AD CS Active Directory Domain Services Connection

Applies To: Windows Server 2008

Active Directory Certificate Services (AD CS) requires at least Read access, and in some instances Write access, to certain objects in Active Directory Domain Services (AD DS). Failure to access these Active Directory objects can prevent AD CS from starting.

Events

Event ID Source Message

24

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services did not start: Unable to get information about the cryptographic service provider (CSP) from the registry for %1. %2.

59

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services did not start: Could not connect to the Active Directory for %1. %2.

64

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services cannot publish enrollment access changes to Active Directory.

91

Microsoft-Windows-CertificationAuthority

A connection to Active Directory Directory Services could not be established. Active Directory Certificate Services will try to connect again when it needs Active Directory access.

93

Microsoft-Windows-CertificationAuthority

The certificate (#%1) of certification authority %2 does not exist in the certificate store at CN=NTAuthCertificates,CN=Public Key Services,CN=Services in the Active Directory's configuration container. The directory replication may not be completed.

94

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services %1 cannot open the certificate store at CN=NTAuthCertificates,CN=Public Key Services,CN=Services in the Active Directory's configuration container.

106

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services cannot add certificate %1 to %2. %3. %4.

107

Microsoft-Windows-CertificationAuthority

Active Directory Certificate Services cannot delete invalid CA certificate %1 from %2. %3. %4.

AD CS Certification Authority (CA)

Active Directory Certificate Services