Home
Products
Updates
Logs
Bugs
Files
Sign In Create an Account
Recent Search Results
No Search results are currently available to display.

Your last search results will be displayed here for the duration of your browser session.

Log ReportPrint
Template Windows Event Log
Log Name System
Type Error
Source Service Control Manager Eventlog Provider
Event ID 7024
Average Threat Rating
Add Your Encounter Hide Encounters without Resolutions
joverland
Posts: 41

4/26/2011
Revision 3
Threat Rating:

Contains Resolution:
The Active Directory Certificate Service could not verify the CRL and would not start. We were ablet to get the service started by following Method 2 of this KB: http://support.microsoft.com/kb/825061

Method 2: Modify the LogLevel Registry Value
If this CA is an offline CA and has no access to the network to obtain the CRL, set the LogLevel registry value to 2. This registry change permits the CA to start by ignoring the revocation offline error. To set the LogLevel registry value, follow these steps:

Click Start, click Run, type cmd in the Open box, and then click OK.

Type the following command, and then press ENTER:

certutil.exe -setreg CA\LogLevel 2

The following results are returned:
<myCA>\LogLevel:

Old Value:
  LogLevel REG_DWORD = 3 (3)

New Value:
  LogLevel REG_ DWORD = 2 (2)

Restart the Certificate Services service. To do so, type the following commands (press ENTER after each command):

net stop certsvc
net start certsvc

After starting the service we could see that the Root CA CRLs had expired.  We have them on a 180 day interval and had not updated them.



Peer Reviews (0)

No reviews have been post for this Encounter

Post a Peer Review: