Event ID - 60

Event Id60
SourceMicrosoft-Windows-CertificationAuthority
DescriptionActive Directory Certificate Services refused to process an extremely long request from %1. This may indicate a denial-of-service attack. If the request was rejected in error, modify the MaxIncomingMessageSize registry parameter via certutil -setreg CA\MaxIncomingMessageSize .Unless verbose logging is enabled, this error will not be logged again for 20 minutes.
Event InformationAccording to Microsoft :

Cause

This event is logged when Active Directory Certificate Services Active Directory Certificate Services refused to process an extremely long request .

Resolution

Address an attempt to submit a long certificate request.

Extremely long certificate requests can represent an attempt to launch a denial-of-service attack.

The source should be identified in the event log message. You should also review information about all failed certificate requests to detect whether there have been other unusual certificate requests.

To address this potential problem:
  • Review failed certificate requests to determine whether or not the failed request is from a known or trusted source.
  • If the request was rejected in error, modify the MaxIncomingMessageSize setting in the registry to allow larger certificate requests.
  • If the request was not rejected in error, identify the source of the request and prevent requests from being submitted from that source.
To perform these procedures, you must have membership in local Administrators, or you must have been delegated the appropriate authority.

Review failed certificate requests

To review failed certificate requests:
  1. COn the computer hosting the CA, click Start , point to Administrative Tools , and click Certification Authority .
  2. Examine the failed requests contained in the Failed Requests folder and determine wether it came from a trusted source.
  3. You can also open a command prompt window and run the following command: certutil -view LogFail .
  4. If the request was from a legitimate source but rejected because it was too large, you can increase the maximum message size using the following procedure, or have the certificate requester submit a new certificate request.
Modify maximum message size

The default maximum message size setting is 10,000 bytes. If during your review of failed certificate requests in the previous procedure you detect legitimate certificate requests that were rejected because they exceeded this value, consider increasing this registry setting to a value that will allow similar requests to succeed.

To modify the maximum message size:

Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.
  1. On the computer hosting the CA, click Start , type cmd and press ENTER.
  2. Type certutil -setreg CA\MaxIncomingMessageSize and press ENTER.
Verify :

To perform this procedure, you must have membership in local Administrators on the computer hosting the certification authority (CA), or you must have been delegated the appropriate authority.

To confirm that the CA logon context is correct:
  1. On the computer hosting the CA, click Start , point to Administrative Tools , and click Services .
  2. Confirm that the word Started appears in the Status belong for the Active Directory Certificate Services service.
Reference LinksEvent ID 60 from Source Microsoft-Windows-CertificationAuthority

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh