| Event Id | 59 |
| Source | Microsoft-Windows-CertificationAuthority |
| Description | Active Directory Certificate Services did not start: Could not connect to the Active Directory for %1. %2. |
| Event Information | According to Microsoft : Cause : This event is logged when Active Directory Services did not start. Resolution : Enable AD CS to obtain needed startup information from Active Directory Domain Services To correct this problem: 1.Confirm network connectivity to Active Directory Domain Services (AD DS). 2.Confirm that the certification authority (CA) has necessary permissions to essential AD DS containers and objects. 3.After confirming connectivity and permissions, restart the CA. Note:To perform these procedures, you must have membership in Domain Admins, or you must have been delegated the appropriate authority. 1.Confirm an AD CS connection to AD DS To confirm an Active Directory Certificate Services (AD CS) connection to AD DS: a)On the CA, open a command prompt window. b)Typeping c)If the ping was successful, you will receive a reply similar to the following: Reply from IP_address: bytes=32 time=3ms TTL=59 Reply from IP_address: bytes=32 time=20ms TTL=59 Reply from IP_address: bytes=32 time=3ms TTL=59 Reply from IP_address: bytes=32 time=6ms TTL=59 3 d)At the command prompt, typeping e)If you can successfully connect to the domain controller by IP address but not by FQDN, this indicates a possible issue with Domain Name System (DNS) host name resolution. If you cannot successfully connect to the domain controller by IP address, this indicates a possible issue with network connectivity, firewall configuration, or Internet Protocol security (IPsec) configuration. f)Confirm permissions on essential AD DS containers and objects. 2.Confirm permissions on AD DS containers and objects To confirm that the CA has necessary permissions on AD DS containers and objects within these containers: a)On a domain controller, clickStart, point to Administrative Tools, and clickActive Directory Sites and Services. 2.ClickActive Directory Sites and Services [domainname] where [domainname] is the name of your domain. 3.On theView menu, clickShow Services Node. 4.Double-clickServices, double-clickPublic Key Services, and right-click each container listed below, or the objects listed within the container, and clickProperties. 5.On theSecurity tab, confirm the required permissions. The following are all Active Directory permissions required by a computer hosting a CA. Some of these permissions are achieved via membership in the Cert Publishers group. Restart a CA To restart a CA: 1.On the computer hosting the CA, clickStart, point to Administrative Tools, and click Certification Authority. 2.Select the CA name, and click Restart. |
| Reference Links | Event ID 59 from Source CertificationAuthority |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.