| Event Id | 53 |
| Source | Microsoft-Windows-CertificationAuthority |
| Description | Active Directory Certificate Services denied request %1 because %2. The request was for %3. Additional information: %4 |
| Event Information | According to Microsoft: Cause : This event is logged when Active Directory Certificate Services denied request. Resolution : Remove conditions that prevent a certificate request from being approved Thes are the following steps to resolve the error. 1.Confirm user account information in Active Directory Domain Services (AD DS). 2.Confirm certificate template information. 3.Confirm the certificate chain for the CA. 4.Check the most recent certificate revocation lists (CRLs). 5.Publish a new CRL. Confirm user account information in AD DS Note To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority. To confirm user account information: 1.On the domain controller, clickStart, point toAdministrative Tools, and clickActive Directory Users and Computers. 2.In the console tree, select the domain and user group in which the user's account should be located. 3.If the user account exists, right-click the account, clickProperties, and confirm that the user has a properly configured Domain Name System (DNS) name. Confirm certificate template information Note: To perform this procedure, you must have Manage CA permission, or you must have been delegated the appropriate authority. To confirm certificate template information: 1.On the computer hosting the CA, clickStart, type certtmpl.msc and press ENTER. 2.Right-click the certificate template that you are troubleshooting, and confirm that the user or group has permissions to enroll for a certificate based on this template. Confirm the certificate chain for the CA To validate the chain for the CA: 1.ClickStart, type mmc, and then press ENTER. 2.If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then clickContinue. 3.On theFile menu, click Add/Remove Snap-in, clickCertificates, and then click Add. 4.ClickComputer account, and clickNext. 5.Select the computer hosting the CA, clickFinish, and then clickOK. 6.Select each CA certificate in the certificate chain, and clickView Certificate. 7.Click theDetails tab, and clickCopy to File to start the Certificate Export Wizard. Save each certificate with a .cer extension. 8.Open a command prompt and run the following command on each CA certificate: certutil -urlfetch -verify |
| Reference Links | Event ID 53 from Source Microsoft-Windows-CertificationAuthority |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.