| Event Id | 66 |
| Source | Microsoft-Windows-CertificationAuthority |
| Description | Active Directory Certificate Services could not publish a delta certificate revocation list (CRL) for key %1 to the following location: %2. %3.%5%6 |
| Event Information | According to Microsoft : Cause : This event is logged when Active Directory Certificate Services could not publish a delta certificate revocation list. Resolution: 1.Enable AD CS to publish a certificate revocation list Possible resolutions to this event log message include: 1.If the event log message specifies an Active Directory location that has been formatted as a Lightweight Directory Access Protocol (LDAP) address, confirm that the certification authority (CA) has Write permissions to this location. 2.Check the access control list on any file locations referenced in the event log message to confirm that the CA computer has Write permissions to those locations. 3.Follow the procedure in the "Check network connectivity" section to check network connectivity between the CA and domain controller. 4.After any network or permissions problems have been resolved, use the procedure in the "Publish a new CRL" section to publish a new CRL. 5.If you still cannot publish a new CRL, confirm that the CRL distribution point is valid by following the procedure in the "Confirm the validity of configured CRL distribution points" section. Note: To perform these procedures, you must have Manage CA permission, or you must have been delegated the appropriate authority. Confirm Active Directory CRL distribution point permissions To confirm Active Directory CRL distribution point permissions: 1.On a computer that has Active Directory management tools installed, clickStart, point toAdministrative Tools, and clickActive Directory Sites and Services. 2.On theView menu, click Show Services Node. 3.Double-clickServices, and double-clickPublic Key Services. 4.Right-clickAIA, and clickProperties. 5.Click theSecurity tab, and confirm that the CA has Write permission to this location. Confirm file location CRL distribution point permissions To confirm file location CRL distribution point permissions: 1.ClickStart, type the file share address that you are using to publish CRLs and press ENTER. 2.Right-click the file share, and clickProperties. 3.Click theSecurity tab, and confirm that the CA has Write permission to this location. Check network connectivity To determine if there is a network connectivity problem between the CA and the domain controller: 1.Open a command prompt window on the computer hosting the CA. 2.Type ping Reply from IP_address: bytes=32 time=3ms TTL=59 Reply from IP_address: bytes=32 time=3ms TTL=59 Reply from IP_address: bytes=32 time=3ms TTL=59 Reply from IP_address: bytes=32 time=3ms TTL=59 3.At the command prompt, typeping 4.If you can successfully connect to the domain controller by IP address but not by FQDN, this indicates a possible issue with Domain Name System (DNS) host name resolution. 5.If you cannot successfully connect to the domain controller by IP address, this indicates a possible issue with network connectivity. Check for and resolve any hardware problems, such as a malfunctioning network card or disconnected network cable, as well as any event log errors relating to firewall configuration Internet Protocol security (IPsec) configuration. Publish a new CRL To publish a new CRL by using the Certification Authority snap-in: 1.Click Start, point toAdministrative Tools, andclick Certification Authority. 2.Right-clickRevoked Certificates, point toAll Tasks, and then clickPublish to publish the new CRL. To publish a new CRL by using the Certutil command-line tool: 1.Open a command prompt window. 2.To publish CRLs to all configured CRL publishing locations, typecertutil -CRL and press ENTER.Replace 3.In the dialog box that appears, underRetrieve, clickCRLs (from CDP), and clickRetrieve. 4.Confirm that the status of all retrieved CRL distribution points is listed asVerified. |
| Reference Links | Event ID 66 from Source CertificationAuthority |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.