| Event Id | 23 |
| Source | Microsoft-Windows-CertificationAuthority |
| Description | Active Directory Certificate Services could not process request %1 due to an error: %2. The request was for %3. The certificate would contain an encoded length that is potentially incompatible with older enrollment software. Submit a new request using different length input data for the following field: %4 |
| Event Information | According to Microsoft: Cause : This event is logged when Active Directory Certificate Services could not process request due to an error.The certificate would contain an encoded length that is potentially incompatible with older enrollment software. Resolution : Revise the certificate request so that it contains valid certificate input data The certificate request specified in the event log message contains invalid field length data. The field length should be less than 127 bytes. To resolve this problem:**Submit a new certificate request with fields measuring less than 127 bytes for the field specified in the event log description. Note:To perform these procedures, you must have Enroll permissions for a certificate based on the certificate template. Submit a certificate request To submit a certificate request: 1.ClickStart, type mmc, and then press ENTER. 2.If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. 3.On theFile menu, clickAdd/Remove Snap-in, clickCertificates, and then clickAdd. 4.Select the user or computer account, and clickNext. 5.ClickFinish, and then clickOK. 6.In the console tree, click Certificates - Current User or Certificates (Local Computer), and then clickPersonal. 7.On the Action menu, point toAll Tasks, and then clickRequest New Certificate to start the Certificate Enrollment Wizard. Click Next. 8.Select the types of certificates that you want to request. 9.You can click Details to review additional information about each certificate. If a caution symbol appears below the certificate, you might need to provide additional information before requesting that type of certificate. Click theMore information is required to enroll for this certificate. Click here to configure message and provide the requested information, such as the location of a valid signing certificate. 10.To finish, click Enroll. Check on a pending certificate request To check on a pending certificate request: 1.Open Internet Explorer, and type the following: https://servername/certsrv, where servername is the name of the Web server running Windows Server 2008 where the certification authority (CA) you want to access is located. 2.Click View the status of a pending certificate request. 3.You will receive a message if there are no pending certificate requests. Otherwise, select the certificate request that you want to check, and then clickNext. 4.Check the pending certificate requests. If it is: a)Still pending, you must wait for the administrator of the CA to issue the certificate. To remove the certificate request, clickRemove b)Issued, you can install the certificate. Click Install this certificate. c)Denied, you need to investigate the reason and determine appropriate follow-up steps, if any. 5.When you are finished, close Internet Explorer. |
| Reference Links | Event ID 23 from Source CertificationAuthority |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.