After more than two months, I received information from Microsoft Support that it was a problem on the Azure side and has been resolved.
No renewal event (1001) - Key Vault Virtual machine extension
How can I troubleshoot linkOnRenewal (IIS Certificate Rebind) using the Windows version of KV virtual machine extension? When I create a new version of the certificate in KV, then it installs cert but there is no renewal (1001) event in Windows Event Viewer. No errors in the extension log file
2 answers
Sort by: Most helpful
-
-
JamesTran-MSFT 36,371 Reputation points Microsoft Employee
2024-01-03T21:22:57.0166667+00:00 Thank you for your post!
When it comes to troubleshooting linkOnRenewal (IIS Certificate Rebind), I found some related issues to hopefully help point you in the right direction. If you're still having issues afterwards, please let me know.
I understand that when you create a new version of the certificate within the KV, it's installed but there's no Event ID 1001 within Windows Event Viewer or within the extension log file. To troubleshoot this, can you try the following:
- Ensure you configured auto-rebind by enabling automatic rebinding of certificate renewals in IIS.
- Check the
Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
logs to see if anything was written there, since the KV VM extension generates Certificate Lifecycle Notifications when a certificate with a matching SAN is installed. - If the above steps don't work, can you see if renewing a machine cert manually via MMC helps to populate the correct event id? For more info - Event ID1001 CertificateServicesClient-Lifecycle-System/Operational.
- Enable
Event Viewer\Applications and Services Logs\Microsoft\Windows\CertificateServicesClient-LifeCycle-System
log. - Renew a machine cert manually via MMC.
- After the cert has been renewed successfully, you should be able to see the event ID 1001.
- Enable
- Does the extension support certificate auto-rebinding?
- Enable automatic rebinding of renewed certificates
- Key vault extension not setting CertificateServicesClient-Lifecycle-System 1001
- Event ID1001 CertificateServicesClient-Lifecycle-System/Operational
- Can the Azure Key Vault VM Extension be configured to write events to the event log "Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational" ?
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.