Category: Troubleshooting

Certificate request fails with error message "The request is not supported. 0x80070032 (WIN32: 50 ERROR_NOT_SUPPORTED)".

Assume the following scenario:

  • A certificate is requested from an Active Directory integrated certification authority (Enterprise Certification Authority).
  • The request fails with the following error message:
An error occurred while enrolling for a certificate.
The certificate request could not be submitted to the certification authority.
Url: CA02.intra.adcslabor.de\ADCS Lab Issuing CA 1
Error: The request is not supported. 0x80070032 (WIN32: 50 ERROR_NOT_SUPPORTED)
Continue reading „Die Beantragung eines Zertifikats schlägt fehl mit Fehlermeldung „The request is not supported. 0x80070032 (WIN32: 50 ERROR_NOT_SUPPORTED)““

The role configuration for the Certificate Enrollment Web Service (CES) fails with error message "Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)".

Assume the following scenario:

  • A role configuration for the Certificate Enrollment Web Service (CES) is performed.
  • The role configuration fails with the following error message: 
CCertificateEnrollmenServerSetup::InitializeInstallDefaults: Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)
Continue reading „Die Rollenkonfiguration für den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlermeldung „Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)““

The role configuration for the Certificate Enrollment Web Service (CES) fails with error message "The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE".

Assume the following scenario:

  • A role configuration for the Certificate Enrollment Web Service (CES) is performed.
  • The role configuration fails with the following error message: 
The Certificate Enrollment Web Service Setup failed because the CA "CA02.intra.adcslabor.de\ADCS Labor Issuing CA 1" cannot be contacted. Check the name, and confirm that the CA is properly configured and available. The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_SERVER_UNAVAILABLE)
Continue reading „Die Rollenkonfiguration für den Certificate Enrollment Web Service (CES) schlägt fehl mit Fehlermeldung „The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE““

Microsoft Outlook: Emails encrypted with S/MIME cannot be opened. The error message "Internal error." appears.

Assume the following scenario:

  • A user receives an e-mail message encrypted with Secure/Multipurpose Internet Mail Extensions (S/MIME).
  • The message cannot be opened.
  • When opening the message, the following error message is displayed:
Unfortunately, there is a problem opening this item. This may be temporary. If this error occurs again, you should restart Outlook. Error in the underlying security system. Internal error.
Continue reading „Microsoft Outlook: Mit S/MIME verschlüsselte E-Mails können nicht geöffnet werden. Es erscheint die Fehlermeldung „Interner Fehler.““

Installation of a certification authority fails with error message "The Certification Authority is already installed."

Assume the following scenario:

  • A certification authority is installed.
  • An error occurred during installation that required a retry.
  • The certification authority role was uninstalled and then the role configuration was tried again.
  • The role configuration fails with the following error message:
The Certification Authority is already installed. If you are trying to reinstall the role service, you must first uninstall it.
Continue reading „Die Installation einer Zertifizierungsstelle schlägt fehl mit Fehlermeldung „The Certification Authority is already installed.““

Google Chrome reports error code "ERR_SSL_PROTOCOL_ERROR" when calling a web page

Assume the following scenario:

  • A web page is accessed using Google Chrome.
  • The connection setup fails with the following error message:
This website cannot provide a secure connection
test.intra.adcslabor.com has sent an invalid response.
Try to run the Windows network diagnostics.
ERR_SSL_PROTOCOL_ERROR
Continue reading „Google Chrome meldet Fehlercode „ERR_SSL_PROTOCOL_ERROR“ beim Aufruf einer Webseite“

Installation or uninstallation of a Windows feature fails with error message "The service is configured to not accept any remote shell requests."

Assume the following scenario:

  • A Windows role concerning Active Directory Certificate Services (Certification Authority, Network Device Enrollment Service (NDES), Certificate Authority Web Enrollment (CAWE), Certificate Enrollment Web Services (CEP, CES), or Online Certificate Service Provider (OCSP)) is to be installed or uninstalled.
  • The installation or uninstallation fails with the following error message:
The status of the role services on the target machine cannot be determined. Please retry. The error is The WS-Management service cannot process the request. The service is configured to not accept any remote shell requests.
Continue reading „Die Installation oder Deinstallation eines Windows-Features schlägt fehl mit Fehlermeldung „The service is configured to not accept any remote shell requests.““

The online responder (OCSP) reports "The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE".

