Details of the event with ID 23 of the source Microsoft-Windows-OnlineResponder

Event Source:Microsoft-Windows-OnlineResponder
Event ID:23 (0x17)
Event log:Application
Event type:Error
Symbolic Name:MSG_E_CACONFIG_MISSING_SIGNINGCERT
Event text (English):The Online Responder Service could not locate a signing certificate for configuration %1.(%2)
Event text (German):The online responder service could not find a signing certificate for the configuration %1.(%2)

Parameter

The parameters contained in the event text are filled with the following fields:

  • %1: CAConfigurationId (win:UnicodeString)
  • %2: ErrorCode (win:UnicodeString)

The Online Responder (Online Certificate Status Protocol, OCSP) is an alternative way of providing revocation status information for certificates. Entities that want to check the revocation status of a certificate do not have to download the complete list of all revoked certificates thanks to OCSP, but can make a specific request for the certificate in question to the online responder. For a more detailed description, see the article "Basics Online Responder (Online Certificate Status Protocol, OCSP)„.

Example events

The Online Responder Service could not locate a signing certificate for configuration ADCS Labor Issuing CA 2 (0).(Cannot find the original signer. 0x8009100e (-2146889714 CRYPT_E_SIGNER_NOT_FOUND))
The Online Responder Service could not locate a signing certificate for configuration ADCS Labor Issuing CA 1 (Key 0).(Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED))
The Online Responder Service could not locate a signing certificate for configuration ADCS Labor Issuing CA 2 (0).(The user name or password is incorrect. 0x8007052e (WIN32: 1326 ERROR_LOGON_FAILURE))

Description

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

This event occurs when the signing certificate for a revocation configuration has expired. It is therefore no longer usable.

This event is preceded by the Event no. 34 ahead. See also article "Effects of the failure of the online responder (OCSP) on the verification of the revocation status of a certificate„.

Safety assessment

The security assessment is based on the three dimensions of confidentiality, integrity and availability.

Since the revocation configuration has failed, availability is acutely impaired and thus the event is to be rated as critical.

Related links:

External sources

One thought on “Details zum Ereignis mit ID 23 der Quelle Microsoft-Windows-OnlineResponder”

Comments are closed.

en_USEnglish