Collection Rule for event with source CertificationAuthority and ID 132 Rule

  • ID:  Microsoft.Windows.CertificateServices.CARole.6.2.CertSvcEvents.132
  • Description:  Certificate Services failed to decrypt
  • Target:  Certificate Service (2012)
  • Enabled:  On Essential Monitoring

Overridable Parameters

Parameter Name Default Value Description Override
Priority 2  
Severity 2  

Run As Profiles

Name
Default

Alert Details

Message Priority Severity
AD CS Certificate Request (Enrollment) Processing High Critical

Rule Knowledgebase

Summary

One of the primary functions of a certification authority (CA) is to evaluate certificate requests from clients and, if predefined criteria are met, issue certificates to those clients. In order for certificate enrollment to succeed, a number of elements must be in place before the request is submitted, including a CA with a valid CA certificate; properly configured certificate templates, client accounts, and certificate requests; and a way for the client to submit the request to the CA, have the request validated, and install the issued certificate.

Causes
This rule does not contain any causes.
Resolutions

Enable a decryption operation during certificate request processing

To perform this procedure, you must have Manage CA permission, or you must have been delegated the appropriate authority.

To identify and resolve an encryption error:

  • Check the event log on the certification authority (CA) for other event log messages related to certificate requests, such as CertificationAuthorityEvent 22. This event log message should contain the ID of the failed certificate request.

  • Click Start, point to Administrative Tools, and click Certification Authority.

  • Double-click Failed Requests.

  • Right-click the failed certificate request identified in the first step, point to All Tasks, and then click View Attributes/Extensions.

  • Click the Extensions tab, and click Certificate Template Information. Note the certificate template name.

  • Click Start, type Certtmpl.msc, and press ENTER.

  • Right-click the certificate template identified in step 5, and then click Properties

  • Click the Request Handling tab. Under Archive subject's encryption private key, clear the Use advanced symmetric algorithm to send the key to the CA check box if it is selected, and then retry the certificate enrollment.  

If these resolution steps do not resolve the problem or if the error persists, contact Microsoft Customer Service and Support. For more information, see http://go.microsoft.com/fwlink/?LinkId=89446.

External References
This rule does not contain any external references.

See Also for Active Directory Certificate Services Management Pack


Downloads for Active Directory Certificate Services Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED