Details of the event with ID 47 of the source Microsoft-Windows-CertificateServicesClient-CertEnroll

Event Source:Microsoft-Windows-CertificateServicesClient-CertEnroll
Event ID:47 (0x825A002F)
Event log:Application
Event type:Warning
Event text (English):Certificate enrollment for %1 could not enroll for a %2 certificate. A valid certification authority cannot be found to issue this template.
Event text (German):No registration of certificate %2 could be made from the certificate registration for %1. No valid certification authority can be found to issue this template.

Parameter

The parameters contained in the event text are filled with the following fields:

  • %1: Context (win:UnicodeString)
  • %2: TemplateName (win:UnicodeString)

Example events

Certificate enrollment for INTRA\rudi could not enroll for an ADCSLaborBenutzer3 certificate.  A valid certification authority cannot be found to issue this template.
Certificate enrollment for Local system could not enroll for a DomainController certificate. A valid certification authority cannot be found to issue this template.
Certificate enrollment for Local system could not enroll for an ADCSLaborComputer certificate. A valid certification authority cannot be found to issue this template.

Description

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem and is available under a free license. It can downloaded via GitHub and can be used free of charge.

Occurs when a certificate request is attempted specifying a certificate template, but no certification authority on the network offers the specified certificate template for issuance.

Also occurs when a certification authority offers the corresponding template, but the requesting client cannot establish a trust status with it. In this case, the Event no. 52 logged.

Automatic certificate request

Domain controllers automatically try to request certificates from the DomainController certificate template. The process will fail if this certificate template is not offered on the network. Thus, it can be ignored because this certificate template should not be used.

See also the following articles:

Manual certificate request

The event can also occur with manual certificate request. Example command for such a type of certificate request:

certreq -q -machine -enroll ADCSLaborComputer

Safety assessment

The security assessment is based on the three dimensions of confidentiality, integrity and availability.

No description has been written for this yet.

Related links:

One thought on “Details zum Ereignis mit ID 47 der Quelle Microsoft-Windows-CertificateServicesClient-CertEnroll”

Comments are closed.

en_USEnglish