Event Id | 5 |
Source | Microsoft-Windows-CertificationAuthority |
Description | Active Directory Certificate Services could not find required registry information. The certification authority may need to be reinstalled. |
Event Information | According to Microsoft : Cause This event is logged when Active Directory Certificate Services could not find required registry information Resolution Correct CA-related registry values By default, certification authority (CA) registry configuration information is located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\CA name. The event log message may contain more specific information that can help you locate the exact location in this hive where the problem exists, such as the following: The signature algorithm in this registry value is unrecognized:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\CA name\SignatureAlgorithm. The Certificate Date Validity Period string in this registry value is invalid:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\CA name\ValidityPeriod.Valid strings for this value are "Seconds," "Minutes," "Hours," "Days," "Weeks," "Months," and "Years." The Certificate Revocation List Period stringin this registry value is invalid:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\CA name\CRLPeriod.Valid strings for this value are "Seconds," "Minutes," "Hours," "Days," "Weeks," "Months," and "Years." The Subject Name Template string in this registry value is invalid:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\CA name\SubjectTemplate. Unable to get information about the cryptographic service provider (CSP): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\CA name\CSP\Provider. An example of a valid SubjectTemplate string is: CommonName OrganizationalUnit Organization Locality State Country To perform this procedure, you must have local Admin permission, or you must have been delegated the appropriate authority. Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data. To resolve registry-related problems: 1.On the computer hosting the CA, click Start, type regedit, and press ENTER. 2.Look for the registry configuration settings listed above and correct any incorrect values. 3.Click Start, point to Administrative Tools, and click Certification Authority. 4.Right-click the CA name, and click Restart. Verify To perform this procedure, you must have Manage CA permission, or you must have been delegated the appropriate authority. To confirm the certification authority (CA) registry settings: 1.After you have finished making any changes to registry settings for the CA, click Start, point to Administrative Tools, and click Certification Authority. 2.Select the CA name, and click Restart. 3.Click Start, type 4.Type certutil -getreg ca\security and press ENTER. 5.If there are no more corrupt settings, the text -getreg command completed successfully will appear. |
Reference Links | Event ID 5 from Source Microsoft-Windows-CertificationAuthority |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.