Event Id | 108 |
Source | Microsoft-Windows-CertificationAuthority |
Description | Active Directory Certificate Services could not delete a certificate for request %1 from the following location: %2. %3.%5%6 |
Event Information | According to Microsoft : Cause This event is logged when Active Directory Certificate Services could not delete Resolution Note:Manually delete the certificate A connectivity or permissions problem can prevent you from deleting a certificate. To resolve this problem: Confirm that you have network access to the location where the certificate is stored. Try to delete the certificate mentioned in the event log message by using one of the following procedures. If you confirm that you have network connectivity and still cannot delete the certificate, then confirm permissions on the Domain Users and Domain Computers containers in Active Directory Domain Services (AD DS) before attempting to delete the certificate again. To perform these procedures, you must have Manage CA permission, or you must have been delegated the appropriate authority. Delete a certificate To delete a certificate by using the Certificates snap-in: 1.Confirm that the certificate that you want to delete exists in the location identified in the event log message. 2. If you are unable to access this location because of a connection issue, correct this issue and try again. 3. Click Start, type mmc, and then press ENTER. 4.If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. 5. On the File menu, click Add/Remove Snap-in, click Certificates, and then click Add. 6.Select the user, service, or computer account, and click Next. 7. If you want to delete a certificate for a computer or service, identify the computer or service. Click Finish, and then click OK. 8.Select the certificate store where the certificate you intend to delete exists. 9Right-click the certificate you want to delete, and click Delete. 10.When asked whether you want to delete this certificate, click Yes. You can also remove an invalid certificate by using the Certutil command-line tool. To delete a certificate by using Certutil: 1.Open a command prompt window. 2.Type certutil -viewdelstore 3.Select the certificate you want to delete, and click OK. If you are still unable to delete the certificate, follow the procedure in the "Confirm permissions on the Domain Computers and Domain Users containers in Active Directory Domain Services" section to confirm that the computer hosting the certification authority (CA) has Read and Write permissions to the location specified in the error message. To confirm that the CA has necessary permissions on the Domain Computers and Domain Users containers: 1.On the computer hosting the CA, click Start, point to Administrative Tools, and click Active Directory Sites and Services. 2.On the 3.Double-click Services, double-click Public Key Services, right-click Domain Computers, and click Properties. 4. On the Security tab, confirm that the Cert Publishers group has Read and Write permissions. 5.Right-click Domain Users, and click Properties. 6. On the Security tab, confirm that the Cert Publishers group has Read and Write permissions. Verify To perform this procedure, you must have permission to request a certificate. To confirm that certificate request processing is working properly: 1.Click Start, type certmgr.msc, and then press ENTER. 2. If the dialog box appears, confirm that the action it displays is what you want, and then click Continue. 3.In the console tree, double-click Personal, and then click Certificates. 4On the Action menu, point to 5.Use the wizard to create and submit a certificate request for any type of certificate that is available. |
Reference Links | Event ID 108 from Source Microsoft-Windows-CertificationAuthority |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.