Message

Active Directory Certificate Services is configured to use LDAP referrals to request user data from the Active Directory directory service.

Message

The {CertificateTemplateName} Certificate Template was loaded.

Fields

Message

The {CertificateTemplateName} Certificate Template requires {RequiredSignatureCount} signatures; but only {AccepedSignatureCount} were accepted.

Fields

Message

The Active Directory Certificate Services Policy contains no valid Certificate Templates.

Message

Active Directory Certificate Services detected that LDAP referrals are enabled. The current license of Windows does not allow LDAP referrals for Active Directory Certificate Services and this setting will be ignored. To disable LDAP referrals; open a command prompt window; type: certutil -setreg policy\EditFlags -EDITF_ENABLELDAPREFERRALS and press Enter and restart the CA.

Message

The Enrollee ({EnrolleeName}) has no DNS name registered in the Active Directory. The certificate cannot be generated.

Fields

Message

The Enrollee ({EnrolleeName}) has no E-Mail name registered in the Active Directory.  The E-Mail name will not be included in the certificate.

Fields

Message

The {CertificateTemplateName} Certificate Template could not be loaded.  {ErrorCode}.

Fields

Message

The certificate validity period will be shorter than the {CertificateTemplateName} Certificate Template specifies; because the template validity period is longer than the maximum certificate validity period allowed by the CA.  Consider renewing the CA certificate; reducing the template validity period; or increasing the registry validity period.

Fields

Message

Active Directory Certificate Services could not find required Active Directory information.

Message

The Active Directory containing the Certification Authority could not be contacted.

Message

Initialization failure loading information from the Active Directory containing the Certification Authority.

Message

The requested validity period is invalid. Confirm that the validity period or expiration date and time specified in the request does not extend beyond the validity period of the CA certificate; the certificate template; and the CA. The validity period of the CA can be verified by running the following commands: certutil -getreg ca\validityPeriod & certutil -getreg ca\ValdityPeriodUnits.

Message

The key archival request specified that it should not be persisted in the database. Key Archival requests must always be persisted.

Message

The Enrollee was not able to successfully authenticate to the Certificate Service.  Please check your security settings.

Message

The request was for a certificate template that is not supported by the Active Directory Certificate Services policy: {CertificateTemplateName}.

Fields

Message

The request does not contain a certificate template extension or the {RequestAttributeName} request attribute.

Fields

Message

The request specifies conflicting certificate templates: {TemplateNames}.

Fields

Message

The Active Directory connection to {OldDSHostName} has been reestablished to {NewDSHostName}.

Fields

Message

The {CertificateTemplateName} Certificate Template requires the following issuance policies that signing certificates did not include: {MissingIssuancePolicyOIDsInSigningCertificate}.

Fields

Message

Renewing a certificate with the {CertificateTemplateName} Certificate Template failed because the renewal overlap period is longer than the certificate validity period.

Fields

Message

The requester's Active Directory object is not in the current forest.  Cross forest enrollment is not enabled.  {RequesterName}  {ErrorCode}

Fields

Message

The requester's Active Directory object could not be retrieved.  {RequesterName}  {ErrorCode}

Fields

Message

Active Directory Certificate Services could not connect to the global catalog server.  {RequesterName}  {ErrorCode}

Fields

Message

An invalid OID has been detected in the EKUOIDsForVolatileRequests configuration setting. To resolve; run: 'certutil -getreg policy\EKUOIDsForVolatileRequests' to identify the invalid OID and correct it.