Event Source: | Microsoft-Windows-CertificateServicesClient-CertEnroll |
Event ID: | 47 (0x825A002F) |
Event log: | Application |
Event type: | Warning |
Event text (English): | Certificate enrollment for %1 could not enroll for a %2 certificate. A valid certification authority cannot be found to issue this template. |
Event text (German): | No registration of certificate %2 could be made from the certificate registration for %1. No valid certification authority can be found to issue this template. |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: Context (win:UnicodeString)
- %2: TemplateName (win:UnicodeString)
Example events
Certificate enrollment for INTRA\rudi could not enroll for an ADCSLaborBenutzer3 certificate. A valid certification authority cannot be found to issue this template.
Certificate enrollment for Local system could not enroll for a DomainController certificate. A valid certification authority cannot be found to issue this template.
Certificate enrollment for Local system could not enroll for an ADCSLaborComputer certificate. A valid certification authority cannot be found to issue this template.
Description
Occurs when a certificate request is attempted specifying a certificate template, but no certification authority on the network offers the specified certificate template for issuance.
Also occurs when a certification authority offers the corresponding template, but the requesting client cannot establish a trust status with it. In this case, the Event no. 52 logged.
Automatic certificate request
Domain controllers automatically try to request certificates from the DomainController certificate template. The process will fail if this certificate template is not offered on the network. Thus, it can be ignored because this certificate template should not be used.
See also the following articles:
- Overview of the different generations of domain controller certificates
- Domain Controller Certificate Templates and Smartcard Logon
Manual certificate request
The event can also occur with manual certificate request. Example command for such a type of certificate request:
certreq -q -machine -enroll ADCSLaborComputer
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
No description has been written for this yet.
One thought on “Details zum Ereignis mit ID 47 der Quelle Microsoft-Windows-CertificateServicesClient-CertEnroll”
Comments are closed.