Certificate services error after transfer to 2019 box from 2008 R2:

Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Date: 24/12/2020 10:41:13
Event ID: 130
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: 00DC0.domain.local
Description:
Active Directory Certificate Services could not create a certificate revocation list. The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER). This may cause applications that need to check the revocation status of certificates issued by this CA to fail. You can recreate the certificate revocation list manually by running the following command: "certutil -CRL". If the problem persists, restart Certificate Services.
Event Xml:



130
0
2
0
0
0x8000000000000000

4670


Application
00DC0.domain.local



The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)



We ran the suggested command, but the error persists.

---

The Certificate Revocation List is a list of certificates that have been marked as invalid prior ro their expiry date. It is for browsers and other certificate clients to check that a certificate is trusted.

If the The Certificate Revocation (CRL) becomes mismatched - such as after an upgrade where the new Certificate Authority (CA) has not issued the certificates in the CRL then you see this error.

The fix is to manually recreate the CRL:

To manually create a CRL by using the CA administrative tool
[list]

1.In the CA snap-in, from console tree, click Revoked Certificates

On the Action menu, click All Tasks and then Publish

Select New CRL which will then instruct the CA to replace the previous CRL[/list]

Now click OK and you're done.

The error should not reappear.