Guest 150d Posted January 6, 2008 Posted January 6, 2008 Hello, On a Windows 2003/R2 Server running a certificate authority I'm seeing failed certificate update requests all of a sudden. It started around the change of the year, so it might very well be some expired certificate. The event log says: CertSvc ID 22 Die Anforderung 49 konnte aufgrund eines Fehlers nicht ausgeführt werden: Die Sperrfunktion konnte die Sperrung nicht überprüfen, da der Sperrserver offline war. 0x80092013 (-2146885613). Die Anforderung bezog sich auf CN=somemachinename. Weitere Informationen: Fehler beim Verifizieren der Anforderungssignatur oder des Signierungszertifikats After some searching it is my conclusion that the CA wasn't able to query another authority on whether the used certificates might have been revoked in the meantime. Is this correct, and where can I verify this? (I'm using a self-created certificate that shouldn't need verification anywhere.) There might be another reason, though: The machines in question (more than one) have been equiped with a new desktop firewall recently. Do I need to open ports for the certification update here, and for what process would that be? Any help would be much appreciated. Regards, 150d
Guest Jabez Gan [MVP] Posted January 6, 2008 Posted January 6, 2008 Re: CertSvc Event ID 22 I couldn't read the event message, but have you tried seearching at http://www.eventid.net? -- Jabez Gan Microsoft MVP: Windows Server - File Storage "150d" <150d@discussions.microsoft.com> wrote in message news:0F849648-CF54-4B89-AA6B-B894ABA68218@microsoft.com... > Hello, > > On a Windows 2003/R2 Server running a certificate authority I'm seeing > failed certificate update requests all of a sudden. It started around the > change of the year, so it might very well be some expired certificate. > > The event log says: > > CertSvc ID 22 > > Die Anforderung 49 konnte aufgrund eines Fehlers nicht ausgeführt werden: > Die Sperrfunktion konnte die Sperrung nicht überprüfen, da der Sperrserver > offline war. 0x80092013 (-2146885613). Die Anforderung bezog sich auf > CN=somemachinename. Weitere Informationen: Fehler beim Verifizieren der > Anforderungssignatur oder des Signierungszertifikats > > After some searching it is my conclusion that the CA wasn't able to query > another authority on whether the used certificates might have been revoked > in > the meantime. Is this correct, and where can I verify this? (I'm using a > self-created certificate that shouldn't need verification anywhere.) > > There might be another reason, though: The machines in question (more than > one) have been equiped with a new desktop firewall recently. Do I need to > open ports for the certification update here, and for what process would > that > be? > > Any help would be much appreciated. > > Regards, > 150d >
Guest 150d Posted January 7, 2008 Posted January 7, 2008 Re: CertSvc Event ID 22 > I couldn't read the event message, but have you tried seearching at > http://www.eventid.net? Yes, I did. They have the event registered but offer no tips at all. A translation of the reason would be something like that: "The locking function could not check the locking status because the locking server was offline. The request concerned CN=somemachinename. More information: Error verifying the request signature or the signing certificate." The rest, including the exact english translation, is listed at eventid.net.
Recommended Posts