Event Source: | Microsoft-Windows-EnrollmentPolicyWebService |
Event ID: | 10 (0xA) |
Event log: | Microsoft-Windows-EnrollmentPolicyWebService/Admin |
Event type: | Warning |
Event text (English): | There is no enterprise certification authority (CA) configured with the Certificate Enrollment Web Service in the current forest. Confirm that at least one enterprise CA is available in the forest and that at least one server running the Certificate Enrollment Web Service is configured to work with this CA. |
Event text (German): | The current forest does not contain an enterprise certificate authority configured with the certificate enrollment web service. Ensure that at least one enterprise certificate authority is available in the forest and at least one server running the certificate enrollment web service is configured to work with the enterprise certificate authority. |
The Certificate Enrollment Web Services (Certificate Enrollment Policy Web Service, CEP, and Certificate Enrollment Web Service, CES) enable the automatic request and renewal of certificates from a certification authority via a Web-based interface. This eliminates the need to contact the certification authority directly via Remote Procedure Call (RPC). For a more detailed description, see the article "Certificate request basics via Certificate Enrollment Web Services (CEP, CES)„.
Example events
There is no enterprise certification authority (CA) configured with the Certificate Enrollment Web Service in the current forest. Confirm that at least one enterprise CA is available in the forest and that at least one server running the Certificate Enrollment Web Service is configured to work with this CA.
Description
In order for certificates to be requested via the certification authority web services, the pKIEnrollmentService objects of the certification authorities must be configured via an appropriately configured attribute
msPKI enrollment server have. The message occurs when there is no single certificate authority on the network to which this applies.
In this case, it is also not possible to request certificates via the certificate registration web services. See also article "Requesting certificates via the Certificate Enrollment Policy Web Service (CEP) fails with error message "A valid certification authority (CA) configured to issue certificates based on this template cannot be located, or the CA does not support this operation, or the CA is not trusted."„.
Possible causes can be:
- The Certificate Enrollment Web Service (CES) not yet installed.
- The certificate authority in question has been removed from the network (uninstalled).
- The certification authority in question was migrated to a new server and the certification authority role was uninstalled in the process. The new pKIEnrollmentService object then no longer contains the necessary settings. See also article "Migration of an Active Directory integrated certification authority (Enterprise Certification Authority) to another server„.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
If this event occurs, there is usually no breach of confidentiality, but availability is affected because no certificates can be requested through the interface.
One thought on “Details zum Ereignis mit ID 10 der Quelle Microsoft-Windows-EnrollmentPolicyWebService”
Comments are closed.