Home / Articles / Security / CA Issues Event ID: 36871

CA Issues Event ID: 36871

We were faced with the following issue:

 

We have a certificate authority setup on a windows 2008R2 box and now when you log into the site it asks for creds and doesnt let you in.  We tried regular and domain admin accounts (by default all domain users can request a cert and only domain admins can approve the request).  When you log in locally you see the cert page come up but have issues when trying to request a cert.

 

We get the following error when logged in locally:

no certificate templates could be found.  You do not have permissiosn to request a certificate CA, or an error occurred while accessing the Active Directory.

in the system event i see the following error:

Log Name:      System

Source:        Schannel
Event ID:      36871
Task Category: None
Level:         Error
Keywords:
User:          SYSTEM

Description:
A fatal error occurred while creating an SSL client credential. The internal error state is 10013.
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”>
<System>
<Provider Name=”Schannel” Guid=”{1F678132-5938-4686-9FDC-C8FF68F15C85}” />
<EventID>36871</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<EventRecordID>224668</EventRecordID>
<Correlation />
<Execution ProcessID=”512″ ThreadID=”3548″ />
<Channel>System</Channel>
<Security UserID=”S-1-5-18″ />
</System>
<EventData>
<Data Name=”Type”>client</Data>
<Data Name=”ErrorState”>10013</Data>
</EventData>
</Event>

this was working fine with no issues and changes were not made that i am aware of.  i checked the permissions and things look good.

we also tried this and it didnt work:

http://support.microsoft.com/kb/811418/en-us

Resolution:

Reboot the CA (certificate authority)

Share


Comment on CA Issues Event ID: 36871

Leave a Reply






Contact Us