| Event Source: | Microsoft-Windows-CertificationAuthority |
| Event ID: | 34 (0x22) |
| Event log: | Application |
| Event type: | Error |
| Event text (English): | Active Directory Certificate Services did not start: Could not initialize RPC for %1. %2. |
| Event text (German): | Active Directory certificate services were not started: RPC for %1 could not be initialized. %2. |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: CACommonName (win:UnicodeString)
- %2: ErrorCode (win:UnicodeString)
Example events
Active Directory Certificate Services did not start: Could not initialize RPC for ADCS Labor Issuing CA 1. The endpoint is a duplicate. 0x6cc (WIN32: 1740 RPC_S_DUPLICATE_ENDPOINT).
Description
The error indicates that the certification authority can no longer bind the RPC port because it has not yet been released again. A typical suspect here is the key storage provider of the hardware security module (HSM).
Especially with Gemalto / SafeNet HSMs there is a known bug in some key storage providers that can trigger this behavior.
When restarting the certification authority service, there must be sufficient time (approx. 1 minute) between termination and start of the service.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
The availability of the certification authority service is no longer given if this event occurs. Therefore, an alert should definitely take place.
Microsoft rating
Microsoft evaluates this event in the Securing Public Key Infrastructure (PKI) Whitepaper with a severity score of "Low".
Related links:
- Overview of Windows events generated by the certification authority
- Overview of audit events generated by the Certification Authority
External sources
- Securing Public Key Infrastructure (PKI) (Microsoft)
English 
Deutsch
4 thoughts on “Details zum Ereignis mit ID 34 der Quelle Microsoft-Windows-CertificationAuthority”
Comments are closed.