Event Id | 67 |
Source | Microsoft-Windows-CertificationAuthority |
Description | Active Directory Certificate Services made %1 attempts to publish a certificate revocation list (CRL) and will not attempt to publish a CRL until the next CRL is generated. |
Event Information | Formatted as a Lightweight Directory Access Protocol (LDAP) address, use the procedure "Confirm Active Directory CRL distribution point permissions" to check that the CA has Write permissions to this location. 6.If you are using custom network locations as CRL distribution points, confirm that the computer hosting the CA has Write access to the drive that contains the operating system on the other computer. To determine the configured CRL distribution points from the command line: 1.Open a command prompt window on the CA. 2.Type certutil -getreg ca\crlpublicationurls and press ENTER. Confirm Active Directory CRL distribution point permissions To confirm Active Directory CRL distribution point permissions: To confirm Active Directory CRL distribution point permissions: 1.On a compuater that has Active Directory management tools installed, clickStart, point to Administrative Tools, and click Active Directory Sites and Services. 2.On theView menu, click Show Services Node. 3.Double-click Services, and double-clickPublic Key Services. 4.Right-clickAIA, and clickProperties. 5.Click theSecurity tab, and confirm that the CA has Write permission to this location. Confirm network connectivity To determine if there is a network connectivity problem between the CA and a domain controller: 1.On the CA, clickStart, typecmd and press ENTER. 2.Type ping 3.Click the Extensions tab. Note the CRL distribution points for which thePublish CRLs to this location check box is selected. 4.If a CRL publication location is not valid, replace it with a valid path. 5.If the event log message specifies an Active Directory location that has been formatted as a Lightweight Directory Access Protocol (LDAP) address, use the procedure "Confirm Active Directory CRL distribution point permissions" to check that the CA has Write permissions to this location. 6.If you are using custom network locations as CRL distribution points, confirm that the computer hosting the CA has Write access to the drive that contains the operating system on the other computer. To determine the configured CRL distribution points from the command line: 1.Open a command prompt window on the CA. 2.Type certutil -getreg ca\crlpublicationurls and press ENTER. Confirm Active Directory CRL distribution point permissions To confirm Active Directory CRL distribution point permissions: 1.On a compuater that has Active Directory management tools installed, clickStart, point toAdministrative Tools, and click Active Directory Sites and Services. 2.On the View menu, clickShow Services Node. 3.Double-clickServices, and double-clickPublic Key Services. 4.Right-click AIA, and clickProperties. 5.Click theSecurity tab, and confirm that the CA has Write permission to this location. Confirm network connectivity To determine if there is a network connectivity problem between the CA and a domain controller: 1.On the CA, click Start, type cmd and press ENTER. 2.Typeping 3.If you can connect to the domain controller, you will receive a reply similar to the following: Reply from IP_address: bytes=32 time=3ms TTL=59 Reply from IP_address: bytes=32 time=3ms TTL=59 Reply from IP_address: bytes=32 time=3ms TTL=59 Reply from IP_address: bytes=32 time=3ms TTL=59 4.At the command prompt, typeping 5.If you can connect to the domain controller by IP address but not by FQDN, this indicates a possible issue with Domain Name System (DNS) host name resolution. 6.If you cannot successfully connect to the domain controller by IP address, this indicates a possible issue with network connectivity. 7.Check for and resolve any hardware problems, such as a malfunctioning network card or disconnected network cable, as well as any event log errors relating to firewall configuration Internet Protocol security (IPsec) configuration. 8.Repeat this procedure for any CRL distribution points that are not domain controllers. |
Reference Links | Event ID 67 from Source CertificationAuthority |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.