Collection Rule for event with source CertificationAuthority and ID 38 Rule

  • ID:  Microsoft.Windows.CertificateServices.CARole.6.2.CertSvcEvents.38
  • Description:  Certificate Services service was stopped
  • Target:  Certificate Service (2012)
  • Enabled:  On Essential Monitoring

Overridable Parameters

Parameter Name Default Value Description Override
Priority 2  
Severity 2  

Run As Profiles

Name
Default

Alert Details

Message Priority Severity
AD CS Program Resource Availability High Critical

Rule Knowledgebase

Summary

Certification authorities (CAs) need adequate system resources and operating system components to function. If a server has insufficient memory or hard disk space, or if operating system components become unavailable, attempts to start Active Directory Certificate Services (AD CS) can fail.

Causes
This rule does not contain any causes.
Resolutions

Restart the certification authority

To perform this procedure, you must have Manage CA permission, or you must have been delegated the appropriate authority.

To correct the service shutdown:

  • On the computer hosting the CA, click Start, point to Administrative Tools, and click Services.

  • Locate the Active Directory Certificate Services (AD CS) service.

  • Confirm that AD CS is not running, and then attempt to restart the service.

  • If the service does not start, restart the computer, then try to restart AD CS again.

  • If the problem is not resolved, you can use the following procedures, Create a debug log and Enable CryptoAPI 2.0 Diagnostics, to compile information that will be useful if you need to contact Microsoft Customer Service and Support.

Create a debug log

To create a debug log:

  • On the computer hosting the CA, click Start, type cmd and press ENTER.

  • Type certutil -setreg ca\debug 0xffffffe3 and press ENTER.

  • Click Start, point to Administrative Tools, and click Services.

  • Select the Active Directory Certificate Services service, and click Start.

  • When you have reproduced the issue, locate the certsrv.log file containing advanced diagnostic information in the %windir% directory.

  • When you have finished generating the diagnostics, disable debugging by opening a command prompt window.

  • Type certutil -delreg ca\debug and press ENTER.

Enable CryptoAPI 2.0 Diagnostics

To enable CryptoAPI 2.0 Diagnostics:

  • On the computer hosting the CA, click Start, point to Administrative Tools, and click Event Viewer.

  • In the console tree, expand Event Viewer, Applications and Services Logs, Microsoft, Windows, and CAPI2.

  • Right-click Operational, and click Enable Log.

  • Click Start, point to Administrative Tools, and click Services.

  • Right-click Active Directory Certificate Services, and click Restart.

External References
This rule does not contain any external references.

See Also for Active Directory Certificate Services Management Pack


Downloads for Active Directory Certificate Services Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED