Event Source: | Microsoft-Windows-OnlineResponderRevocationProvider |
Event ID: | 17 (0x11) |
Event log: | Application |
Event type: | Error |
Symbolic Name: | MSG_E_FAILED_TO_INITIALIZE |
Event text (English): | For configuration %1, Online Responder revocation provider either has no CRL information or has stale CRL information. |
Event text (German): | The online responder blocking provider either has no revocation list information or has outdated revocation list information to configure %1. |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: CAConfigurationId (win:UnicodeString)
The Online Responder (Online Certificate Status Protocol, OCSP) is an alternative way of providing revocation status information for certificates. Entities that want to check the revocation status of a certificate do not have to download the complete list of all revoked certificates thanks to OCSP, but can make a specific request for the certificate in question to the online responder. For a more detailed description, see the article "Basics Online Responder (Online Certificate Status Protocol, OCSP)„.
Example events
For configuration ADCS Labor Issuing CA 1 (Key 0), Online Responder revocation provider either has no CRL information or has stale CRL information.
Description
Occurs when the revocation list underlying the revocation configuration has expired or does not exist and an updated copy cannot be obtained.
The revocation configuration has thus failed. See also article "Effects of the failure of the online responder (OCSP) on the verification of the revocation status of a certificate„.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
Since the revocation configuration has failed, availability is acutely impaired and thus the event is to be rated as critical.
Related links:
- Overview of Windows events generated by the online responder (OCSP)
- Overview of the audit events generated by the online responder (OCSP)
2 thoughts on “Details zum Ereignis mit ID 17 der Quelle Microsoft-Windows-OnlineResponderRevocationProvider”
Comments are closed.