I am having the same issue with Windows Server 2022. However, this started to happen after I installed the CA. All the settings are default. I have not modified any settings. In the past, I never had this issue with just defaulted settings. What do I need to do to resolve this?
Could not retrieve an OCSP response.
Hi,
We have 1 MS 2022 CA server, and have noticed on our DC`s the following error message
EventID 36928
Source Schannel
Could not retrieve an OCSP response.
The Failure Reason is: REASON_OCSP_RESPONSE_RETRIEVAL_ERROR
The OCSP Url is:
The previous OCSP response contained the following times:
ThisUpdate: 1601-01-01T00:00:00.000000000Z
NextUpdate: 1601-01-01T00:00:00.000000000Z
The attached data contains the certificate.
We don't have a OCSP installed, so why does this error message ? And as I understand we do not need any OCSP either. We only publish internal machine certificates so the machines can connect to the Wifi.
Please advice.
Thanks for any reply
/R
Andy
7 answers
Sort by: Most helpful
-
-
Michael Maher 42 Reputation points
2023-09-14T10:24:40.0933333+00:00 I was using an OCSP responder and got this error on a newly built DC running Server 2022.
Any other server or workstation on the domain I tested could validate certs fine against the OCSP server.
To replicate the error export a cert. Can be any cert as long as it is issued from your CA.
Run this certutil test. In this case I call my exported cert dc.cer.
certutil -f –urlfetch -verify .\dc.cer | sls "OCSP"
The OCSP call will fail from the server generating these event log entries but the same command will work from another host.
I can't say I worked out why this happens but I got around it by restarting the OCSP server. Then running the same command on the new DC worked