Details of the event with ID 10 of the source Microsoft-Windows-EnrollmentPolicyWebService

Event Source:Microsoft-Windows-EnrollmentPolicyWebService
Event ID:10 (0xA)
Event log:Microsoft-Windows-EnrollmentPolicyWebService/Admin
Event type:Warning
Event text (English):There is no enterprise certification authority (CA) configured with the Certificate Enrollment Web Service in the current forest. Confirm that at least one enterprise CA is available in the forest and that at least one server running the Certificate Enrollment Web Service is configured to work with this CA.
Event text (German):The current forest does not contain an enterprise CA that has been configured with the Certificate Enrollment Web Service. Ensure that at least one enterprise CA is available in the forest and that at least one server running the Certificate Enrollment Web Service has been configured to work with the enterprise CA.

The Certificate Enrollment Web Services (Certificate Enrollment Policy Web Service, CEP, and Certificate Enrollment Web Service, CES) enable the automatic request and renewal of certificates from a certification authority via a Web-based interface. This eliminates the need to contact the certification authority directly via Remote Procedure Call (RPC). For a more detailed description, see the article "Certificate request basics via Certificate Enrollment Web Services (CEP, CES)„.

Example events

There is no enterprise certification authority (CA) configured with the Certificate Enrollment Web Service in the current forest. Confirm that at least one enterprise CA is available in the forest and that at least one server running the Certificate Enrollment Web Service is configured to work with this CA. 

Description

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem and is available under a free license. It can downloaded via GitHub and can be used free of charge.

In order for certificates to be requested via the certification authority web services, the pKIEnrollmentService objects of the certification authorities must have an appropriately configured attribute
msPKI enrollment server have. The message appears if there is not a single certification authority in the network to which this applies.

In this case, it is also not possible to request certificates via the certificate registration web services. See also the article "Requesting certificates via the Certificate Enrollment Policy Web Service (CEP) fails with error message "A valid certification authority (CA) configured to issue certificates based on this template cannot be located, or the CA does not support this operation, or the CA is not trusted."„.

Possible causes can be:

Safety assessment

The security assessment is based on the three dimensions of confidentiality, integrity and availability.

If this event occurs, there is usually no breach of confidentiality, but availability is affected as no certificates can be requested via the interface.

Related links:

External sources

en_USEnglish