Collection Rule for event with source OnlineResponder and ID 29 Rule

  • ID:  Microsoft.Windows.CertificateServices.CARole.6.3.OCSPEvents.29
  • Description:  Online Responder service configuration problem.
  • Target:  Certificate Service (2012 R2)
  • Enabled:  On Essential Monitoring

Run As Profiles

Name
Default

Rule Knowledgebase

Summary

The status and functioning of the Microsoft Online Responder service has dependencies on numerous features and components, including the ability to access timely certificate revocation data, the validity of the certification authority (CA) certificate and chain, and overall system response and availability.

Causes
This rule does not contain any causes.
Resolutions

Correct revocation configuration problems

When the Online Responder service encounters an error while attempting to load its configuration, this can indicate that the revocation configuration has been corrupted. To correct this:

  • Follow the procedure in the "Create a valid revocation configuration" section.

  • If this does not resolve the problem, follow the procedure in the "Delete a revocation configuration from the registry" section, and then follow the procedure in the "Create a valid revocation configuration" section again.

  • If the corrupted revocation configuration occurs on the member of an Array, delete the revocation configuration by using the procedure in the "Delete a revocation configuration from the registry" section, and then use the procedure in the "Synchronize members with an Array controller" section to re-create the revocation configuration.

  • If the corrupted configuration occurs on an Array controller, you need follow the procedure in the "Designate an Array controller" section to designate a different Online Responder as the Array controller. Then the restored revocation configuration can be synchronized with the new Array controller.

To perform these procedures, you must have membership in local Administrators, or you must have been delegated the appropriate authority.

Create a valid revocation configuration

To create a valid revocation configuration:

  • Click Start, point to Administrative Tools, and click Online Responder.

  • In the details pane, right-click the revocation configuration identified in the event, and click Delete.

  • In the console tree, click Revocation Configuration.

  • In the Actions pane on the right, click Add Revocation Configuration to start the Add Revocation Configuration Wizard.

  • Provide the information requested in the wizard, and then click Finish and Yes to complete the setup process.

If you cannot access the revocation configuration by using the Online Responder snap-in, you need to delete this information directly from the registry.

Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.

Delete a revocation configuration from the registry

To delete a revocation configuration from the registry:

  • On the Online Responder, click Start, type regedit, and then press ENTER.

  • Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OCSPSvc\Responder.

  • Delete the corrupted revocation configuration.

Synchronize members with an Array controller

To synchronize members with an Array controller:

  • On the Online Responder, Start, point to Administrative Tools, and click Online Responder.

  • In the console tree, click Array Configuration Members.

  • In the Actions pane, click Synchronize Responder Configuration.

If the corrupted configuration occurs on an Array controller, you can temporarily make another computer the Array controller, synchronize the Array, and then reset the original computer to be the Array controller.

Designate an Array controller

To designate an Array controller:

  • Click Start, point to Administrative Tools, and then click Online Responder.

  • In the console tree, click Array ConfigurationMembers.

  • Select the Online Responder that you want to designate as the Array controller.

  • In the Actions pane, click Set as Array Controller.

  • Synchronize the Array member with the corrupt configuration, and then reset the updated Array member as the Array controller.

If the problem persists, contact Microsoft Customer Service and Support.

External References
This rule does not contain any external references.

See Also for Active Directory Certificate Services Management Pack


Downloads for Active Directory Certificate Services Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED