Prev: Certification Authority
Next: stop message
From: 150d on 6 Jan 2008 08:22
Hello,

On a Windows 2003/R2 Server running a certificate authority I'm seeing
failed certificate update requests all of a sudden. It started around the
change of the year, so it might very well be some expired certificate.

The event log says:

CertSvc ID 22

Die Anforderung 49 konnte aufgrund eines Fehlers nicht ausgeführt werden:
Die Sperrfunktion konnte die Sperrung nicht überprüfen, da der Sperrserver
offline war. 0x80092013 (-2146885613). Die Anforderung bezog sich auf
CN=somemachinename. Weitere Informationen: Fehler beim Verifizieren der
Anforderungssignatur oder des Signierungszertifikats

After some searching it is my conclusion that the CA wasn't able to query
another authority on whether the used certificates might have been revoked in
the meantime. Is this correct, and where can I verify this? (I'm using a
self-created certificate that shouldn't need verification anywhere.)

There might be another reason, though: The machines in question (more than
one) have been equiped with a new desktop firewall recently. Do I need to
open ports for the certification update here, and for what process would that
be?

Any help would be much appreciated.

Regards,
150d

From: Jabez Gan [MVP] on 6 Jan 2008 10:50
I couldn't read the event message, but have you tried seearching at
www.eventid.net?

--
Jabez Gan
Microsoft MVP: Windows Server - File Storage
"150d" <150d(a)discussions.microsoft.com> wrote in message
news:0F849648-CF54-4B89-AA6B-B894ABA68218(a)microsoft.com...
> Hello,
>
> On a Windows 2003/R2 Server running a certificate authority I'm seeing
> failed certificate update requests all of a sudden. It started around the
> change of the year, so it might very well be some expired certificate.
>
> The event log says:
>
> CertSvc ID 22
>
> Die Anforderung 49 konnte aufgrund eines Fehlers nicht ausgeführt werden:
> Die Sperrfunktion konnte die Sperrung nicht überprüfen, da der Sperrserver
> offline war. 0x80092013 (-2146885613). Die Anforderung bezog sich auf
> CN=somemachinename. Weitere Informationen: Fehler beim Verifizieren der
> Anforderungssignatur oder des Signierungszertifikats
>
> After some searching it is my conclusion that the CA wasn't able to query
> another authority on whether the used certificates might have been revoked
> in
> the meantime. Is this correct, and where can I verify this? (I'm using a
> self-created certificate that shouldn't need verification anywhere.)
>
> There might be another reason, though: The machines in question (more than
> one) have been equiped with a new desktop firewall recently. Do I need to
> open ports for the certification update here, and for what process would
> that
> be?
>
> Any help would be much appreciated.
>
> Regards,
> 150d
>

From: 150d on 7 Jan 2008 16:50
> I couldn't read the event message, but have you tried seearching at
> www.eventid.net?

Yes, I did. They have the event registered but offer no tips at all.

A translation of the reason would be something like that:

"The locking function could not check the locking status because the locking
server was offline. The request concerned CN=somemachinename. More
information: Error verifying the request signature or the signing
certificate."

The rest, including the exact english translation, is listed at eventid.net.

 | 
Pages: 1
Prev: Certification Authority
Next: stop message