Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Cannot issue a certificate because revocation server is offline.

514 views
Skip to first unread message

David

unread,
Jun 3, 2005, 9:38:02 PM6/3/05
to
I have offline CA Root. We have a one domain. Currently 5 domain controllers
(two of them are IAS/RADIUS servers).

When adding a new domain controller, I get Event ID:13, Source:
AutoEnrollment, "Automatic Certificate enrollment for local server failed to
enroll one Domain Controller certificate (0x80092013). The revocation
function was unable to check revocation server because revocation server was
offline."

I went to offline CA Serve, published a new crl, moved it to a domain
computer and published it successfully to the AD. I stopped and restarted
my issuing CA.
Both my Root CA CRL appears in /Configuration/Services/Public Key Services/
CDP/<Root-CA-SERVER-NAME>/<Root CA> as does my Issuing CA CRL.

I still get same error.

What mechanism is telling issuing CA that revocation server is offline?
How can I fix this since CA Root server is offline?

Rich Raffenetti

unread,
Jun 4, 2005, 12:27:04 AM6/4/05
to
I suggest getting the pkiview tool to check the health of your PKI. This
tells you about the accessibility of the CA chain elements. It's in one of
the resource kit tools bundles. You can download the bundle from MS. See
the following link:

http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

"David" <Da...@discussions.microsoft.com> wrote in message
news:DD56B1DB-A3EF-4131...@microsoft.com...

David

unread,
Jun 6, 2005, 2:57:03 PM6/6/05
to
Thanks, Rich.

You answered my question.
Using PKIVIEW i was able to determine which the loaction of the CDP that was
not accessible and fix it!.

0 new messages