| Event Id | 64 |
| Source | Microsoft-Windows-CertificationAuthority |
| Description | Active Directory Certificate Services cannot publish enrollment access changes to Active Directory. |
| Event Information | According to Microsoft : Cause : This event is logged when Active Directory Certificate Services cannot publish enrollment access changes to Active Directory. Resolution : Enable AD CS enrollment access changes to be published to a domain controller To fix publishing failures from Active Directory Certificate Services (AD CS) to Active Directory Domain Services (AD DS): 1.Confirm the CAs connectiion to a domain controller. 2.Confirm that the certification authority (CA) has necessary permissions to essential AD DS containers and objects, which will allow enrollment configuration changes to be published. Note:To perform these procedures, you must have membership inDomain Admins, or you must have been delegated the appropriate authority. 1.Confirm a CAs connection to a domain controller To confirm a CAs connection to a domain controller: 1.On the CA, open a command prompt window. 2.Typeping 3.If the ping was successful, you will receive a reply similar to the following: Reply from IP_address: bytes=32 time=3ms TTL=59 Reply from IP_address: bytes=32 time=20ms TTL=59 Reply from IP_address: bytes=32 time=3ms TTL=59 Reply from IP_address: bytes=32 time=6ms TTL=59 3 4.At the command prompt, type ping 5.If you can successfully connect to the domain controller by IP address but not by FQDN, this indicates a possible issue with Domain Name System (DNS) host name resolution. If you cannot successfully connect to the domain controller by IP address, this indicates a possible issue with network connectivity, firewall configuration, or Internet Protocol security (IPsec) configuration. Confirm permissions on essential AD DS containers and objects To confirm that the CA has necessary permissions on AD DS containers and objects within these containers: 1.On a domain controller, clickStart, point toAdministrative Tools, and clickActive Directory Sites and Services. 2.Click Active Directory Sites and Services [domainname]where [domainname] is the name of your domain. 3.On theView menu, click Show Services Node. 4.Double-clickServices, double-clickPublic Key Services, and right-click each container listed below, or the objects listed within the container, and clickProperties. 5.On theSecurity tab, confirm the required permissions. |
| Reference Links | Event ID 64 from Source CertificationAuthority |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.