Nachfolgend eine Übersicht über die von der Zertifizierungsstelle erzeugten Ereignisse in der Windows-Ereignisanzeige.
Sources d'événements
Die Ereignisse der Zertifizierungsstelle werden in das Anwendungs-Protokoll geschrieben. Folgende Quellen enthalten CA-Ereignisse:
- Microsoft-Windows-CertificationAuthority
Vordefinierte Ansicht in der Windows-Ereignisanzeige
Eine entsprechend gefilterte Ansicht ist in der Kategorie „Active Directory Certificate Services“ auf jedem System, auf dem die Zertifizierungsstelle installiert ist, bereits vorkonfiguriert.
Ereignisquelle Microsoft-Windows-CertificationAuthority
Einige dieser Ereignisse werden nur protokolliert, wenn die Niveau de journalisation für das Ereignisprotokoll der betreffenden Zertifizierungsstelle auf 4 (CERTLOG_VERBOSE) oder höher eingestellt wurde.
Connaissez-vous TameMyCerts? TameMyCerts est un add-on pour l'autorité de certification Microsoft (Active Directory Certificate Services). Il étend la fonction de l'autorité de certification et permet de Application de la réglementationIl s'agit d'un logiciel de gestion des certificats qui permet d'automatiser l'émission de certificats en toute sécurité. TameMyCerts est unique dans l'écosystème Microsoft, a déjà fait ses preuves dans d'innombrables entreprises du monde entier et est disponible sous une licence libre. Il peut téléchargé via GitHub et être utilisé gratuitement. Une maintenance professionnelle est également proposée.
| ID | Type | Texte de l'événement |
|---|---|---|
| 5 | Erreur | Active Directory Certificate Services could not find required registry information. The Active Directory Certificate Services may need to be reinstalled. |
| 6 | Information | Les services de certificats Active Directory ont émis un certificat pour la demande %1 pour %2. |
| 7 | Avertissement | Les services de certificats Active Directory ont refusé la demande %1 en raison de %2. La demande concernait %3. |
| 8 | Information | Les services de certificats Active Directory ont laissé la demande %1 en attente dans la file d'attente pour %2. |
| 9 | Erreur | Les services de certificats Active Directory n'ont pas démarré : impossible de charger un module de stratégie externe. |
| 10 | Avertissement | Les services de certificats Active Directory n'ont pas pu créer un nouveau certificat ou une nouvelle chaîne de certificats : %1. |
| 15 | Erreur | Les services de certificats Active Directory n'ont pas démarré : la version ne correspond pas à certif.dll. |
| 16 | Erreur | Les services de certificats Active Directory n'ont pas démarré : impossible d'initialiser OLE : %1. |
| 17 | Erreur | Les services de certificats Active Directory n'ont pas démarré : impossible d'initialiser la connexion à la base de données pour %1. %2. |
| 19 | Erreur | Les services de certificats Active Directory n'ont pas démarré : la chaîne du modèle de nom de sujet dans la valeur de registre HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\%1\SubjectTemplate n'est pas valide. Voici un exemple de chaîne valide : CommonName OrganizationalUnit Organization Locality State Country |
| 20 | Erreur | Les services de certificats Active Directory n'ont pas démarré : la chaîne „ Certificate Date Validity Period “ dans la valeur de registre HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\%1\ValidityPeriod n'est pas valide. Les chaînes valides sont „ Seconds “, „ Minutes “, „ Hours “, „ Days “, „ Weeks “, „ Months “ et « Years ». |
| 21 | Erreur | Les services de certificats Active Directory n'ont pas pu traiter la demande %1 en raison d'une erreur : %2. La demande concernait %3. |
| 22 | Erreur | Les services de certificats Active Directory n'ont pas pu traiter la demande %1 en raison d'une erreur : %2. La demande concernait %3. Informations supplémentaires : %4 |
| 23 | Erreur | Les services de certificats Active Directory n'ont pas pu traiter la demande %1 en raison d'une erreur : %2. La demande concernait %3. Le certificat contiendrait une longueur codée potentiellement incompatible avec les anciens logiciels d'inscription. Envoyez une nouvelle demande en utilisant des données d'entrée de longueur différente pour le champ suivant : %4. |
| 25 | Information | Les services de certificats Active Directory ont révoqué le certificat pour la demande %1 pour %2. |
| 26 | Information | Les services de certificats Active Directory pour %1 ont été démarrés.%2%3 |
| 27 | Erreur | Active Directory Certificate Services did not start: Hierarchical setup is incomplete. Use the request file in %1.req to obtain a certificate for this Certificate Server, and use the Certification Authority administration tool to install the new certificate and complete the installation. |
| 33 | Erreur | Active Directory Certificate Services did not start: Could not create the Certificate Server service thread for %1. %2. |
| 34 | Erreur | Active Directory Certificate Services did not start: Could not initialize RPC for %1. %2. |
| 35 | Erreur | Active Directory Certificate Services did not start: Could not initialize OLE for %1. %2. |
