Share via

Windows 2022 Certificate Authority CRL Not Updating in AD

jitesh k 0 Reputation points
2025-02-05T16:17:27.13+00:00

Hello All

Firstly apologies, i will try and explain the issue to the best of my limited knowledge.

We have migrated from a Windows 2012 PKI infrastructure to a Windows 2022 PKI Infrastructure.

The CDP Container within Manage AD Containers, is not updating the Delta CDP Automatically.

As you can see in the screenshot the Delta CRL is showing as expired.

Is there something we need to do, to get the Delta CRL to update Automatically?

CRL_Blanked

Thank you for looking and any help, would be greatly appreciated.

JK

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,726 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,917 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Geoff McKenzie 390 Reputation points
    2025-02-05T23:22:27.52+00:00

    Hi Jitesh,

    you say you 'migrated' your PKI. how did you migrate or did you build new CA(s)?

    you may want to look into the CA properties (from memory it is on the extensions tab) and review the configuration for the CRL locations. Specifically check publish to and include in certificates settings.

    If those are all correct then check in the CA's logs. There will be an event logged if the CA is having trouble publishing a CRL or delta to a given location and will give a reason. The reason will lead you to your next step.

    If the CRL publish configuration is not correct in the CA's properties then there won't be errors in the event logs; as the CA won't try.

    HTH

    Regards,

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.