Details of the event with ID 87 of the source Microsoft-Windows-CertificationAuthority

Author Uwe GradeneggerPosted on Categories Events, Certification AuthorityTags
Event Source:Microsoft-Windows-CertificationAuthority
Event ID:87 (0x57)
Event log:Application
Event type:Error
Symbolic Name:MSG_E_BAD_DEFAULT_CA_XCHG_CSP
Event text (English):Active Directory Certificate Services could not use the default provider for encryption keys. %1
Event text (German):Active Directory certificate services could not use the default encryption key provider. %1

Parameter

The parameters contained in the event text are filled with the following fields:

  • %1: ErrorCode (win:UnicodeString)

Example events

Active Directory Certificate Services could not use the default provider for encryption keys. Keyset does not exist 0x80090016 (-2146893802 NTE_BAD_KEYSET)

Description

This event can occur if the certificate authority cannot process the value configured under the EncryptionCsp registry value, for example, if a hardware security module (HSM) is used and no keys can be generated.

The value is located under:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\{Common-name-of-CA}\EncryptionCSP

It is set to the same value as for the certification authority certificate during the installation of the certification authority.

It is used to generate the key pairs for the Certificate Authority Exchange (CA Exchange) certificates. The CA Exchange certificates are used for archiving private keys, but also for the Enterprise PKI (pkiview.msc) management console.

In general, a software key storage provider can be safely used for the certification authority exchange certificates. This can be configured with the following command line command:

certutil -setreg CA\EncryptionCSP\Provider "Microsoft Software Key Storage Provider".

Afterwards, the certification authority service must be restarted for the changes to be accepted.

See also Event 86 and 88.

Safety assessment

The security assessment is based on the three dimensions of confidentiality, integrity and availability.

No description has been written for this yet.

Microsoft rating

Microsoft evaluates this event in the Securing Public Key Infrastructure (PKI) Whitepaper with a severity score of "Low".

Related links:

External sources

One thought on “Details zum Ereignis mit ID 87 der Quelle Microsoft-Windows-CertificationAuthority”

  1. Pingback: Details about the event with ID 88 of the source Microsoft-Windows-CertificationAuthority - Uwe Gradenegger

Comments are closed.

en_USEnglish
de_DEDeutsch en_USEnglish