Collection Rule for event with source CertificationAuthority and ID 77 Rule

  • ID:  Microsoft.Windows.CertificateServices.CARole.6.2.CertSvcEvents.77
  • Description:  The policy module encountered a warning.
  • Target:  Certificate Service (2012)
  • Enabled:  On Essential Monitoring

Run As Profiles

Name
Default

Rule Knowledgebase

Summary

The policy module contains the set of rules governing issuance, renewal, and revocation of certificates. This policy is created from hard-coded values, registry settings, and, if you are using an enterprise certification authority (CA), certificate templates. The policy module determines whether a certificate request is approved, denied, or marked as pending for an administrator to approve or deny. Problems detected with a policy module can cause a CA to fail to start or to cease functioning.

Causes
This rule does not contain any causes.
Resolutions

Address policy module processing warnings

To determine how to fix this error condition, examine the error code reported in the event log message.

The event log message can include the following codes:

  • MSG_SIGNATURE_COUNT

  • MSG_DS_RECONNECTED

  • MSG_LOAD_TEMPLATE

Depending on the specific error message, use the following procedures to resolve problems with these policy module warnings:

MSG_SIGNATURE_COUNT

The certificate template named in the event description has been configured to require one or more authorized signatures on the certificate request. This issuance policy requirement was not met. Use the procedure Resolve signature count issues  to correct this problem.

MSG_DS_RECONNECTED

Certificate Services has re-connected to Active Directory at the network location specified in the event description. No action is needed.

MSG_LOAD_TEMPLATE

The certificate template named in the event description could not be loaded. This error can occur if a certificate template was removed from Active Directory Domain Services (AD DS) but one or more certification authorities (CAs) are still configured to issue certificates by using that template. Use the procedure Resolve certificate template loading issues  to resolve this error. 

To perform these procedures, you must have Manage CA permission, or you must have been delegated the appropriate authority.

Resolve signature count issues

To resolve signature count issues, you can either:

  • Make sure the enrollment request is signed with a sufficient number of authorized signatures before resubmitting the request. You may need to issue additional enrollment agent certificates or locate users who have been issued enrollment agent responsibilities and ask them to complete this task.

  • Alternately, you can modify the certificate template so that it requires fewer authorized signatures.

To modify certificate template signature requirements:

  • On the computer hosting the CA, click Start, type certtmpl.msc, and then press ENTER.

  • In the details pane, right-click the certificate template that you want to change, and then click Properties.

  • Click the Issuance Requirements tab. Modify the number to next to This number of authorized signatures, or remove the check box next to this setting if you want to disable the signature requirement completely. Click OK.

Resolve certificate template loading issues 

Resolve certificate template loading issues:   

  • On the CA that logged the event, click Start, point to Administrative Tools, and click Certification Authority . 

  • Right-click the template within the Certificate Templates container, and click Delete.

  • If the problem involves a misconfigured certificate template, open the Certificate Templates snap-in, right-click the certificate template identified in the error message, check all configuration settings, and fix the settings that have been configured incorrectly.

If there is a problem with a policy module and these warnings cannot be resolved by addressing related symptoms:

  • For a non-Microsoft policy module, contact the policy module provider for assistance.

  • For a Microsoft policy module, contact Microsoft Customer Service and Support. For more information, see http://go.microsoft.com/fwlink/?LinkId=89446.

External References
This rule does not contain any external references.

See Also for Active Directory Certificate Services Management Pack


Downloads for Active Directory Certificate Services Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED