Event ID 128 — AD CS Certificate Request (Enrollment) Processing
Applies To: Windows Server 2008
.jpg)
One of the primary functions of a certification authority (CA) is to evaluate certificate requests from clients and, if predefined criteria are met, issue certificates to those clients. In order for certificate enrollment to succeed, a number of elements must be in place before the request is submitted, including a CA with a valid CA certificate; properly configured certificate templates, client accounts, and certificate requests; and a way for the client to submit the request to the CA, have the request validated, and install the issued certificate.
Event Details
| Product: | Windows Operating System |
| ID: | 128 |
| Source: | Microsoft-Windows-CertificationAuthority |
| Version: | 6.0 |
| Symbolic Name: | MSG_W_REQUEST_CONTAINS_AKI |
| Message: | An Authority Key Identifier was passed as part of the certificate request %1. This feature has not been enabled. To enable a CA key to be specified for certificate signing, run: "certutil -setreg ca\UseDefinedCACertInRequest 1" and then restart the service. |
Resolve
Enable revocation checking for all issued certificates
To fix this problem, enable Online Responder revocation checking for all time-valid certificates issued by the certification authority (CA).
To perform this procedure, you must have Manage CA permission, or you must have been delegated the appropriate authority.
To enable Online Responder revocation checking for all time-valid certificates issued by the CA:
- Open a command prompt window on the computer hosting the CA.
- Type certutil -setreg ca\UseDefinedCACertInRequest 1 and press ENTER.
- Click Start, point to Administrative Tools, and click Certification Authority.
- Select the name of the CA, and then click Restart.
Verify
To perform this procedure, you must have permission to request a certificate.
To confirm that certificate request processing is working properly:
- Click Start, type certmgr.msc, and then press ENTER.
- If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
- In the console tree, double-click Personal, and then click Certificates.
- On the Action menu, point to All Tasks, and click Request New Certificate to start the Certificate Enrollment wizard.
- Use the wizard to create and submit a certificate request for any type of certificate that is available.
- Under Certificate Installation Results, confirm that the enrollment completes successfully and no errors are reported. You can also click Details to view additional information about the certificate.