| Event Id | 62 |
| Source | Microsoft-Windows-CertificationAuthority |
| Description | Active Directory Certificate Services could not publish a base certificate revocation list (CRL) for key %1 to the following location: %2. %3.%5%6 |
| Event Information | According to Microsoft : Cause : This event is logged when Active Directory Certificate Services had problems loading valid certificate revocation list (CRL) publication values and has reset the CRL publication interval to its default settings. Resolution : Configure AD CS to use user-specified CRL publication values Active Directory Certificate Services (AD CS) is running but is using default certificate revocation list (CRL) publication period settings instead of the user-specified values. To fix this error: *Check and, if necessary, correct CRL publication settings. *If necessary, modify CRL registry keys. Check and correct CRL publication settings Note: To perform this procedure, you must have Manage CA permission, or you must have been delegated the appropriate authority. To check and fix correct publication settings: 1.On the computer hosting the CA, clickStart, point to Administrative Tools, and clickCertification Authority. 2.Right-click Revoked Certificates, and clickProperties. 3.Note the listed CRL and delta CRL publication intervals. 4.If one of the settings is not valid, use the procedure "Modify CRL registry settings" to configure a valid setting. To use the Certutil command-line tool to determine the configured CRL publication settings: 1.On the computer hosting the CA, clickStart, typecmd and press ENTER. 2.Type certutil -getreg ca\crlperiod* and press ENTER, and then typecertutil -getreg ca\crldeltaperiod* and press ENTER. 3.If one of these settings is not valid, use the following procedure to configure a valid setting. Modify CRL registry keys Note: To perform this procedure, you must have membership in local Administrators, or you must have been delegated the appropriate authority. To set valid registry keys: Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data. 1.On the computer hosting the CA, clickStart, typeregedit, and then press ENTER. 2.Go toHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\ Configuration\CA name. 3.Enter valid registry values forCRLPeriod andCRLDeltaPeriod. Valid values areYears, Months, Weeks, Days, or Hours. 4.Enter valid registry values forCRLPeriodUnits and CRLDeltaPeriodUnits. Valid values are integers (1, 15, or 31, for example). |
| Reference Links | Event ID 62 from Source CertificationAuthority |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.