Details of the event with ID 9 of the source Microsoft-Windows-EnrollmentPolicyWebService

Event Source:Microsoft-Windows-EnrollmentPolicyWebService
Event ID:9 (0x9)
Event log:Microsoft-Windows-EnrollmentPolicyWebService/Admin
Event type:Error
Event text (English):The Active Directory certificate enrollment policy provider failed to obtain policy information from Active Directory Domain Services (AD DS). The provider will attempt to read the information again in %1 milliseconds. If the problem persists, enable tracing in the web.config file, enable logging by using "certutil -setreg debug 0xffffffe3", restart IIS by using iisreset.exe, attempt to obtain policy information from any client, and then contact Microsoft Customer Service and Support with the information in the trace files and certenroll.log file. %2
Event text (German):The Active Directory certificate enrollment policy provider was unable to retrieve the policy information from Active Directory Domain Services. In "%1" milliseconds, an attempt is made to read the information again. If the problem persists, enable tracing in the "web.config" file, enable logging using "certutil -setreg debug 0xffffffe3", restart IIS, retrieve policy information from any client, and then contact Microsoft Customer Service and Support with the information from the tracing files and the "certenroll.log" file. %2

Parameter

The parameters contained in the event text are filled with the following fields:

  • %1: RetryIntervalMs (win:Int32)
  • %2: Error (win:Int32)

The Certificate Enrollment Web Services (Certificate Enrollment Policy Web Service, CEP, and Certificate Enrollment Web Service, CES) enable the automatic request and renewal of certificates from a certification authority via a Web-based interface. This eliminates the need to contact the certification authority directly via Remote Procedure Call (RPC). For a more detailed description, see the article "Certificate request basics via Certificate Enrollment Web Services (CEP, CES)„.

Example events

The Active Directory certificate enrollment policy provider failed to obtain policy information from Active Directory Domain Services (AD DS). The provider will attempt to read the information again in 1800000 milliseconds. If the problem persists, enable tracing in the web.config file, enable logging by using "certutil -setreg debug 0xffffffe3", restart IIS by using iisreset.exe, attempt to obtain policy information from any client, and then contact Microsoft Customer Service and Support with the information in the trace files and certenroll.log file. A directory service error has occurred.

Description

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem and is available under a free license. It can downloaded via GitHub and can be used free of charge.

No description has been written for this yet.

Safety assessment

The security assessment is based on the three dimensions of confidentiality, integrity and availability.

No description has been written for this yet.

Related links:

External sources

en_USEnglish