Receiving Event ID 64

Computer Gladiator 436 Reputation points

Hello, we have a Windows Server 2012 R2 as a domain controller and we receive several event id 64 messages.... Certificate for local system with Thumbprint "xx....xx" is about to expire or already expired.
This has been appearing for sevarl months and does not appear to be affecting anything. I understand that this can be ignored but wanted to clean this up. These thumbprints do not seem to appear in the Certificates MMC program. How can I find them and remove?
Thank you

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
9,469 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,424 questions
{count} votes

Accepted answer
  1. Daisy Zhou 13,786 Reputation points Microsoft Vendor

    Hello @Computer Gladiator ,

    Thank you for posting here.

    From the error message you provided, it seems some cert in user store or computer store is about to expire or already expired. We can try to find it as below.

    1.Click Start, type mmc, and then press ENTER.
    2.If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    3.On the File menu, click Add/Remove Snap-in, click Certificates, and then click Add.** **
    4.Select the user or computer account that logged the error, and click Next.
    5.Click Finish, and then click OK.
    6.In the console tree, click Certificates - Current User or Certificates (Local Computer), and then click Personal.
    7.In the console tree, double-click Certificates, double-click Personal, and then click Certificates.
    8.Locate the certificate with the thumbprint listed in the event log message.

    For example:


    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

3 additional answers

Sort by: Most helpful
  1. ESP IT Guy 11 Reputation points

    Firstly, why do MS people insist on using the snap-in for certs? Just hit start and type Cert, gives the option of Computer and User certs.

    Secondly, to find a cert via thumbprint use powershell:

    Get-ChildItem -path 'Cert:\*5b1fd0c0be45f22c868048f08939a132d532b11f' -Recurse | Format-List

    2 people found this answer helpful.

  2. Computer Gladiator 101 Reputation points

    Hello, how can I tell if this can be removed or should it be renewed?

    0 comments No comments

  3. Computer Gladiator 101 Reputation points

    I typically would use the snap-in tool to confirm which one is expired. Match it up with the event log notification then determine whether I wish to remove or renew it. Hope this helps

    0 comments No comments