| Event Source: | Microsoft-Windows-EnrollmentPolicyWebService |
| Event ID: | 10 (0xA) |
| Event log: | Microsoft-Windows-EnrollmentPolicyWebService/Admin |
| Event type: | Warning |
| Event text (English): | There is no enterprise certification authority (CA) configured with the Certificate Enrollment Web Service in the current forest. Confirm that at least one enterprise CA is available in the forest and that at least one server running the Certificate Enrollment Web Service is configured to work with this CA. |
| Event text (German): | The current forest does not contain an enterprise CA that has been configured with the Certificate Enrollment Web Service. Ensure that at least one enterprise CA is available in the forest and that at least one server running the Certificate Enrollment Web Service has been configured to work with the enterprise CA. |
Details of the event with ID 9 of the source Microsoft-Windows-EnrollmentPolicyWebService
| Event Source: | Microsoft-Windows-EnrollmentPolicyWebService |
| Event ID: | 9 (0x9) |
| Event log: | Microsoft-Windows-EnrollmentPolicyWebService/Admin |
| Event type: | Error |
| Event text (English): | The Active Directory certificate enrollment policy provider failed to obtain policy information from Active Directory Domain Services (AD DS). The provider will attempt to read the information again in %1 milliseconds. If the problem persists, enable tracing in the web.config file, enable logging by using "certutil -setreg debug 0xffffffe3", restart IIS by using iisreset.exe, attempt to obtain policy information from any client, and then contact Microsoft Customer Service and Support with the information in the trace files and certenroll.log file. %2 |
| Event text (German): | The Active Directory certificate enrollment policy provider was unable to retrieve the policy information from Active Directory Domain Services. In "%1" milliseconds, an attempt is made to read the information again. If the problem persists, enable tracing in the "web.config" file, enable logging using "certutil -setreg debug 0xffffffe3", restart IIS, retrieve policy information from any client, and then contact Microsoft Customer Service and Support with the information from the tracing files and the "certenroll.log" file. %2 |
Details of the event with ID 8 of the source Microsoft-Windows-EnrollmentPolicyWebService
| Event Source: | Microsoft-Windows-EnrollmentPolicyWebService |
| Event ID: | 8 (0x8) |
| Event log: | Microsoft-Windows-EnrollmentPolicyWebService/Admin |
| Event type: | Error |
| Event text (English): | The Active Directory certificate enrollment policy provider failed to initialize. Try to restart Internet Information Services (IIS) by using iisreset.exe. If the problem persists, enable tracing in the web.config file, restart IIS, attempt to obtain policy information from any client, and then contact Microsoft Customer Service and Support with the trace file information. %1 |
| Event text (German): | Error initializing the Active Directory certificate enrollment policy provider. Restart Internet Information Services (IIS) by running "iisreset.exe". If the problem persists, enable tracing in the "web.config" file, restart IIS, retrieve policy information from any client, and then contact Microsoft Customer Service and Support with the information in the tracing file. %1 |
Details of the event with ID 7 of the source Microsoft-Windows-EnrollmentPolicyWebService
| Event Source: | Microsoft-Windows-EnrollmentPolicyWebService |
| Event ID: | 7 (0x7) |
| Event log: | Microsoft-Windows-EnrollmentPolicyWebService/Admin |
| Event type: | Information |
| Event text (English): | The Active Directory certificate enrollment policy provider has been initialized to target the default domain controller for the current domain. |
| Event text (German): | The Active Directory certificate enrollment policy provider has been initialized to reach the default domain controller for the current domain. |
Details of the event with ID 6 of the source Microsoft-Windows-EnrollmentPolicyWebService
| Event Source: | Microsoft-Windows-EnrollmentPolicyWebService |
| Event ID: | 6 (0x6) |
| Event log: | Microsoft-Windows-EnrollmentPolicyWebService/Admin |
| Event type: | Information |
| Event text (English): | The Active Directory certificate enrollment policy provider has been initialized to target the "%1" domain controller. |
| Event text (German): | The Active Directory certificate enrollment policy provider has been initialized to reach the "%1" domain controller. |
Details of the event with ID 5 of the source Microsoft-Windows-EnrollmentPolicyWebService
| Event Source: | Microsoft-Windows-EnrollmentPolicyWebService |
| Event ID: | 5 (0x5) |
| Event log: | Microsoft-Windows-EnrollmentPolicyWebService/Admin |
| Event type: | Information |
