Details of the event with ID 77 of the source Microsoft-Windows-CertificationAuthority

Event Source:	Microsoft-Windows-CertificationAuthority
Event ID:	77 (0x4D)
Event log:	Application
Event type:	Warning
Symbolic Name:	MSG_POLICY_LOG_WARNING
Event text (English):	The "%1" Policy Module logged the following warning: %2
Event text (German):	The policy module "%1" has logged the following warning: %2

Parameter

The parameters contained in the event text are filled with the following fields:

%1: PolicyModuleDescription (win:UnicodeString)
%2: WarningMessage (win:UnicodeString)

Example events

The "Windows default" Policy Module logged the following warning: The Active Directory connection to DC01.intra.adcslabor.de has been reestablished to DC01.intra.adcslabor.de.

The "Windows default" Policy Module logged the following warning: The Active Directory connection to ??? has been reestablished to DC01.intra.adcslabor.de.

The "Windows default" Policy Module logged the following warning: The ADCSLaborSMIME Certificate Template could not be loaded. Element not found. 0x80070490 (WIN32: 1168 ERROR_NOT_FOUND).

The "Windows default" Policy Module logged the following warning: Active Directory Certificate Services is configured to use LDAP referrals to request user data from the Active Directory directory service.

Description

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

Error messages from the configured policy module.

The Active Directory connection to [...] has been reestablished to [...].

This event is triggered when the current LDAP connection of the certification authority's policy module is renewed. In most cases, it is part of the standard behavior of the Microsoft certificate authority and can be safely ignored if it occurs only sporadically.

The [...] Certificate Template could not be loaded. Element not found. 0x80070490 (WIN32: 1168 ERROR_NOT_FOUND).

Occurs when a certificate template was published on the certificate authority that no longer exists in Active Directory.

Also occurs when the certificate authority does not have read permission on a published certificate template. By default, the certificate authority obtains read permission through the Authenticated Users entry in the certificate template's security settings.

A deleted certificate template can be restored (if available) from an LDIF export with the following command:

ldifde -i -f {filename>

Active Directory Certificate Services is configured to use LDAP referrals to request user data from the Active Directory directory service.

Reported when the EDITF_ENABLELDAPREFERRALS flag is set, for example because the certification authority is participating in cross-forest autoenrollment. The settings can be viewed with the following command:

certutil -v -getreg Policy\EditFlags

Safety assessment

The security assessment is based on the three dimensions of confidentiality, integrity and availability.

The event "The Active Directory connection to [...] has been reestablished to [...]." does not affect confidentiality, integrity, or availability.

The event "The [...] Certificate Template could not be loaded. Element not found. 0x80070490 (WIN32: 1168 ERROR_NOT_FOUND)." has an impact on availability, because no certificates can be issued from this certificate template. For this reason it should be monitored and alerted.

Microsoft rating

Microsoft evaluates this event in the Securing Public Key Infrastructure (PKI) Whitepaper with a severity score of "Low".