| Event Id | 16 |
| Source | Microsoft-Windows-OnlineResponderRevocationProvider |
| Description | For configuration %1, the Online Responder revocation provider failed to update CRL information: %2. |
| Event Information | According to Microsoft : Cause : This event is logged when the Online Responder revocation provider failed to update CRL. Resolution : Enable access to current certificate revocation lists To correct this problem: 1.On the certification authority (CA), check for certificate revocation list (CRL) publication errors. 2.If there was a problem with the last publication, republish the latest base and delta CRLs. 3.Confirm that the URLs configured for the revocation configuration are valid. 4.Refresh the revocation configuration information. 5.If the error persists, enable CrytpoAPI 2.0 Diagnostics for more information. Note: To perform these procedures, you must be a member of localAdministrators on the computer hosting the Online Responder and have Manage CA permissions on the computer hosting the CA, or you must have been delegated the appropriate authority. Check for CRL publishing errors on the CA To check for CRL publishing errors on the CA: 1.On the CA, clickStart, point to Administrative Tools, and clickEvent Viewer. 2.Check for additional error messages or warnings related to CRL publishing. 3.Resolve any problems identified and republish both the base and delta CRLs. Republish base and delta CRLs To republish base and delta CRLs: 1.Open a command prompt window on the CA. 2.Type certutil -crl and press ENTER. 3.Confirm that no further error messages are logged. Confirm that the URLs configured for base and delta CRL distribution points are valid To confirm that the URLs configured for base and delta CRL distribution points are valid: 1.On the computer hosting the Online Responder, clickStart, point toAdministrative Tools, and clickOnline Responder. 2.Select the revocation configuration node. 3.In the details pane, right-click the revocation configuration specified in the error message description, and clickEdit Properties. 4.Click theRevocation Provider tab, and then clickProvider. 4.Note the URLs configured in Base CRL URLs andDelta CRL URLs. 5.Confirm that these URLs are accessible by the computer running the Online Responder and that they contain valid CRL files published by the CA. 6.Confirm that these URLs are accessible by the computer running the Online Responder and that they contain valid CRL files published by the CA. Confirm the relation of CRL distribution points to a CA To confirm the relation of CRL distribution points to a CA: 1.On the computer hosting the CA, clickStart, point toAdministrative Tools, and clickCertification Authority. 2.Click theExtensions tab, and note the URLs entered for theCRL Distribution Point (CDP) extension. Note the URLs for whichPublish CRLs to this location andPublish Delta CRLs to this location are selected. 3.Confirm that these are the same network locations configured as base and delta CRLs in the Online Responder snap-in. 4.On the computer to which the base CRL is published, examine the Freshest CRL extension for the base CRL. Confirm that this identifies a location where the delta CRL can be found. 5.Republish the current CRL, if necessary, by opening a command prompt window on the CA and running the following command:certutil -crl. 6.Then, confirm that the Online Responder can access the CRL. To do this, open the Online Responder snap-in, right-clickArray configuration, and clickRefresh Revocation Data. Refresh revocation information You can update revocation information by retrieving an updated CRL. An updated CRL can be retrieved by: a)Using the Services snap-in console to restart the Online Responder service. b)Using the Online Responder snap-in to refresh revocation data and confirming that the error does not appear. To update revocation information for an Online Responder by using the Services snap-in console: 1.On the Online Responder, clickStart, point toAdministrative Tools, and clickServices. 2.Click Online Responder Services, and clickRestart. To update revocation information for an Online Responder by using the Online Responder snap-in: 1.On the computer hosting the Online Responder, clickStart, point toAdministrative Tools, and click Online Responder. 2.Right-clickArray Configuration, and clickRefresh Revocation Data. 3.Confirm that no additional errors are reported. 4.Click theOnline Responder node, and confirm that the revocation configuration is listed as Working. 5.UnderArray Configuration, select the Online Responder computer that logged the error, and then click the revocation configuration named in the error. 6.Under the details pane, view theRevocation Configuration Status pane for the status of the signing certificate and the revocation provider. 7.Confirm that no additional errors are reported. Enable CryptoAPI 2.0 Diagnostics To enable CryptoAPI 2.0 Diagnostics: 1.On the Online Responder,Start, point toAdministrative Tools, and clickEvent Viewer. 2.In the console tree, expand Event Viewer, Applications and Services Logs, Microsoft, Windows, and CAPI2. 3.Right-clickOperational, and clickEnable Log. 4.ClickStart, point toAdministrative Tools, and clickServices. 5.Right-clickActive Directory Certificate Services, and clickRestart. |
| Reference Links | Event ID 16 from Source Microsoft-Windows-OnlineResponderRevocationProvider |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.