Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 53 Source: CertSvc

Source
Level
Description
Certificate Services denied request 856 because Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. 0x80070547 (WIN32: 1351). The request was for (Unknown Subject). Additional information: Denied by Policy Module
Comments
 
When requesting a certificate via Netscape or Firefox the CA refused to issue the certificate with a warning 53 from CertSvc. The problem is described in the Windows Server 2003 PKI Operations Guide: “The following configuration change must be made to a Windows Server 2003 CA to permit Netscape 6.2.2 and later browsers to perform enrollment through the Web enrollment pages. To enable the parsing of request attributes for subject information, which is required for Netscape browser enrollment, use the following command:
certutil -setreg ca\CRLFlags +CRLF_ALLOW_REQUEST_ATTRIBUTE_SUBJECT “. This helped me to resolve the problem. See the link to “Windows Server 2003 PKI Operations Guide” to read the article.
See ME932457 for resolutions appropriate for three different situations.

The Windows Server 2003 SP1 installation process creates a new CERTSVC_DCOM_ACCESS security group. This problem occurs if the membership of the CERTSVC_DCOM_ACCESS group is configured incorrectly. See ME927066 to solve this problem.
If a user tries to enroll for certificates from a Windows Server 2003 Enterprise Edition certification authority (CA) and the Include e-mail name in subject name option is selected on the template, the user cannot enroll.This problem occurs because the e-mail address is not defined in the Active Directory account of the user who is trying to enroll. The LDAP mail attribute is missing from the Active Directory user account. There are several Microsoft articles with information about this event: ME239452, ME281260, ME281271, ME283218, ME305196 and ME330238.

"Configuring and Troubleshooting Windows 2000 and Windows Server 2003 Certificate Services Web Enrollment" and "Key Archival and Management in Windows Server 2003" also provide information on this event.
This also occurs if, although the CRL does exist and is accessible, it is out of date (for example, it is published on a web site). The publication interval of the CRL has expired, and therefore the CA is unable to validate the revocation list. Publish the CRL again so the publication interval is updated to a date in the (near) future. This can happen in a root-subordinate-issuing chain of CAs, when (one of) the CRLs of the offline root/subordinate CA have expired.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...