| 38 | Information | Active Directory Certificate Services for %1 was stopped. |
| 39 | Erreur | Les services de certificats Active Directory n'ont pas démarré : la classe DCOM de l'autorité de certification pour %1 n'a pas pu être enregistrée. %2. Utilisez l'outil d'administration des services pour modifier le contexte de connexion de l'autorité de certification. |
| 40 | Erreur | Les services de certificats Active Directory n'ont pas démarré : impossible d'initialiser les fabriques de classes DCOM pour %1. %2. |
| 42 | Erreur | Impossible de créer une chaîne de certificats pour le certificat CA %3 pour %1. %2. |
| 43 | Erreur | La méthode „ %1 “ du module de stratégie „ %2 “ a provoqué une exception à l'adresse %4. Le code d'exception est %3. |
| 44 | Erreur | La méthode „ %1 “ du module de stratégie „ %2 “ a renvoyé une erreur. %5 Le code d'état renvoyé est %3. %4 |
| 45 | Erreur | La méthode „ %1 “ du module de sortie „ %2 “ a provoqué une exception à l'adresse %4. Le code d'exception est %3. |
| 46 | Erreur | La méthode „ %1 “ du module de sortie „ %2 “ a renvoyé une erreur. %5 Le code d'état renvoyé est %3. %4 |
| 48 | Avertissement | Le statut de révocation d'un certificat dans la chaîne pour le certificat CA %3 pour %1 n'a pas pu être vérifié car un serveur est actuellement indisponible. %2. |
| 49 | Avertissement | Un certificat dans la chaîne pour le certificat CA %3 pour %1 n'a pas pu être vérifié car aucune information n'est disponible pour décrire comment vérifier l'état de révocation. %2. |
| 51 | Erreur | Un certificat dans la chaîne pour le certificat CA %3 pour %1 a été révoqué. %2. |
| 52 | Information | Active Directory Certificate Services issued a certificate for request %1 for %2. Additional information: %3 |
| 53 | Avertissement | Active Directory Certificate Services denied request %1 because %2. The request was for %3. Additional information: %4 |
| 54 | Information | Active Directory Certificate Services left request %1 pending in the queue for %2. Additional information: %3 |
| 56 | Information | Active Directory Certificate Services denied request %1. The request was for %2. |
| 57 | Information | Active Directory Certificate Services denied request %1. The request was for %2. Additional information: %3 |
| 58 | Erreur | A certificate in the chain for CA certificate %3 for %1 has expired. %2. |
| 59 | Erreur | Active Directory Certificate Services did not start: Could not connect to the Active Directory for %1. %2. |
| 60 | Erreur | Active Directory Certificate Services refused to process an extremely long request from %1. This may indicate a denial-of-service attack. If the request was rejected in error, modify the MaxIncomingMessageSize registry parameter via certutil -setreg CA\MaxIncomingMessageSize . Unless verbose logging is enabled, this error will not be logged again for 20 minutes. |
| 62 | Avertissement | Active Directory Certificate Services had problems loading valid CRL publication values and has reset the CRL publication to its default settings. |
| 63 | Erreur | Active Directory Certificate Services did not start: %1 %2. |
| 64 | Erreur | Active Directory Certificate Services cannot publish enrollment access changes to Active Directory. |
| 65 | Erreur | Active Directory Certificate Services could not publish a Base CRL for key %1 to the following location: %2. %3.%5%6 |
| 66 | Erreur | Active Directory Certificate Services could not publish a Delta CRL for key %1 to the following location: %2. %3.%5%6 |
| 67 | Erreur | Active Directory Certificate Services made %1 attempts to publish a CRL and will stop publishing attempts until the next CRL is generated. |
| 68 | Information | Active Directory Certificate Services successfully published Base CRL(s). |
| 69 | Information | Active Directory Certificate Services successfully published Delta CRL(s). |
| 70 | Information | Active Directory Certificate Services successfully published Base and Delta CRL(s). |
| 71 | Information | Active Directory Certificate Services successfully published Base CRL(s) to server %1. |
| 72 | Information | Active Directory Certificate Services successfully published Delta CRL(s) to server %1. |
| 73 | Information | Active Directory Certificate Services successfully published Base and Delta CRL(s) to server %1. |
| 74 | Erreur | Les services de certificats Active Directory n'ont pas pu publier une liste de révocation de certificats (CRL) de base pour la clé %1 à l'emplacement suivant sur le serveur %4 : %2. %3.%5%6 |
| 75 | Erreur | Les services de certificats Active Directory n'ont pas pu publier une liste de révocation delta pour la clé %1 à l'emplacement suivant sur le serveur %4 : %2. %3.%5%6 |
| 76 | Information | The „%1“ Policy Module logged the following information: %2 |
| 77 | Avertissement | The „%1“ Policy Module logged the following warning: %2 |
| 78 | Erreur | The „%1“ Policy Module logged the following error: %2 |
| 79 | Avertissement | Active Directory Certificate Services could not publish a Certificate for request %1 to the following location: %2. %3.%5%6 |
