Online Responder service configuration problem.
The status and functioning of the Microsoft Online Responder service has dependencies on numerous features and components, including the ability to access timely certificate revocation data, the validity of the certification authority (CA) certificate and chain, and overall system response and availability.
Correct revocation configuration problems
When the Online Responder service encounters an error while attempting to load its configuration, this can indicate that the revocation configuration has been corrupted. To correct this:
Follow the procedure in the "Create a valid revocation configuration" section.
If this does not resolve the problem, follow the procedure in the "Delete a revocation configuration from the registry" section, and then follow the procedure in the "Create a valid revocation configuration" section again.
If the corrupted revocation configuration occurs on the member of an Array, delete the revocation configuration by using the procedure in the "Delete a revocation configuration from the registry" section, and then use the procedure in the "Synchronize members with an Array controller" section to re-create the revocation configuration.
If the corrupted configuration occurs on an Array controller, you need follow the procedure in the "Designate an Array controller" section to designate a different Online Responder as the Array controller. Then the restored revocation configuration can be synchronized with the new Array controller.
To perform these procedures, you must have membership in local Administrators, or you must have been delegated the appropriate authority.
Create a valid revocation configuration
To create a valid revocation configuration:
Click Start, point to Administrative Tools, and click Online Responder.
In the details pane, right-click the revocation configuration identified in the event, and click Delete.
In the console tree, click Revocation Configuration.
In the Actions pane on the right, click Add Revocation Configuration to start the Add Revocation Configuration Wizard.
Provide the information requested in the wizard, and then click Finish and Yes to complete the setup process.
If you cannot access the revocation configuration by using the Online Responder snap-in, you need to delete this information directly from the registry.
Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.
Delete a revocation configuration from the registry
To delete a revocation configuration from the registry:
On the Online Responder, click Start, type regedit, and then press ENTER.
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OCSPSvc\Responder.
Delete the corrupted revocation configuration.
Synchronize members with an Array controller
To synchronize members with an Array controller:
On the Online Responder, Start, point to Administrative Tools, and click Online Responder.
In the console tree, click Array Configuration Members.
In the Actions pane, click Synchronize Responder Configuration.
If the corrupted configuration occurs on an Array controller, you can temporarily make another computer the Array controller, synchronize the Array, and then reset the original computer to be the Array controller.
Designate an Array controller
To designate an Array controller:
Click Start, point to Administrative Tools, and then click Online Responder.
In the console tree, click Array ConfigurationMembers.
Select the Online Responder that you want to designate as the Array controller.
In the Actions pane, click Set as Array Controller.
Synchronize the Array member with the corrupt configuration, and then reset the updated Array member as the Array controller.
If the problem persists, contact Microsoft Customer Service and Support.
Target | Microsoft.Windows.CertificateServices.CARole.2016 |
Category | EventCollection |
Enabled | True |
Event_ID | 29 |
Event Source | Microsoft-Windows-OnlineResponder |
Alert Generate | False |
Remotable | True |
Event Log | Application |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Windows.EventProvider | Default |
WriteToDB | WriteAction | Microsoft.SystemCenter.CollectEvent | Default |
WriteToOCSPEvents | WriteAction | Microsoft.Windows.CertificateServices.CARole.OCSPEvents.Publisher | Default |
<Rule ID="Microsoft.Windows.CertificateServices.CARole.2016.OCSPEvents.29" Enabled="true" Target="CSDisc!Microsoft.Windows.CertificateServices.CARole.2016" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">29</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Microsoft-Windows-OnlineResponder</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="WriteToOCSPEvents" TypeID="Microsoft.Windows.CertificateServices.CARole.OCSPEvents.Publisher"/>
</WriteActions>
</Rule>