AD CS Certification Authority Certificate and Chain Validation
Applies To: Windows Server 2008
Chain or path validation is the process by which end-entity (user or computer) certificates and all certification authority (CA) certificates are processed hierarchically until the certificate chain terminates at a trusted, self-signed certificate. Typically, this is a root CA certificate. Active Directory Certificate Services (AD CS) startup can fail if there are problems with availability, validity, and chain validation for the CA certificate.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services did not start: Hierarchical setup is incomplete. Use the request file in %1.req to obtain a certificate for this certification authority, and use the Certification Authority snap-in to install the new certificate and complete the installation. | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services did not start: The chain of Certification Authority certificates is not properly configured. | |
Microsoft-Windows-CertificationAuthority |
A certificate chain could not be built for CA certificate %3 for %1. %2. | |
Microsoft-Windows-CertificationAuthority |
Revocation status for a certificate in the chain for CA certificate %3 for %1 could not be verified because a server is currently unavailable. %2. | |
Microsoft-Windows-CertificationAuthority |
A certificate in the chain for CA certificate %3 for %1 could not be verified because no information is available describing how to check the revocation status. %2. | |
Microsoft-Windows-CertificationAuthority |
A certificate in the chain for CA certificate %3 for %1 has been revoked. %2. | |
Microsoft-Windows-CertificationAuthority |
A certificate in the chain for CA certificate %3 for %1 has expired. %2. | |
Microsoft-Windows-CertificateServicesClient-AutoEnrollment |
Certificate for %1 with Thumbprint %2 is about to expire or has already expired. | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services did not start: Could not load or verify the current CA certificate. %1 %2. | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services temporarily added the root certificate of certificate chain %1 to the downloaded Enterprise Root store. If this problem persists, publishing the root certificate to the Active Directory may be necessary. | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services published certificate %1 to %2. | |
Microsoft-Windows-CertificationAuthority |
Active Directory Certificate Services deleted invalid certificate %1 from %2. |