Certification Authority üzerinde hiç bir alan görüntülenemiyor ve özelliklerini açarken “Access is Denied” Error alınıyor

  • Article

Certification Authority üzerinde hiç bir alan görüntülenemiyor ve özelliklerini açarken “Access is Denied” Error aliniyor . Bu durumda ayrica application event loglarda asagidaki event ler görünüyor olabilir .

Event Type: Error

Event Source: CertSvc

Event Category: None

Event ID: 100

Date:  2/23/2011

Time:  9:54:36 AM

User:  N/A

Computer: NACA

Description:

Certificate Services did not start: Could not load or verify the current CA certificate.  NACA The certificate is revoked. 0x80092010 (-2146885616).

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.

 

Event Type: Error

Event Source: CertSvc

Event Category: None

Event ID: 51

Date:  2/23/2011

Time:  9:54:36 AM

User:  N/A

Computer: NACA

Description:

A certificate in the chain for CA certificate 2 for NACAhas been revoked.  The certificate is revoked. 0x80092010 (-2146885616).

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.

 

A certificate in the chain for CA certificate 1 for NACA has expired.  A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.

 

 

Event Type: Information

Event Source: CertSvc

Event Category: None

Event ID: 58

Date:  2/23/2011

Time:  9:54:36 AM

User:  N/A

Computer: NACA

Description:

A certificate in the chain for CA certificate 1 for NACA has expired.  A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.

 

 

in the system event logs there are bunch of the following events :

Event Type: Error

Event Source: DCOM

Event Category: None

Event ID: 10016

Date:  2/28/2011

Time:  9:11:36 AM

User:  S-1-5-21-1758771056-4057046010-2673532694-4711

Computer: NACA

Description:

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

{D99E6E73-FC88-11D0-B498-00A0C90312F3}

to the user domain\username SID (S-1-5-21-1758771056-4057046010-2673532694-4711).  This security permission can be modified using the Component Services administrative tool.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp

 

 

Bu sorunun nedeni Issuing CA server ‘in sertifikasinin revoke edilmesi fakat bu sertifikanin thumprint’inin registry de asagidaki key de hala bulunmasidir

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CA Name>\CACertHash

Ben bu sorunla bir müsterimizde karsilastigimda önce Local Computer sertifikalari kontrol ettim. Burada bulunan CA certifikasinin thumbprint I

e3 7b 04 39 c0 6f eb 51 ff ce 11 00 87 2b 5b 61 ce a7 e7 a5 idi

Fakat HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CA Name>\CACertHash registry kaydinda  asagidaki thumbprint ler mevcut idi

e3 7b 04 39 c0 6f eb 51 ff ce 11 00 87 2b 5b 61 ce a7 e7 a5

4f 20 5a 79 48 4e 08 8c a9 91 94 7b 34 04 61 a0 06 20 4c 0d

b5 bd 8a d5 ad 2c ff 77 4b 12 79 ac 48 94 7c 33 1c 65 54 6d

Bu alandan e3 7b 04 39 c0 6f eb 51 ff ce 11 00 87 2b 5b 61 ce a7 e7 a5  hariç digerleri ( revoke edilmis olanlar) silinip CA servisi yeniden baslatildiginda sorun çözümlendi ve artik hem alanlar görüntülendi hem de CA özellikleri açilabildi.