Event ID - 80

Event Id80
SourceMicrosoft-Windows-CertificationAuthority
DescriptionActive Directory Certificate Services could not publish a certificate for request %1 to the following location on server %4: %2. %3.%5%6
Event Information According to Microsoft :

Cause :

This event is logged when the Active Directory Certificate Services could not publish a certificate for request to the location on server.

Resolution :

Enable publication of an end-entity certificate

In order to publish a certificate you need network connectivity and network permissions. To resolve this issue:
  • Confirm that you have network connectivity between the client and certification authority (CA).
  • Confirm that the CA has Read and Write permissions on the userCertificate attribute of the user or computer object of the entity requesting the certificate.
  • If you have more than one domain or a two-level (parent/child) domain hierarchy, you need to allow the Cert Publishers group from one domain (domain A) Read and Write permissions on the userCertificate attribute in another domain (domain B). To do this, follow the procedure in the "Correct cross-domain permission errors" section.
  • Publish the certificate.
To perform these procedures, you must have Manage CA permission, or you must have been delegated the appropriate authority.

Confirm network connectivity between a client and a CA

To confirm a client connection to a CA:
  1. On the client, click Start , type cmd and press ENTER.
  2. Type ping , where is the fully qualified domain name (FQDN) of the CA (for example, server1.contoso.com), and then press ENTER.
  3. If the ping was successful, you will receive a reply similar to the following:

    Reply from IP_address: bytes=32 time=3ms TTL=59

    Reply from IP_address: bytes=32 time=20ms TTL=59

    Reply from IP_address: bytes=32 time=3ms TTL=59

    Reply from IP_address: bytes=32 time=6ms TTL=59 3

  4. At the command prompt, type ping , where is the IP address of the CA, and then press ENTER.
  5. If you can successfully connect to the CA by IP address but not by FQDN, this indicates a possible issue with Domain Name System (DNS) host name resolution. If you cannot successfully connect to the CA by IP address, this indicates a possible issue with network connectivity, firewall configuration, or Internet Protocol security (IPsec) configuration.
Confirm permissions on the Domain Computers and Domain Users containers in Active Directory

To confirm that the CA has necessary permissions on the Domain Computers and Domain Users containers:
  1. Click Start , point to Administrative Tools , and click Active Directory Sites and Services .
  2. On the View menu, click Show Services Node .
  3. Double-click Services , double-click Public Key Services , right-click Domain Computers , and click Properties .
  4. On the Security tab, confirm that the Cert Publishers group has Read and Write permissions.
  5. Right-click Domain Users , and click Properties .
  6. On the Security tab, confirm that the Cert Publishers group has Read and Write permissions.
Correct cross-domain permissions errors

To set these permissions by using use the Dsacls tool:
  • Click Start, type cmd and press ENTER, then run the following commands:
dsacls "dc=,dc=,dc=" /I:S /G "\Cert Publishers":RP;userCertificate,user

dsacls "dc=,dc=,dc=" /I:S /G "\Cert Publishers":WP;userCertificate,user

dsacls "cn=,cn=system,dc=,dc=" /I:S /G \Cert Publishers":RP;userCertificate,user

dsacls "cn=,cn=system,dc=,dc=,dc=" /I:S /G "\Cert Publishers":WP;userCertificate,user


Substitute the correct names from your organization for the and placeholders in the example.

Publish a certificate

To publish a certificate:
  1. On the computer hosting the CA, click Start , type cmd and press ENTER.
  2. Type ping where is the IP address of a domain controller and press ENTER to confirm that you have a network connection.If you do not have a network connection, fix the problem and try again.
  3. At a command prompt, type certutil -dspublish ldap:/// and press ENTER. is a certificate file exported by using the Certificate Export Wizard.
  4. If you have connectivity but still cannot publish the certificate, use Active Directory Users and Computers to confirm that the computer hosting the CA has Read and Write permissions to the userCertificate attribute of the user or computer object. (This is generally by membership in the Cert Publishers group).
Verify :

To perform this procedure, you must have permission to request a certificate.

To confirm that certificate request processing is working properly:
  1. Click Start , type certmgr.msc , and then press ENTER.
  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue .
  3. In the console tree, double-click Personal , and then click Certificates .
  4. On the Action menu, point to All Tasks , and click Request New Certificate to start the Certificate Enrollment wizard.
  5. Use the wizard to create and submit a certificate request for any type of certificate that is available.
  6. Under Certificate Installation Results , confirm that the enrollment completes successfully and no errors are reported. You can also click Details to view additional information about the certificate.
Reference LinksEvent ID 80 from Source Microsoft-Windows-CertificationAuthority

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.