| 80 | Avertissement | Active Directory Certificate Services could not publish a Certificate for request %1 to the following location on server %4: %2. %3.%5%6 |
| 81 | Erreur | Active Directory Certificate Services key archival is only supported on Advanced Server. %1 |
| 82 | Erreur | Active Directory Certificate Services could only verify %1 of %2 key recovery certificates required to enable private key archival. Requests to archive private keys will not be accepted. |
| 83 | Erreur | Active Directory Certificate Services encountered an error loading key recovery certificates. Requests to archive private keys will not be accepted. %1 |
| 84 | Erreur | Active Directory Certificate Services will not use key recovery certificate %1 because it could not be verified for use as a Key Recovery Agent. %2 %3 |
| 85 | Avertissement | Active Directory Certificate Services ignored key recovery certificate %1 because it could not be loaded. %2 %3 |
| 86 | Avertissement | Active Directory Certificate Services could not use the provider specified in the registry for encryption keys. %1 |
| 87 | Erreur | Active Directory Certificate Services could not use the default provider for encryption keys. %1 |
| 88 | Avertissement | Active Directory Certificate Services switched to the default provider for encryption keys. %1 |
| 90 | Erreur | %1: Active Directory Certificate Services detected an exception at address %2. Flags = %3. The exception is %4. |
| 91 | Erreur | Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access. |
| 92 | Erreur | Active Directory Certificate Services could not update security permissions. %1 |
| 93 | Avertissement | The certificate (#%1) of Active Directory Certificate Services %2 does not exist in the certificate store at CN=NTAuthCertificates,CN=Public Key Services,CN=Services in the Active Directory’s configuration container. The directory replication may not be completed. |
| 94 | Avertissement | Active Directory Certificate Services %1 can not open the certificate store at CN=NTAuthCertificates,CN=Public Key Services,CN=Services in the Active Directory’s configuration container. |
| 95 | Erreur | Security permissions are corrupted or missing. The Active Directory Certificate Services may need to be reinstalled. |
| 96 | Erreur | Active Directory Certificate Services could not create an encryption certificate. %1. %2. |
| 97 | Avertissement | Active Directory Certificate Services %1 will reduce the maximum lifetime of the issued certificate for request %2 because the CA certificate lifetime is shorter than the registry validity period. Consider renewing the CA certificate or reducing the registry validity period. |
| 98 | Erreur | Active Directory Certificate Services encountered errors validating configured key recovery certificates. Requests to archive private keys will no longer be accepted. |
| 99 | Erreur | Active Directory Certificate Services could not create cross certificate %1 to certify its own root certificates. %2. %3. |
| 100 | Erreur | Active Directory Certificate Services did not start: Could not load or verify the current CA certificate. %1 %2. |
| 101 | Information | Active Directory Certificate Services created CA cross certificate %2 for %1. |
| 102 | Erreur | Active Directory Certificate Services could not create cross certificate %1 to certify its own root certificates. The %2 extension is inconsistent. %3. %4. |
| 103 | Avertissement | Active Directory Certificate Services added the root certificate of certificate chain %1 to the downloaded Trusted Root Certification Authorities Enterprise store on the CA computer. This store will be updated from the Certification Authorities container in Active Directory the next time Group Policy is applied. To verify that the CA certificate is published correctly in Active Directory, run the following command: certutil -viewstore „%2“ (you must include the quotation marks when you run this command). If the root CA certificate is not present, use the Certificates console on the root CA computer to export the certificate to a file, and then run the following command to publish it to Active Directory: Certutil -dspublish %certificatefilename% Root. |
| 104 | Information | Active Directory Certificate Services published certificate %1 to %2. |
| 105 | Information | Active Directory Certificate Services deleted invalid certificate %1 from %2. |
| 106 | Avertissement | Active Directory Certificate Services cannot add certificate %1 to %2. %3. %4. |
| 107 | Avertissement | Active Directory Certificate Services cannot delete invalid certificate %1 from %2. %3. %4. |
| 108 | Avertissement | Active Directory Certificate Services could not delete a Certificate for request %1 from the following location: %2. %3.%5%6 |
| 109 | Avertissement | Active Directory Certificate Services could not delete a Certificate for request %1 from the following location on server %4: %2. %3.%5%6 |
| 110 | Avertissement | Active Directory Certificate Services could not initialize the performance counters. |