| Event text (English): | The Certificate Enrollment Policy Web Service has been stopped. |
| Event text (German): | The certificate enrollment policy web service has been terminated. |
Details of the event with ID 4 of the source Microsoft-Windows-EnrollmentPolicyWebService
| Event Source: | Microsoft-Windows-EnrollmentPolicyWebService |
| Event ID: | 4 (0x4) |
| Event log: | Microsoft-Windows-EnrollmentPolicyWebService/Admin |
| Event type: | Error |
| Event text (English): | The Certificate Enrollment Policy Web Service failed to initialize. Confirm that the Certificate Enrollment Policy Web Service is properly installed. Try to restart Internet Information Services (IIS) by using iisreset.exe. If the problem persists, enable tracing in the web.config file, restart IIS, attempt to obtain policy information from any client, and then contact Microsoft Customer Service and Support with the trace file information. %1 |
| Event text (German): | Error initializing the certificate enrolment policy web service. Ensure that the Certificate Enrollment Policy Web Service is properly installed. Restart Internet Information Services (IIS) by running "iisreset.exe". If the problem persists, enable tracing in the "web.config" file, restart IIS, retrieve policy information from any client, and then contact Microsoft Customer Service and Support with the information in the tracing file. %1 |
Details of the event with ID 3 of the source Microsoft-Windows-EnrollmentPolicyWebService
| Event Source: | Microsoft-Windows-EnrollmentPolicyWebService |
| Event ID: | 3 (0x3) |
| Event log: | Microsoft-Windows-EnrollmentPolicyWebService/Admin |
| Event type: | Warning |
| Event text (English): | A service end point with URI %1 has been configured for this service. The configuration of the client authentication scheme or the binding is not recommended. To fix the issue, open the web.config file and verify the binding and security settings. The only supported binding type for this service is wsHttpBinding. The security mode should be either Transport or TransportWithMessageCredential. When the security mode is Transport, the ClientCredentialType should be either Windows or Certificate. When the security mode is TransportWithMessageCredential, the ClientCredentialType should be UserName. |
| Event text (German): | A service endpoint with URI "%1" has been configured for this service. The configuration of the client authentication scheme or binding is not recommended. Open the "web.config" file and check the binding and security settings to resolve this issue. Only the binding type "wsHttpBinding" is supported for this service. For the security mode, "Transport" or "TransportWithMessageCredential" should be selected. If "Transport" is selected, the credential type for the client should be "Windows" or "Certificate". If "TransportWithMessageCredential" is selected, the credential type for the client should be "Username". |
Details of the event with ID 2 of the source Microsoft-Windows-EnrollmentPolicyWebService
| Event Source: | Microsoft-Windows-EnrollmentPolicyWebService |
| Event ID: | 2 (0x2) |
| Event log: | Microsoft-Windows-EnrollmentPolicyWebService/Admin |
| Event type: | Information |
| Event text (English): | A service end point with URI %1 has been configured for this service. The client authentication scheme is %2. Use the Group Policy Management Console or the Certificates snap-in to configure clients with this Certificate Enrollment Policy Web Service information. |
| Event text (German): | A service endpoint with URI "%1" has been configured for this service. The client authentication scheme is "%2". Use the Group Policy Management Console or the Certificate snap-in to configure clients with information from this Certificate Enrollment Policy Web Service. |
Details of the event with ID 1 of the source Microsoft-Windows-EnrollmentPolicyWebService
| Event Source: | Microsoft-Windows-EnrollmentPolicyWebService |
| Event ID: | 1 (0x1) |
| Event log: | Microsoft-Windows-EnrollmentPolicyWebService/Admin |
| Event type: | Information |
| Event text (English): | The Certificate Enrollment Policy Web Service has started. |
| Event text (German): | The certificate enrollment policy web service has been started. |
Details of the event with ID 11 of the source Microsoft-Windows-EnrollmentWebService
| Event Source: | Microsoft Windows EnrollmentWebService |
| Event ID: | 11 (0xB) |
| Event log: | Microsoft-Windows-EnrollmentWebService/Admin |
| Event type: | Information |
| Event text (English): | The Certificate Enrollment Web Service is enabled for key based renewal. Client certificates without subject information in the Active Directory database can be used to renew certificates. |
| Event text (German): | The Certificate Enrollment Policy Web service is enabled for key-based renewal. Certificates can be renewed with client certificates without requester information in the Active Directory database. |
