certificate enrollment for INTRA\rudi failed to enroll for an ADCSLaborUserSmartcard certificate with request ID N/A from CA02.intra.adcslabor.de\ADCS Labor Issuing CA 1 (The action was canceled by the user. 0x8010006e (-2146434962 SCARD_W_CANCELLED_BY_USER)).
Certificate enrollment for INTRA\rudi failed to enroll for a ADCSLaborSMIME certificate with request ID 110808 from CA02.intra.adcslabor.de\ADCS Labor Issuing CA 1 (The requested certificate template is not supported by this CA. 0x80094800 (-2146875392 CERTSRV_E_UNSUPPORTED_CERT_TYPE)).
Certificate enrollment for INTRA\rudi failed to enroll for a ADCSLaborBenutzer certificate with request ID 150 from https://cews.adcslabor.de/ADCSLaborIssuingCA1_CES_Kerberos/service.svc/CES (The certificate has invalid policy. 0x800b0113 (-2146762477 CERT_E_INVALID_POLICY)).
Certificate enrollment for INTRA\rudi failed to enroll for a ADCSLaborBenutzer certificate with request ID 767 from CA02.intra.adcslabor.de\ADCS Labor Issuing CA 1 (A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA)).
Certificate enrollment for INTRA\rudi failed to enroll for an ADCSLaborBenutzer certificate with request ID 769 from CA02.intra.adcslabor.de\ADCS Labor Issuing CA 1 (The operation is denied. It can only be performed by a certificate manager that is allowed to manage certificates for the current requester. 0x80094009 (-2146877431 CERTSRV_E_RESTRICTEDOFFICER)).
Certificate enrollment for INTRA\rudi failed to enroll for a ADCSLaborBenutzer2 certificate with request ID N/A from CA02.intra.adcslabor.de\ADCS Labor Issuing CA 1 (The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)).
Certificate enrollment for Local system failed to enroll for a ADCSLaborComputerEKCERT certificate with request ID N/A from ECA02.intra.adcslabor.de\ADCS Labor Issuing CA NG 1 (One or more arguments are not correct. 0x800700a0 (WIN32/HTTP: 160 ERROR_BAD_ARGUMENTS)).
Certificate enrollment for INTRA\administrator failed to enroll for an ADCSLaborBenutzerTPMECC certificate with request ID N/A from CA02.intra.adcslabor.de\ADCS Labor Issuing CA 1 (The requested operation is not supported. 0x80090029 (-2146893783 NTE_NOT_SUPPORTED)).
Description
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
Error code 0x8010006e (The action was canceled by the user)
Occurs when the user cancels the process when applying for a certificate that requires the use of a smart card.
See also Event with ID 82.
Error code 0x80094800 (The requested certificate template is not supported by this CA)
Occurs when the requested certificate template was not published on the certification authority (for example, because the requester sent the certificate request to the wrong certification authority, or because the name of the certificate template was entered incorrectly).
Also occurs if the requested certificate template is published on the certification authority, but the certification authority does not have read permission on the certificate template.
Triggers on the Certification Authority the Event no. 53 off.
Error code 0x800706ba (The RPC server is unavailable)
Possible causes for this error message are:
- The certificate authority server is switched off.
- The certification authority service on the certification authority is not running.
- The client cannot connect to the certificate authority because a firewall prevents the connection. See also article "Firewall rules required for Active Directory Certificate Services„.
- The DNS record for the certification authority points to the wrong server.
- The requesting account does not have the "Access this Computer from the network" permission on the certificate authority.
See also Event with ID 82 and Event with ID 6 of source Microsoft-Windows-CertificateServicesClient-AutoEnrollment.
Error code 0x80094009 (The operation is denied. It can only be performed by a certificate manager that is allowed to manage certificates for the current requester).
Occurs when addressing a certificate template that requires the signature of a certificate enrollment agent, but the certificate request does not contain one.
Error code 0x80090029 (The requested operation is not supported.
May occur when a device set to elliptic curve based key in conjunction with the Microsoft Platform Crypto Provider. should be used. This is a bug that has been fixed with Windows 10 21H2 and Windows 11.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
No description has been written for this yet.
4 thoughts on “Details zum Ereignis mit ID 13 der Quelle Microsoft-Windows-CertificateServicesClient-CertEnroll”
Comments are closed.