Event ID - 9

Event Id9
SourceHRA
DescriptionThe Health Registration Authority was unable to acquire a certificate for request with the correlation-id %1 at %2 (principal: %3). Discarding the request. The Certificate Server %4 denied the request with the following error: %5 (%6). See the Certificate Server administrator for more information.
Event Information According to Microsoft :

Cause :

This event is logged when the Health Registration Authority was unable to acquire a certificate for request with the correlation-id.

Resolution :

Grant HRA permission to request, issue, and manage certificates

This error condition indicates that HRA was successful in submitting a certificate request to the CA server, but did not acquire a certificate. This might be caused by HRA not being granted permissions required to request, issue, and manage health certificates.

If your HRA and NAP CA are running on the same computer, Network Service must be granted permission to request, issue, and manage certificates. If your HRA and NAP CA are running on different computers, these permissions must be granted to the computer name for your HRA server.

To perform this procedure, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.
To grant these permissions to HRA:
  1. On the computer where HRA is installed, click Start , click Run , type hcscfg.msc , and then press ENTER.
  2. Right-click the common name for your CA, and then click Properties .
  3. Click the Security tab, and then click Add .
  4. If HRA is running on the CA server, under Enter the object names to select , type Network Service , and then click OK .
  5. If HRA is running on a server other than the CA server, click Object Types , select the Computers check box, and then click OK . Under Enter the object names to select , type the DNS name of your HRA server, and then click OK .
  6. Click the name of your HRA server, or click NETWORK SERVICE , and for Issue and Manage Certificates and Request Certificates , select Allow .
  7. Click OK , and then close the Certification Authority console.
Note: To enable HRA to remove expired records from the CA database, for Manage CA , select Allow .

Verify

To perform this procedure, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.

To verify that the CA servers are responding, and that AD CS and HRA are configured to issue health certificates:
  1. On the computer where HRA is installed, click Start , click Run , type hcscfg.msc , and then press ENTER.
  2. In the console tree, click Issued Certificates .
  3. In the details pane, under Certificate Effective Date , confirm that health certificates are being issued with a current date.
  4. In the console tree, click Failed Requests .
  5. In the details pane, under Request Submission Date , confirm that there are no failed health certificate requests displayed with a current date.
  6. In the console tree, click Pending Requests .
  7. In the details pane, under Request Submission Date , confirm that there are no pending health certificate requests displayed with a current date.
To verify that HRA is successfully removing expired records from the CA database:
  1. On the computer where AD CS is installed, click Start , and then click Command Prompt .
  2. In the command window, type reg query hklm\software\microsoft\hcs , and then press ENTER.
  3. In the command output, record the value of CertDBCleanupInterval . This is the time interval, in seconds, used by HRA to remove expired records from the CA database. The value is expressed in hexadecimal notation, and by default is set to 0x12c , which corresponds to 300 seconds.
  4. Click Start , click Run , type certsrv.msc , and then press ENTER.
  5. In the Certification Authority console tree, click Issued Certificates .
  6. In the details pane, under Certificate Expiration Date , verify that no certificates have been expired for longer than the value of CertDBCleanupInterval .
Reference LinksEvent ID 9 from HRA

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.