Event ID 132 — AD CS Certificate Request (Enrollment) Processing
Applies To: Windows Server 2008
.jpg)
One of the primary functions of a certification authority (CA) is to evaluate certificate requests from clients and, if predefined criteria are met, issue certificates to those clients. In order for certificate enrollment to succeed, a number of elements must be in place before the request is submitted, including a CA with a valid CA certificate; properly configured certificate templates, client accounts, and certificate requests; and a way for the client to submit the request to the CA, have the request validated, and install the issued certificate.
Event Details
| Product: | Windows Operating System |
| ID: | 132 |
| Source: | Microsoft-Windows-CertificationAuthority |
| Version: | 6.0 |
| Symbolic Name: | MSG_E_AES_ARCHIVAL_WITH_CAPI_PROV |
| Message: | The certification authority (CA) was unable to perform a decryption operation. This error can occur when an advanced encryption algorithm such as Advanced Encryption Standard (AES) is used and the CA has not been configured to use a CryptoAPI Next Generation (CNG) key storage provider. If this error occurred during certificate enrollment, check the certificate template to confirm that advanced encryption for key archival is not enabled. |
Resolve
Enable a decryption operation during certificate request processing
To perform this procedure, you must have Manage CA permission, or you must have been delegated the appropriate authority.
To identify and resolve an encryption error:
- Check the event log on the certification authority (CA) for other event log messages related to certificate requests, such as CertificationAuthorityEvent 22. This event log message should contain the ID of the failed certificate request.
- Click Start, point to Administrative Tools, and click Certification Authority.
- Double-click Failed Requests.
- Right-click the failed certificate request identified in the first step, point to All Tasks, and then click View Attributes/Extensions.
- Click the Extensions tab, and click Certificate Template Information. Note the certificate template name.
- Click Start, type Certtmpl.msc, and press ENTER.
- Right-click the certificate template identified in step 5, and then click Properties.
- Click the Request Handling tab. Under Archive subject's encryption private key, clear the Use advanced symmetric algorithm to send the key to the CA check box if it is selected, and then retry the certificate enrollment.
If these resolution steps do not resolve the problem or if the error persists, contact Microsoft Customer Service and Support. For more information, see https://go.microsoft.com/fwlink/?LinkId=89446.
Verify
To perform this procedure, you must have permission to request a certificate.
To confirm that certificate request processing is working properly:
- Click Start, type certmgr.msc, and then press ENTER.
- If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
- In the console tree, double-click Personal, and then click Certificates.
- On the Action menu, point to All Tasks, and click Request New Certificate to start the Certificate Enrollment wizard.
- Use the wizard to create and submit a certificate request for any type of certificate that is available.
- Under Certificate Installation Results, confirm that the enrollment completes successfully and no errors are reported. You can also click Details to view additional information about the certificate.