Tag: SafeNet

The partition of the Hardware Security Module (HSM) runs full

Assume the following scenario:

  • A Certification Authority uses a Hardware Security Module (HSM).
  • The partition of the hardware security module fills up with more and more keys over the lifetime of the certificate authority.
  • At SafeNet hardware security modules, this can even cause the partition to fill up. As a result, the events 86 and 88 logged by the Certification Authority.
Continue reading „Die Partition des Hardware Security Moduls (HSM) läuft voll“

The Certificate Authority service fails to start and throws the error message "Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL)."

Assume the following scenario:

  • A certification authority is implemented in the network.
  • The certification authority service does not start.
  • When trying to start the Certification Authority service, you get the following error message:
Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL).
Continue reading „Der Zertifizierungsstellen-Dienst startet nicht und wirft die Fehlermeldung „Provider DLL failed to initialize correctly. 0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL).““

The certification authority service does not start and throws the error message "The system cannot find the file specified. 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)".

Assume the following scenario:

  • A certification authority is installed.
  • The installation is successful, but the Certificate Authority service does not start after the installation.
  • When trying to start the Certificate Authority service from the Certificate Authority Management Console, you receive the following error message:
The system cannot find the file specified. 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)
The policy module for a CA is missing or incorrectly registered. To view or change policy module settings, right-click on the CA, click Properties, and then click the Policy Module tab.
Continue reading „Der Zertifizierungsstellen-Dienst startet nicht und wirft die Fehlermeldung „The system cannot find the file specified. 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)““

The installation of a certificate authority certificate fails with error code "NTE_PROVIDER_DLL_FAIL".

Assume the following scenario:

  • A certification authority is installed.
  • The certificate authority uses a Gemalto/SafeNet Hardware Security Module (HSM) with the SafeNet Luna Key Storage Provider.
  • After the certification authority certificate is issued by the parent certification authority, it is installed to complete the role configuration.
  • The installation of the certificate authority certificate fails with the following error message:
An error was detected while configuring Active Directory Certificate Services.
The Active Directory Certificate Services Setup Wizard will need to be rerun to complete the configuration.
The new certificate public key does not match the current outstanding request.
The wrong request may have been used to generate the new certificate: Provider DLL failed to initialize correctly.
0x8009001d (-2146893795 NTE_PROVIDER_DLL_FAIL)
Continue reading „Die Installation eines Zertifizierungsstellen-Zertifikats schlägt fehl mit Fehlercode „NTE_PROVIDER_DLL_FAIL““

Installation of a certificate authority fails with error code ERROR_INVALID_PARAMETER

Assume the following scenario:

  • A certification authority is installed
  • The role configuration fails with the following error message:
CCertSrvSetupProperty: The parameter is incorrect. 0x80070057 (WIN32: ERROR_INVALID_PARAMETER).
Continue reading „Die Installation einer Zertifizierungsstelle schlägt fehl mit Fehlercode ERROR_INVALID_PARAMETER“

Installation of a certificate authority fails with error code "Bad Data. 0x80090005 (-2146893819 NTE_BAD_DATA)."

Assume the following scenario:

  • An attempt is made to install a certificate authority
  • The role configuration fails with the following error message:
An error occurred when creating the new key container "ADCS Labor Issuing CA 3". Please make sure the CSP is installed correctly or select another CSP.
Bad Data. 0x80090005 (-2146893819 NTE_BAD_DATA).
Continue reading „Die Installation einer Zertifizierungsstelle schlägt fehl mit Fehlercode „Bad Data. 0x80090005 (-2146893819 NTE_BAD_DATA).““

Details of the event with ID 130 of the source Microsoft-Windows-CertificationAuthority

Event Source:Microsoft-Windows-CertificationAuthority
Event ID:130 (0x82)
Event log:Application
Event type:Error
Symbolic Name:MSG_E_CRL_CREATION
Event text (English):Active Directory Certificate Services could not create a certificate revocation list. %1. This may cause applications that need to check the revocation status of certificates issued by this CA to fail. You can recreate the certificate revocation list manually by running the following command: "certutil -CRL". If the problem persists, restart Certificate Services.
Event text (German):No certificate revocation list could be created by Active Directory Certificate Services. %1. This may cause an error to occur in applications that require checking the revocation status of certificates issued by this certificate authority. The certificate revocation list can be manually recreated by running the following command: "certutil -CRL". If the problem persists, restart Certificate Services.
Continue reading „Details zum Ereignis mit ID 130 der Quelle Microsoft-Windows-CertificationAuthority“

