Home
  •  

具有源 CertificationAuthority 和 ID 23 的事件的收集规则

Microsoft.Windows.CertificateServices.CARole.6.3.CertSvcEvents.23 (Rule)

无法处理证书申请,这是因为证书输入数据不正确。

Knowledge Base article:

摘要

证书颁发机构 (CA) 的一个重要功能是评估来自客户端的证书申请,并且在满足预定义的条件时向这些客户端发出证书。要想成功注册证书,在提交申请之前必须准备好一定的资料,包括具有有效 CA 证书的 CA;正确配置的证书模板、客户端帐户和证书申请;客户端向 CA 提交申请的方式,验证申请,并安装签发的证书。

解决方案

修订证书请求,使其包含有效的证书输入数据

事件日志消息中指出的证书申请包含无效的字段长度数据。字段长度应少于 127 个字节。若解决此问题,请执行以下操作:

提交一个字段长度少于 127 个字节的新证书申请,以符合事件日志描述中指定的字段。

要执行这些操作,您必须具有基于证书模板的证书的注册权限。

提交证书申请

要提交证书申请,请执行以下操作:

检查挂起的证书申请

要检查挂起的证书申请,请执行以下操作:

其他

要确认证书申请处理是否正常,请执行以下操作:

Element properties:

TargetMicrosoft.Windows.CertificateServices.CARole.6.3
CategoryEventCollection
EnabledTrue
Event_ID23
Event SourceMicrosoft-Windows-CertificationAuthority
Alert GenerateTrue
Alert SeverityError
Alert PriorityHigh
RemotableTrue
Alert Message
AD CS 证书申请(注册)处理
事件描述:{0}
Event LogApplication

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default
WriteToCertSvcEvents WriteAction Microsoft.Windows.CertificateServices.CARole.CertSvcEvents.Publisher Default
WriteToDB WriteAction Microsoft.SystemCenter.CollectEvent Default

Source Code:

<Rule ID="Microsoft.Windows.CertificateServices.CARole.6.3.CertSvcEvents.23" Enabled="onEssentialMonitoring" Target="CSDisc!Microsoft.Windows.CertificateServices.CARole.6.3" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">23</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">Microsoft-Windows-CertificationAuthority</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="WriteToCertSvcEvents" TypeID="Microsoft.Windows.CertificateServices.CARole.CertSvcEvents.Publisher"/>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>2</Priority>

      <Severity>2</Severity>

      <AlertMessageId>$MPElement[Name="AlertMessageIDa6158a00175248879165de9809c62f70"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/EventDisplayNumber$</SuppressionValue>

        <SuppressionValue>$Data/PublisherName$</SuppressionValue>

        <SuppressionValue>$Data/LoggingComputer$</SuppressionValue>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>