| Event Source: | Microsoft-Windows-OnlineResponder |
| Event ID: | 29 (0x1D) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | MSG_E_CACONFIG_FAILTOLOAD |
| Event text (English): | Settings for Online Responder configuration %1 cannot be loaded. OCSP requests for this configuration will be rejected.(%2) |
| Event text (German): | The settings for the online responder configuration %1 cannot be loaded. The OCSP requests for this configuration are rejected.(%2) |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: CAConfigurationId (win:UnicodeString)
- %2: ErrorCode (win:UnicodeString)
The Online Responder (Online Certificate Status Protocol, OCSP) is an alternative way of providing revocation status information for certificates. Entities that want to check the revocation status of a certificate do not have to download the complete list of all revoked certificates thanks to OCSP, but can make a specific request for the certificate in question to the online responder. For a more detailed description, see the article "Basics Online Responder (Online Certificate Status Protocol, OCSP)„.
Description
Microsoft writes about this event in the Installing, Configuring, and Troubleshooting the Online Responder (Microsoft's OCSP Responder) whitepaper:
If the configuration cannot be loaded through the Online Responder snap-in, follow these steps:
- Navigate to the following registry hive: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OCSPSvc\Responder
- Locate and delete the corrupted revocation configuration.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
Since the revocation configuration has failed, availability is acutely impaired and thus the event is to be rated as critical.
Related links:
- Overview of Windows events generated by the online responder (OCSP)
- Overview of the audit events generated by the online responder (OCSP)
English 
Deutsch