Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
Event ID: | 43 (0x2B) |
Event log: | Application |
Event type: | Error |
Symbolic Name: | EVENT_MSCEP_INVALID_USAGE_FOR_PASSWORD |
Event text (English): | This password has already been used to request a (%1) certificate. Only one signing certificate and one exchange certificate can be issued per password. Obtain a new password to use with this request, or create a new request with a different key usage and the same password, then try again. |
Event text (German): | This password has already been used to request a (%1) certificate. Only one signing certificate and one exchange certificate can be issued per password. Set a new password for this request or create a new request with a different key usage and the same password. Then repeat the process. |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: KeyUsage (win:UnicodeString)
The Network Device Enrollment Service (NDES) provides a way for devices that do not have an identifier in Active Directory (for example, network devices such as routers, switches, printers, thin clients, or smartphones and tablets) to request certificates from a certification authority. For a more detailed description, see the article "Network Device Enrollment Service (NDES) Basics„.
Example events
This password has already been used to request a (SIGNATURE) certificate. Only one signing certificate and one exchange certificate can be issued per password. Obtain a new password to use with this request, or create a new request with a different key usage and the same password, then try again.
Description
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
The message occurs when a certificate request is submitted via NDES with a password that has already been used. NDES supports three different certificate types, which are distinguished by their key usage extension.
These three certificate types could be set up once separately with the same password. Since in practice only one certificate type is usually used, this error message occurs when a password is reused.
See also Event no. 29.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
No description has been written for this yet.
One thought on “Details zum Ereignis mit ID 43 der Quelle Microsoft-Windows-NetworkDeviceEnrollmentService”
Comments are closed.