Assume the following scenario:

  • An online responder (OCSP) is configured on the network.
  • OCSP is enabled for a certificate authority and a revocation configuration is set up.
  • The management console for the online responder displays the following status for the revocation configuration:
Type: Microsoft CRL-based revocation status provider.
The revocation provider failed with the current configuration. The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE), 0x80092013
Continue reading „Der Onlineresponder (OCSP) meldet „The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE““

The online responder (OCSP) reports "The object identifier does not represent a valid object. 0x800710d8 (WIN32: 4312 ERROR_OBJECT_NOT_FOUND)".

Assume the following scenario:

  • An online responder (OCSP) is configured on the network.
  • OCSP is enabled for a certificate authority and a revocation configuration is set up.
  • The management console for the online responder displays the following status for the revocation configuration:
Type: Microsoft CRL-based revocation status provider.
The revocation provider failed with the current configuration. The object identifier does not represent a valid object. 0x800710d8 (WIN32: 4312 ERROR_OBJECT_NOT_FOUND), 0x800710d8
Continue reading „Der Onlineresponder (OCSP) meldet „The object identifier does not represent a valid object. 0x800710d8 (WIN32: 4312 ERROR_OBJECT_NOT_FOUND)““

Revocation of an issued certificate fails with error message "The data is invalid. 0x8007000d (WIN32: 13 ERROR_INVALID_DATA)".

Assume the following scenario:

  • A certificate is revoked via the command line (certutil -revoke).
  • The operation fails with the following error message:
ICertAdmin::RevokeCertificate: The data is invalid. 0x8007000d (WIN32: 13 ERROR_INVALID_DATA)
Continue reading „Der Widerruf eines ausgestellten Zertifikats schlägt fehl mit Fehlermeldung „The data is invalid. 0x8007000d (WIN32: 13 ERROR_INVALID_DATA)““

The certification authority service does not start and throws the error message "The system cannot find the file specified. 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)".

Assume the following scenario:

  • A certification authority is installed.
  • The installation is successful, but the Certificate Authority service does not start after the installation.
  • When trying to start the Certificate Authority service from the Certificate Authority Management Console, you receive the following error message:
The system cannot find the file specified. 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)
The policy module for a CA is missing or incorrectly registered. To view or change policy module settings, right-click on the CA, click Properties, and then click the Policy Module tab.
Continue reading „Der Zertifizierungsstellen-Dienst startet nicht und wirft die Fehlermeldung „The system cannot find the file specified. 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)““

Inspect TLS traffic with Wireshark (decrypt HTTPS)

When troubleshooting, it can be very helpful to view encrypted SSL connections in order to inspect the messages within. There is a relatively simple way to do this with Wireshark.

Continue reading „TLS-Datenverkehr mit Wireshark inspizieren (HTTPS entschlüsseln)“

HTTP error code 403 when logging on to Internet Information Services (IIS) using client certificate after renewing web server certificate

Assume the following scenario:

  • A user or application accesses a web page or web application running on an Internet Information Services (IIS) web server.
  • The web server is configured to request a client certificate for the requested resource.
  • Although there is a valid client certificate on the client, the error code 403 Forbidden is returned immediately. The user is not prompted (when calling the page with a browser) to select a certificate.
  • The web server certificate was recently renewed and the IIS SSL binding was configured accordingly via the IIS Manager.
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
Continue reading „HTTP Fehlercode 403 bei Anmeldung mittels Client-Zertifikat an Internet Information Services (IIS) nach Erneuerung des Webserver-Zertifikats“

Certificate request fails with error message "The request is missing required signature policy information. 0x80094809 (-2146875383 CERTSRV_E_SIGNATURE_POLICY_REQUIRED)".

Assume the following scenario:

  • A user sends a certificate request to a certificate authority.
  • The certificate request fails with the following error message:
The request is missing required signature policy information. 0x80094809 (-2146875383 CERTSRV_E_SIGNATURE_POLICY_REQUIRED)
Denied by Policy Module
Continue reading „Die Beantragung eines Zertifikats schlägt fehl mit Fehlermeldung „The request is missing required signature policy information. 0x80094809 (-2146875383 CERTSRV_E_SIGNATURE_POLICY_REQUIRED)““

Microsoft Outlook: Find out recipient certificates for S/MIME encrypted mails

For troubleshooting e-mail messages encrypted using Secure/Multipurpose Internet Mail Extensions (S/MIME), the encrypted part of a message can be exported. See article "Microsoft Outlook: Extracting an encrypted S/MIME message from an email„.

To find out with which certificates a message has been encrypted, you can proceed as follows...

Continue reading „Microsoft Outlook: Empfänger-Zertifikate bei S/MIME verschlüsselten Mails herausfinden“
en_USEnglish
de_DEDeutsch en_USEnglish