Details of the event with ID 46 of the source Microsoft-Windows-CertificationAuthority

Event Source:	Microsoft-Windows-CertificationAuthority
Event ID:	46 (0x2E)
Event log:	Application
Event type:	Error
Symbolic Name:	MSG_E_EXIT_ERROR
Event text (English):	The "%1" Exit Module "%2" method returned an error. %5 The returned status code is %3. %4
Event text (German):	Termination module "%1", method "%2", has caused an error. %5 Returned status code: %3. %4

Parameter

The parameters contained in the event text are filled with the following fields:

%1: ExitModuleDescription (win:UnicodeString)
%2: MethodName (win:UnicodeString)
%3: ErrorCode (win:UnicodeString)
%4: param4 (win:UnicodeString)
%5: ErrorString (win:UnicodeString)

Example events

The "Windows default" Exit Module "Notify" method returned an error. An attempt was made to open a Certification Authority database session, but there are already too many active sessions. The server may need to be configured to allow additional sessions. The returned status code is 0x8009400f (-2146877425). The Certification Authority was unable to send an email notification for EXITEVENT_CERTDENIED to Unavailable.

The "Windows default" Exit Module "Notify" method returned an error. An attempt was made to open a Certification Authority database session, but there are already too many active sessions. The server may need to be configured to allow additional sessions. The returned status code is 0x8009400f (-2146877425).  The Certification Authority was unable to send an email notification for EXITEVENT_PENDING to Unavailable.

The "Windows default" Exit Module "Notify" method returned an error. An attempt was made to open a Certification Authority database session, but there are already too many active sessions. The server may need to be configured to allow additional sessions. The returned status code is 0x8009400f (-2146877425).  The Certification Authority was unable to send an email notification for EXITEVENT_CERTRETRIEVEPENDING to Unavailable.

The "Windows default" Exit Module "Initialize" method returned an error. The transport failed to connect to the server. The returned status code is 0x80040213 (-2147220973). The Certification Authority was unable to send an email notification for EXITEVENT_STARTUP to admins1@fabrikam.com,admin2@fabrikam.com.

The "Windows default" Exit Module "Initialize" method returned an error. Class not registered The returned status code is 0x80040154 (-2147221164).  The Certification Authority was unable to initialize email messaging objects.

The "Windows default" Exit Module "Notify" method returned an error. Class not registered The returned status code is 0x80040154 (-2147221164).  The Certification Authority was unable to send an email notification for EXITEVENT_SHUTDOWN to Unavailable.

The "" Exit Module "Initialize" method returned an error. Class not registered The returned status code is 0x80040154 (-2147221164).

The "My First Exit Module" Exit Module "Notify" method returned an error. Error 0x80131502 (-2146233086) The returned status code is 0x80131502 (-2146233086).

The "My First Exit Module" Exit Module "Notify" method returned an error. Error 0x80131500 (-2146233088) The returned status code is 0x80131500 (-2146233088).

The "My First Exit Module" Exit Module "Notify" method returned an error. The parameter is incorrect. The returned status code is 0x80070057 (87).

The "" Exit Module "Initialize" method returned an error. Unknown name. The returned status code is 0x80020006 (-2147352570).

Description

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

An attempt was made to open a Certification Authority database session, but there are already too many active sessions. The server may need to be configured to allow additional sessions. The returned status code is 0x8009400f (-2146877425).

May occur if a session to the certificate authority database cannot be opened.

The event can occur even if the "Windows Default" exit module is not in use at all, and the certificate authority is under heavy load. The Disabling the "Windows Default" exit module would be a solution to avoid the events in this case.

Can be used in conjunction with event no. 53 and 130 occur. See also article "Certificate or revocation list issuance fails with error code CERTSRV_E_NO_DB_SESSIONS„.

May also indicate a Denial of Service (DoS) attack.

The transport failed to connect to the server. The returned status code is 0x80040213 (-2147220973).

Can occur when an e-mail is to be sent but no connection to the configured e-mail server is possible. See also article "Disabling the SMTP Exit Module of a Certification Authority" and "Combining the SMTP Exit module with a local SMTP server for increased resilience„.

Class not registered The returned status code is 0x80040154 (-2147221164).

Can occur if a non-functioning exit module is configured. See also article "Create an exit module for the certification authority in C#„.

If additionally "The Certification Authority was unable to initialize email messaging objects." or "The Certification Authority was unable to send an email notification for..." is reported, see article "The SMTP Exit module does not work on Windows Server Core„.

Safety assessment

The security assessment is based on the three dimensions of confidentiality, integrity and availability.

This event does not always affect the availability of the certification authority. However, since it can happen, it should be critically checked.

Microsoft rating

Microsoft evaluates this event in the Securing Public Key Infrastructure (PKI) Whitepaper with a severity score of "Low".