| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 44 (0x2C) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_MSCEP_GETCRL_FAILED |
| Event text (English): | The Network Device Enrollment Service cannot obtain the certificate revocation list (CRL) for key %1 from the certification authority. Verify that the CA service is running, the Network Device Enrollment Service account has Read permission on the CA service, and the CA service has successfully created the latest CRL. Use the Certification Authority management console to verify the permissions on the CA service. Use the command: Certutil -config "%2" -cainfo crl %3 to verify that the CA service has created the latest CRL. The error returned was (%4). %5 |
| Event text (German): | The certificate revocation list for the key %1 cannot be retrieved from the certification authority by the registration service for network devices. Ensure that the CA service is running, that the Network Device Enrollment Service account has read permission for the CA service, and that the CA service has successfully created the latest certificate revocation list. Use the Certificate Authority Management Console to check the permissions for the Certificate Authority Service. Use the command "Certutil -config "%2″ -cainfo crl %3" to ensure that the CA service has created the latest certificate revocation list. Error returned: (%4). %5 |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: KeyId (win:UnicodeString)
- %2: ConfigString (win:UnicodeString)
- %3: KeyId2 (win:UnicodeString)
- %4: ErrorCode (win:UnicodeString)
- %5: ErrorMessage (win:UnicodeString)
The Network Device Enrollment Service (NDES) provides a way for devices that do not have an identifier in Active Directory (for example, network devices such as routers, switches, printers, thin clients, or smartphones and tablets) to request certificates from a certification authority. For a more detailed description, see the article "Network Device Enrollment Service (NDES) Basics„.
Description
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
No description has been written for this yet.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
No description has been written for this yet.
English 
Deutsch