Announcement

Collapse
No announcement yet.

ADCS PKIVIEW - errors

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ADCS PKIVIEW - errors

    server1 - domain controller - enterprise root CA.
    server2 - member server - standalone subordinate CA.
    Both run server 2008.

    Both servers are using the default CRLs. In particular, I'm looking at the LDAP points.

    On server1:
    * Can publish the CRLs - no errors.
    * if you right click on enterprise PKI, Manage AD Containers,CDP, you can view all the CRLs.
    * PKIview says "unable to download" next to the ldap point. (Checked security in ADSIEdit - everyone has read).

    On Server2:
    PKIView doesnt give any errors at all and is able to download the CRLs for the enterprise root CA (server1).

    I'm imagining some sort of security issue preventing it working [downloading the crl] on the domain controller?

    Any help appreciated. Been wondering about this one for a while.
    thanks

  • #2
    Re: ADCS PKIVIEW - errors

    Is Anonymous access enabled in IIS?

    Comment


    • #3
      Re: ADCS PKIVIEW - errors

      yes anonymous access is enabled. i notice error 110 from certutil - is it making the ldap request via IIS ? In which case is the problem with IIS rather than the CA?

      ---------------- Certificate AIA ----------------
      Failed "AIA" Time: 0
      Error retrieving URL: The system cannot open the device or file specified. 0x8007006e (WIN32/HTTP: 110)
      ldap:///CN=zat-CA1,CN=AIA,CN=Public%20Key%20Services,CN=Services, CN=Configuration,DC=zat,DC=com?cACertificate?base? objectClass=certificationAuthority

      ---------------- Certificate CDP ----------------
      Verified "Base CRL (45)" Time: 0
      [0.0] http://2008server1.zat.com/CertEnroll/zat-CA1(6).crl

      Verified "Delta CRL (45)" Time: 0
      [0.0.0] http://2008server1.zat.com/CertEnroll/zat-CA1(6)+.crl

      Failed "CDP" Time: 0
      Error retrieving URL: The system cannot open the device or file specified. 0x8007006e (WIN32/HTTP: 110)
      [0.1.0] ldap:///CN=zat-CA1(6),CN=2008server1,CN=CDP,CN=Public%20Key%20Ser vices,CN=Services,CN=Configuration,DC=zat,DC=com?d eltaRevocationList?base?objectClass=cRLDistributio nPoint

      Failed "CDP" Time: 0
      Error retrieving URL: The system cannot open the device or file specified. 0x8007006e (WIN32/HTTP: 110)
      ldap:///CN=zat-CA1(6),CN=2008server1,CN=CDP,CN=Public%20Key%20Ser vices,CN=Services,CN=Configuration,DC=zat,DC=com?c ertificateRevocationList?base?objectClass=cRLDistr ibutionPoint

      ---------------- Base CRL CDP ----------------
      OK "Delta CRL (45)" Time: 0
      [0.0] http://2008server1.zat.com/CertEnroll/zat-CA1(6)+.crl

      Failed "CDP" Time: 0
      Error retrieving URL: The system cannot open the device or file specified. 0x8007006e (WIN32/HTTP: 110)
      ldap:///CN=zat-CA1(6),CN=2008server1,CN=CDP,CN=Public%20Key%20Ser vices,CN=Services,CN=Configuration,DC=zat,DC=com?d eltaRevocationList?base?objectClass=cRLDistributio nPoint

      [*** there is no space in the word services - it seems to be a display issue in the forum ***]
      Last edited by tasdevil; 29th April 2009, 23:53.

      Comment

      Working...
      X