Microsoft KB Archive/280815

= Certification Authority does not publish certificate revocation list to Active Directory =

Article ID: 280815

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q280815



SYMPTOMS
An enterprise Certification Authority (CA) may not publish the certificate revocation list (CRL) to the Active Directory (AD). This may occur on a per-server basis. Note that the only direct indication of this problem is the following event entry that is made by the CA in the Application Event log:

Event Type: Error

Event Source:  CertSvc Event Category:  None Event ID:           46 Date:      08/14/2000 Time:      05:13:00 AM User:       N/A Computer:           CHAD Description: The &quot;Enterprise and Stand-alone Exit Module&quot; Exit Module &quot;Notify&quot; method returned an error. The operation could not be completed. A retry should be performed. The returned status code is 0x800704d5 (1237). The Certification Authority was unable to publish the CRL to the Directory Service. Publishing will be retried at a later time. Access is denied. (0x80070005)



CAUSE
This problem can occur if the CA caches a damaged LDAP handle to the DC that was the LDAP distribution-point URL target. Initially, the CA connected to the CRL distribution point, and then cached that LDAP handle. If the DC then unexpectedly becomes unavailable, the CA was left with a cached LDAP handle, and this cached handle is invalid when the DC becomes available again. As a result of this, CRL publication requests are denied.



RESOLUTION
To work around this problem:
 * 1) Force the CA to flush the bad handle to cause a new binding to be established. Note that you can usually work around this problem if you stop and then restart the Certificate services on the affected CA.
 * 2) Manually publish the CRL after you restart the service.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbnetwork kbprb KB280815

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.