AD CS Registry Settings
Applies To: Windows Server 2008
Active Directory Certificate Services (AD CS) records critical configuration settings in the registry and may not start or function properly if this information becomes corrupted or is deleted.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services could not find required registry information. The certification authority may need to be reinstalled. | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services did not start: The Subject Name Template string in the registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\%1\SubjectTemplate is invalid. An example of a valid string is: CommonName OrganizationalUnit Organization Locality State Country | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services did not start: The Certificate Date Validity Period string in the registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\%1\ValidityPeriod is invalid. Valid strings are "Seconds", "Minutes", "Hours", "Days", "Weeks", "Months" and "Years". | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services did not start: The Certificate Revocation List Period string is invalid in the registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\%1\CRLPeriod. Valid strings are "Seconds", "Minutes", "Hours", "Days", "Weeks", "Months" and "Years". | |
Microsoft-Windows-CertificationAuthority |
Security permissions are corrupted or missing. Active Directory Certificate Services needs to be reinstalled. |