Details of the event with ID 86 of the source Microsoft-Windows-CertificationAuthority

Event Source:Microsoft-Windows-CertificationAuthority
Event ID:86 (0x56)
Event log:Application
Event type:Warning
Symbolic Name:MSG_E_BAD_REGISTRY_CA_XCHG_CSP
Event text (English):Active Directory Certificate Services could not use the provider specified in the registry for encryption keys. %1
Event text (German):Active Directory certificate services could not use the encryption key provider specified in the registry. %1
Continue reading „Details zum Ereignis mit ID 86 der Quelle Microsoft-Windows-CertificationAuthority“

Details of the event with ID 53 of the source Microsoft-Windows-CertificationAuthority

Event Source:Microsoft-Windows-CertificationAuthority
Event ID:53 (0x35)
Event log:Application
Event type:Warning
Symbolic Name:MSG_DN_CERT_DENIED_WITH_INFO
Event text (English):Active Directory Certificate Services denied request %1 because %2. The request was for %3. Additional information: %4
Event text (German):The request %1 was rejected because %2. The request was for %3. More information: %4
Continue reading „Details zum Ereignis mit ID 53 der Quelle Microsoft-Windows-CertificationAuthority“

Details of the event with ID 34 of the source Microsoft-Windows-CertificationAuthority

Event Source:Microsoft-Windows-CertificationAuthority
Event ID:34 (0x22)
Event log:Application
Event type:Error
Event text (English):Active Directory Certificate Services did not start: Could not initialize RPC for %1. %2.
Event text (German):Active Directory certificate services were not started: RPC for %1 could not be initialized. %2.
Continue reading „Details zum Ereignis mit ID 34 der Quelle Microsoft-Windows-CertificationAuthority“

Use the Onlineresponder (OCSP) with a SafeNet Hardware Security Module (HSM)

With the SafeNet Key Storage Provider it is not possible to set permissions on the private keys: the Microsoft Management Console (MMC) will crash.

Continue reading „Den Onlineresponder (OCSP) mit einem SafeNet Hardware Security Module (HSM) verwenden“

Which Cryptographic Service Provider (CSP) should be used for the Network Device Enrollment Service (NDES)?

When configuring a certificate template for the Registration Authority (RA) certificates for the Network Device Enrollment Service (NDES), the question arises, especially when using Hardware Security Modules (HSM), which Cryptographic Service Provider (CSP) of the HSM manufacturer should be used.

Continue reading „Welcher Cryptographic Service Provider (CSP) sollte für den Registrierungsdienst für Netzwerkgeräte (NDES) verwendet werden?“

Certificate request fails with error message "Bad Data. 0x80090005 (-2146893819 NTE_BAD_DATA)."

Assume the following scenario:

  • A user sends a certificate request to a certificate authority.
  • The certificate request fails with the following error message:
Bad Data. 0x80090005 (-2146893819 NTE_BAD_DATA).
Denied by Policy Module.
Continue reading „Die Beantragung eines Zertifikats schlägt fehl mit Fehlermeldung „Bad Data. 0x80090005 (-2146893819 NTE_BAD_DATA).““

Restoring a certification authority from backup

The following describes how to restore a certification authority from backup. In addition to the disaster case, this procedure is also part of the Migration of a certification authority to a new server.

Continue reading „Wiederherstellung einer Zertifizierungsstelle aus der Sicherung (Backup)“

Role configuration for Network Device Enrollment Service (NDES) fails with error message "Failed to enroll RA certificates. The endpoint is a duplicate. 0x800706cc (WIN32: 1740 RPC_S_DUPLICATE_ENDPOINT)".

Assume the following scenario:

  • One installs a Network Device Enrollment Service (NDES) server.
  • One has the necessary permissions to install the role (local administrator, enterprise administrator).
  • The role configuration fails with the following error message: 
Failed to enroll RA certificates. The endpoint is a duplicate. 0x800706cc (WIN32: 1740 RPC_S_DUPLICATE_ENDPOINT)
Continue reading „Die Rollenkonfiguration für den Registrierungsdienst für Netzwerkgeräte (NDES) schlägt fehl mit Fehlermeldung „Failed to enroll RA certificates. The endpoint is a duplicate. 0x800706cc (WIN32: 1740 RPC_S_DUPLICATE_ENDPOINT)““
en_USEnglish
de_DEDeutsch en_USEnglish