| 111 | Erreur | Active Directory Certificate Services upgrade failed because the upgrade path could not be determined. %1 |
| 112 | Erreur | Active Directory Certificate Services upgrade failed because information required for the upgrade was unavailable. %1 |
| 113 | Avertissement | A portion of the Active Directory Certificate Services upgrade failed: Could not create CertEnroll folder and/or shared folder with proper permissions. %1 |
| 114 | Avertissement | A portion of the Active Directory Certificate Services upgrade failed: Could not create virtual roots. %1 |
| 115 | Avertissement | A portion of the Active Directory Certificate Services upgrade failed: Could not update server registry entries. %1 |
| 116 | Avertissement | A portion of the Active Directory Certificate Services upgrade failed: Could not create web configuration file. %1 |
| 117 | Avertissement | A portion of the Active Directory Certificate Services upgrade failed: Could not create revocation page. %1 |
| 118 | Avertissement | A portion of the Active Directory Certificate Services upgrade failed: Could not upgrade key containers. %1 |
| 121 | Avertissement | A portion of the Active Directory Certificate Services upgrade failed: Could not install new templates. %1 |
| 122 | Avertissement | A portion of the Active Directory Certificate Services upgrade failed: Could not update service description. %1 |
| 123 | Avertissement | A portion of the Active Directory Certificate Services upgrade failed: Could not update security settings. %1 |
| 124 | Information | Active Directory Certificate Services upgrade succeeded. Active Directory Certificate Services settings have been upgraded successfully. |
| 125 | Erreur | Active Directory Certificate Services upgrade failed. Active Directory Certificate Services settings have not been upgraded. %1 |
| 126 | Erreur | Current information about advanced features supported by this Certification Authority is not available from the domain controller. Stop and restart Certificate Services in order to update this information. %1 |
| 127 | Erreur | Key recovery certificate %1 is about to expire soon and will not be used upon expiration. Contact your adminstrator to renew this certificate. %2 %3 |
| 128 | Avertissement | An Authority Key Identifier was passed as part of the certificate request %1. This feature has not been enabled. To enable specifying a CA key for certificate signing, run: „certutil -setreg ca\UseDefinedCACertInRequest 1“ and then restart the service. |
| 129 | Avertissement | Un OID invalide a été détecté dans le paramètre de configuration EnabledEKUForDefinedCACert. Pour résoudre ce problème, exécutez „certutil -getreg ca\EnabledEKUForDefinedCACert“ pour identifier l'OID invalide et le corriger. L'OID par défaut („1.3.6.1.5.5.7.3.9“) sera utilisé. |
| 130 | Erreur | Active Directory Certificate Services n'a pas pu créer de liste de révocation de certificats. %1. Cela peut provoquer l'échec des applications qui ont besoin de vérifier l'état de révocation des certificats émis par cette CA. Vous pouvez recréer manuellement la liste de révocation des certificats en exécutant la commande suivante : „certutil -CRL“. Si le problème persiste, redémarrez Certificate Services. |
| 131 | Avertissement | Un OID invalide a été détecté dans le paramètre de configuration EKUOIDsForPublishExpiredCertInCRL. Pour résoudre ce problème, exécutez : „certutil -getreg ca\EKUOIDsForPublishExpiredCertInCRL“ pour identifier l'OID invalide et le corriger. Les OID par défaut („1.3.6.1.5.5.7.3.3“ et „1.3.6.1.4.1.311.61.1.1“) seront utilisés. |
| 132 | Erreur | The certification authority (CA) was unable to perform a decryption operation. This error can occur when an advanced encryption algorithm such as Advanced Encryption Standard (AES) is used and the CA has not been configured to use a CryptoAPI Next Generation (CNG) key storage provider. If this error occurred during certificate enrollment, check the certificate template to ensure that advanced encryption for key archival is not enabled. |
| 133 | Erreur | The certification authority (CA) failed to encode a server extension required to validate a certificate or certification revocation list (CRL). The CA will not issue any certificates or CRLs that do not contain this extension. To correct this problem, use the Certification Authority snap-in to remove any Unicode characters in the URLs for the AIA, CDP, and IDP extensions, then restart the CA. |
| 134 | Information | A certificate in the chain for CA certificate %3 for %1 has expired. %2. |
Liens complémentaires :
- Übersicht über die vom Onlineresponder (OCSP) generierten Windows-Ereignisse
- Présentation des événements Windows générés par le service d'enregistrement des périphériques réseau (NDES)
- Übersicht über die vom Zertifikatregistrierungs-Richtliniendienst (CEP) generierten Windows-Ereignisse
- Présentation des événements Windows générés par le service Web d'enregistrement des certificats (CES)
Sources externes
- Windows Event Log Messages (WELM) (GitHub)
Français 
Deutsch 
English
Les commentaires sont fermés.