Export (0) Print
Expand All

Enterprise PKI Status Codes

Applies To: Windows Server 2008 R2

The Enterprise PKI snap-in provides a view of the status of the certification authorities (CAs) and Online Responders in one or more public key infrastructures (PKIs). In addition, the Enterprise PKI snap-in can be used to verify the validity and accessibility of authority information access locations and certificate revocation list (CRL) distribution points.

For each CA selected, the Enterprise PKI snap-in indicates one of the CA health states listed in the following table.

 

Indicator CA state

Question mark

CA health state evaluation

Green indicator

CA has no problems

Yellow indicator

CA has one or more non-critical problems

Red indicator

CA has one or more critical problems

Red cross over CA icon

CA is offline

If your environment includes one or more Online Responders, the Enterprise PKI snap-in can be used to monitor the status of these components. The indicators and health states in the following table apply to Online Responders.

 

Indicator Online Responder state

Question mark

Online Responder health state evaluation

Green indicator

Online Responder has no problems

Yellow indicator

Online Responder has one or more non-critical problems

Red indicator

Online Responder has one or more critical problems

Red cross over CA icon

Online Responder is offline

The following status codes apply to CRL distribution points, delta CRL distribution points, and authority information access locations.

 

Indicator CRL distribution point or authority information access state

Question mark

Location health state evaluation

Green indicator

Data is available and has no problems

Yellow indicator

Data is available and has one or more non-critical problems

Red indicator

Data is available but has one or more critical problems

Red cross over CA icon

Data is not available

For problems relating to the Online Responder, use the Online Responder snap-in to further diagnose and resolve the problem. For problems relating to CAs, CRL distribution points, and authority information access locations, use the Certification Authority snap-in to further diagnose and resolve the problem. In addition, check the Event log on the computers hosting the Active Directory Certificate Services (AD CS) role services for additional troubleshooting information that can help you identify and resolve any problems. For more information about troubleshooting CA, Online Responder, certificate validation, and revocation checking problems, see Active Directory Certificate Services (http://go.microsoft.com/fwlink/?LinkId=89215).

Additional references

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft