Lemonde
  • Lemonde
  • Advanced Member Topic Starter
a year ago
Certificate services error after transfer to 2019 box from 2008 R2:

Log Name: Application

Source: Microsoft-Windows-CertificationAuthority

Date: 24/12/2020 10:41:13

Event ID: 130

Task Category: None

Level: Error

Keywords:

User: SYSTEM

Computer: 00DC0.domain.local

Description:

Active Directory Certificate Services could not create a certificate revocation list. The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER). This may cause applications that need to check the revocation status of certificates issued by this CA to fail. You can recreate the certificate revocation list manually by running the following command: "certutil -CRL". If the problem persists, restart Certificate Services.

Event Xml:

130

0

2

0

0

0x8000000000000000

4670

Application

00DC0.domain.local

The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)

We ran the suggested command, but the error persists.


Sponsor

Want to thank us? Use: Patreon or PayPal or Bitcoins: 12G4A52Znm5s35buKDEmKU2p2vQY69Nsyo

Protect your visitors with SSL, from $3.44

All opinions expressed within these pages are sent in by members of the public or by our staff in their spare time, and as such do not represent any opinion held by sircles.net Ltd or their partners.


stevefckay
11 months ago
The Certificate Revocation List is a list of certificates that have been marked as invalid prior ro their expiry date. It is for browsers and other certificate clients to check that a certificate is trusted.

If the The Certificate Revocation (CRL) becomes mismatched - such as after an upgrade where the new Certificate Authority (CA) has not issued the certificates in the CRL then you see this error.

The fix is to manually recreate the CRL:

To manually create a CRL by using the CA administrative tool

  • 1.In the CA snap-in, from console tree, click Revoked Certificates

  • On the Action menu, click All Tasks and then Publish

  • Select New CRL which will then instruct the CA to replace the previous CRL

Now click OK and you're done.

The error should not reappear.