| Event Source: | Microsoft-Windows-CertificationAuthority |
| Event ID: | 46 (0x2E) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | MSG_E_EXIT_ERROR |
| Event text (English): | The "%1" Exit Module "%2" method returned an error. %5 The returned status code is %3. %4 |
| Event text (German): | Termination module "%1", method "%2", has caused an error. %5 Returned status code: %3. %4 |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: ExitModuleDescription (win:UnicodeString)
- %2: MethodName (win:UnicodeString)
- %3: ErrorCode (win:UnicodeString)
- %4: param4 (win:UnicodeString)
- %5: ErrorString (win:UnicodeString)
Example events
The "Windows default" Exit Module "Notify" method returned an error. An attempt was made to open a Certification Authority database session, but there are already too many active sessions. The server may need to be configured to allow additional sessions. The returned status code is 0x8009400f (-2146877425). The Certification Authority was unable to send an email notification for EXITEVENT_CERTDENIED to Unavailable.
The "Windows default" Exit Module "Notify" method returned an error. An attempt was made to open a Certification Authority database session, but there are already too many active sessions. The server may need to be configured to allow additional sessions. The returned status code is 0x8009400f (-2146877425). The Certification Authority was unable to send an email notification for EXITEVENT_PENDING to Unavailable.
The "Windows default" Exit Module "Notify" method returned an error. An attempt was made to open a Certification Authority database session, but there are already too many active sessions. The server may need to be configured to allow additional sessions. The returned status code is 0x8009400f (-2146877425). The Certification Authority was unable to send an email notification for EXITEVENT_CERTRETRIEVEPENDING to Unavailable.
The "Windows default" Exit Module "Initialize" method returned an error. The transport failed to connect to the server. The returned status code is 0x80040213 (-2147220973). The Certification Authority was unable to send an email notification for EXITEVENT_STARTUP to admins1@fabrikam.com,admin2@fabrikam.com.
The "Windows default" Exit Module "Initialize" method returned an error. Class not registered The returned status code is 0x80040154 (-2147221164). The Certification Authority was unable to initialize email messaging objects.
The "Windows default" Exit Module "Notify" method returned an error. Class not registered The returned status code is 0x80040154 (-2147221164). The Certification Authority was unable to send an email notification for EXITEVENT_SHUTDOWN to Unavailable.
The "" Exit Module "Initialize" method returned an error. Class not registered The returned status code is 0x80040154 (-2147221164).
The "My First Exit Module" Exit Module "Notify" method returned an error. Error 0x80131502 (-2146233086) The returned status code is 0x80131502 (-2146233086).
The "My First Exit Module" Exit Module "Notify" method returned an error. Error 0x80131500 (-2146233088) The returned status code is 0x80131500 (-2146233088).
The "My First Exit Module" Exit Module "Notify" method returned an error. The parameter is incorrect. The returned status code is 0x80070057 (87).
The "" Exit Module "Initialize" method returned an error. Unknown name. The returned status code is 0x80020006 (-2147352570).
Description
An attempt was made to open a Certification Authority database session, but there are already too many active sessions. The server may need to be configured to allow additional sessions. The returned status code is 0x8009400f (-2146877425).
May occur if a session to the certificate authority database cannot be opened.
The event can occur even if the "Windows Default" exit module is not in use at all, and the certificate authority is under heavy load. The Disabling the "Windows Default" exit module would be a solution to avoid the events in this case.
Can be used in conjunction with event no. 53 and 130 occur. See also article "Certificate or revocation list issuance fails with error code CERTSRV_E_NO_DB_SESSIONS„.
May also indicate a Denial of Service (DoS) attack.
The transport failed to connect to the server. The returned status code is 0x80040213 (-2147220973).
Can occur when an e-mail is to be sent but no connection to the configured e-mail server is possible. See also article "Disabling the SMTP Exit Module of a Certification Authority" and "Combining the SMTP Exit module with a local SMTP server for increased resilience„.
Class not registered The returned status code is 0x80040154 (-2147221164).
Can occur if a non-functioning exit module is configured. See also article "Create an exit module for the certification authority in C#„.
If additionally "The Certification Authority was unable to initialize email messaging objects." or "The Certification Authority was unable to send an email notification for..." is reported, see article "The SMTP Exit module does not work on Windows Server Core„.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
This event does not always affect the availability of the certification authority. However, since it can happen, it should be critically checked.
Microsoft rating
Microsoft evaluates this event in the Securing Public Key Infrastructure (PKI) Whitepaper with a severity score of "Low".
Related links:
- Overview of Windows events generated by the certification authority
- Overview of audit events generated by the Certification Authority
External sources
- Event ID 46 - AD CS Exit Module Processing (Microsoft)
- Securing Public Key Infrastructure (PKI) (Microsoft)
English 
Deutsch
3 thoughts on “Details zum Ereignis mit ID 46 der Quelle Microsoft-Windows-CertificationAuthority”
Comments are closed.