Event Source: | Microsoft-Windows-CertificationAuthority |
Event ID: | 107 (0x6B) |
Event log: | Application |
Event type: | Warning |
Symbolic Name: | MSG_E_CANNOT_DELETE_INVALID_CA_CERT |
Event text (English): | Active Directory Certificate Services cannot delete invalid certificate %1 from %2. %3. %4. |
Event text (German): | Invalid certificate %1 cannot be deleted from %2 by Active Directory certificate services. %3. %4. |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: CACertIdentifier (win:UnicodeString)
- %2: DN (win:UnicodeString)
- %3: DSErrorMessage (win:UnicodeString)
- %4: AdditionalErrorMessage (win:UnicodeString)
Example events
Active Directory Certificate Services cannot delete invalid certificate 1 from CN=ADCS Labor Issuing CA 2,CN=AIA,CN=Public Key Services,CN=Services,CN=Configuration,DC=intra,DC=adcslabor,DC=de. ldap: 0x32: 00002098: SecErr: DSID-03150F93, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 . Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344 ERROR_DS_INSUFF_ACCESS_RIGHTS).
Description
This event occurs, among other things, when the certification authority attempts to delete one of its certification authority certificates from Authority Information Access (AIA) in Active Directory, for example, if it has been revoked (see article "What impact does the revocation of a certification authority certificate have on the certification authority?"), but has no write permission to the object.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
No description has been written for this yet.
Microsoft rating
Microsoft evaluates this event in the Securing Public Key Infrastructure (PKI) Whitepaper with a severity score of "Low".
Related links:
- Overview of Windows events generated by the certification authority
- Overview of audit events generated by the Certification Authority
One thought on “Details zum Ereignis mit ID 107 der Quelle Microsoft-Windows-CertificationAuthority”
Comments are closed.