Event Id | 35 |
Source | Microsoft-Windows-OnlineResponder |
Description | Online Responder Service: For configuration %1, failed to install the enrollment response for the signing certificate template %2.%3(%4) |
Event Information | According to Microsoft : Cause : This event is logged whenfailed to install the enrollment response for the signing certificate template. Resolution : Submit an enrollment request for a properly configured signing certificate To resolve this problem: Follow the procedure in the "Enroll manually for an OCSP Response Signing certificate" section. If enrollment for an OCSP Response Signing certificate was successful but the certificate cannot be used by the Online Responder service, complete the procedure in the "Confirm access to the OCSP Response Signing certificate by NETWORK SERVICE" section. To perform these procedures, you must have membership in local Administrators, or you must have been delegated the appropriate authority. Enroll manually for an OCSP Response Signing certificate 2.If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. 3.On the File menu, click Add/Remove Snap-in, click Certificates, and then click Add. 5.Select the computer hosting the Online Responder, click Finish, and then click OK. 6.Double-click Personal, and then double-click Certificates. 7.Right-click Personal, point to All Tasks, and then click Request New Certificate to start the Certificate Request Wizard. 8.Use the wizard to complete the enrollment process. If the certificate enrollment process fails, then it may be that: There is a problem connecting to the CA. Confirm that the computer on which the Online Responder service is running can connect to a CA. The OCSP Response Signing certificate template has not been configured with Read and Enroll permissions for the computer account on which the Online Responder has been installed. Open the Certificate Templates snap-in, right-click the OCSP Response Signing certificate template, click Properties, and then click the Security tab to confirm that the computer running the Online Responder has these permissions. The OCSP Response Signing certificate template has not been properly configured for use by the CA. Click Start, point to Administrative Tools, and click Certification Authority on the CA, and click the Certificate Templates container to confirm that it contains the OCSP Response Signing template. Confirm access to the OCSP Response Signing certificate by NETWORK SERVICE To ensure that the private key for the OCSP Response Signing certificate is accessible to NETWORK SERVICE: 1.Click Start, type mmc, and then press ENTER. 2.If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. 3.On the File menu, click Add/Remove Snap-in, click Certificates, and click Add. 5.Select the computer hosting the Online Responder, click Finish, and then click OK. 6.In the console tree, double-click Certificates, double-click Personal, and click Certificates. 7.In the details pane, click OCSP Response Signing. 8.On the Actions menu, point to All Tasks, and click Manage Private Keys9.Click Add, type NETWORK SERVICE, and then click OK. 10.Ensure that only the Read permission is allowed for NETWORK SERVICE, and then click OK. 11.Restart the Online Responder service. |
Reference Links | Event ID 35 from Source Microsoft-Windows-OnlineResponder |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.