Event Id | 20 |
Source | Microsoft-Windows-CertificationAuthority |
Description | Active Directory Certificate Services did not start: The Certificate Date Validity Period string in the registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\%1\ValidityPeriod is invalid. Valid strings are "Seconds", "Minutes", "Hours", "Days", "Weeks", "Months" and "Years". |
Event Information | According to Microsoft : Cause This event is logged when Active Directory Certificate Services did not start and The Certificate Date Validity Period string in the registry value is invalid. Resolution Fix the ValidityPeriod registry key By default, certification authority (CA) registry configuration information is located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\CA name. If the event log message states that the ValidityPeriod registry key is not valid, then you can update the registry entry with correct information. The location of this registry key is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\CA name\ValidityPeriod. Valid strings for this value are "Seconds," "Minutes," "Hours," "Days," "Weeks," "Months," and "Years." To perform this procedure, you must have membership in local Administrators, or you must have been delegated the appropriate authority. Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data. To resolve registry-related problems: 1.On the computer hosting the CA, click Start, type regedit, and press ENTER. 2.Look for the registry configuration settings listed above and correct any incorrect values. 3.Click Start, point to Administrative Tools, and click Certification Authority. 4.Right-click the CA name, and click Restart. Verify To perform this procedure, you must have Manage CA permission, or you must have been delegated the appropriate authority. To confirm the certification authority (CA) registry settings: 1.After you have finished making any changes to registry settings for the CA, click Start, point to Administrative Tools, and click Certification Authority. 2.Select the CA name, and click Restart. 3.Click Start, type 4.Type certutil -getreg ca\security and press ENTER. 5.If there are no more corrupt settings, the text -getreg command completed successfully will appear. |
Reference Links | Event ID 20 from Source Microsoft-Windows-CertificationAuthority |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.