Details of the event with ID 10 of the source Microsoft-Windows-EnrollmentWebService
| Event Source: | Microsoft Windows EnrollmentWebService |
| Event ID: | 10 (0xA) |
| Event log: | Microsoft-Windows-EnrollmentWebService/Admin |
| Event type: | Error |
| Event text (English): | The Certificate Enrollment Web Service cannot operate because an incompatible configuration was selected. To resolve this issue, remove the Certificate Enrollment Web Service. If you want to use key based renewal, enable both client certificate authentication and renewal-only mode. If you want to use user name and password authentication or Windows authentication, disable key based renewal, and then run Setup again. |
| Event text (German): | The certificate enrollment policy web service cannot be executed because an incompatible configuration has been selected. Remove the Certificate Enrollment Policy Web Service to resolve the issue. If you want to use key-based renewal, enable both client certificate authentication and renewal-only mode. If you want to use username and password authentication or Windows authentication, disable key-based renewal and run Setup again. |
Details of the event with ID 9 of the source Microsoft-Windows-EnrollmentWebService
| Event Source: | Microsoft Windows EnrollmentWebService |
| Event ID: | 9 (0x9) |
| Event log: | Microsoft-Windows-EnrollmentWebService/Admin |
| Event type: | Error |
| Event text (English): | The Certificate Enrollment Web Service is attempting to use renewal-only mode, but certification authority (CA) "%1" does not support this mode. To use renewal-only mode, configure the CA by running the following command on the CA: certutil -setreg policy\editflags +EDITF_ENABLERENEWONBEHALFOF. Otherwise, disable renewal-only mode. If no action is taken, subsequent requests will be rejected. |
| Event text (German): | The certificate enrollment web service tries to use the renewals-only mode. However, this mode is not supported by the "%1" certificate authority. If you want to use renewals-only mode, configure the certification authority. To do this, run the following command for the certification authority: "certutil -setreg policy\editflags +EDITF_ENABLERENEWONBEHALFOF". Otherwise, disable the renewals-only mode. If no action is taken, future requests are denied. |
Details of the event with ID 8 of the source Microsoft-Windows-EnrollmentWebService
| Event Source: | Microsoft Windows EnrollmentWebService |
| Event ID: | 8 (0x8) |
| Event log: | Microsoft-Windows-EnrollmentWebService/Admin |
| Event type: | Error |
| Event text (English): | The Certificate Enrollment Web Service cannot read the version or the configuration flags from certification authority (CA) "%1." On the Security tab of the CA property sheet, grant Read permission to the account used by the Certificate Enrollment Web Service application pool. If no action is taken, subsequent requests will be rejected. |
| Event text (German): | The version or configuration identifiers of the certification authority "%1" cannot be read by the Certificate Registration Web Service. On the Security tab of the Certification Authority Properties page, grant read permissions to the account used by the Certificate Enrollment Web Service application pool. If no action is taken, future requests are denied. |
Details of the event with ID 7 of the source Microsoft-Windows-EnrollmentWebService
| Event Source: | Microsoft Windows EnrollmentWebService |
| Event ID: | 7 (0x7) |
| Event log: | Microsoft-Windows-EnrollmentWebService/Admin |
| Event type: | Error |
| Event text (English): | The Certificate Enrollment Web Service is attempting to use renewal-only mode, but certification authority (CA) "%1" does not support this mode. To use renewal-only mode, configure the Certificate Enrollment Web Service to use a CA that is installed on a computer that is running at least Windows Server 2008 R2. Then, configure the CA by running the following command on the CA: certutil -setreg policy\editflags +EDITF_ENABLERENEWONBEHALFOF. Otherwise, disable renewal-only mode. If no action is taken, subsequent requests will be rejected. |
| Event text (German): | The certificate enrollment web service attempts to use renewal-only mode. However, this mode is not supported by the certification authority "%1". If you want to use renewal-only mode, configure the Certificate Enrollment Web Service to use a CA that is installed on a computer running Windows Server 2008 R2 or later, and then configure the CA itself by running the command "certutil -setreg policy\editflags +EDITF_ENABLERENEWONBEHALFOF". Otherwise, deactivate the renewal-only mode. If no action is performed, future requests will be rejected. |
English 
Deutsch