Lemonde
  • Lemonde
  • 100% (Exalted)
  • Advanced Member Topic Starter
3 years ago
Certificate services error after transfer to 2019 box from 2008 R2:

Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Date: 24/12/2020 10:41:13
Event ID: 130
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: 00DC0.domain.local
Description:
Active Directory Certificate Services could not create a certificate revocation list. The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER). This may cause applications that need to check the revocation status of certificates issued by this CA to fail. You can recreate the certificate revocation list manually by running the following command: "certutil -CRL". If the problem persists, restart Certificate Services.
Event Xml:



130
0
2
0
0
0x8000000000000000

4670


Application
00DC0.domain.local



The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)



We ran the suggested command, but the error persists.
Sponsor

Want to thank us? Use: Patreon or PayPal or Bitcoins: bc1q4whppe29dw77rm4kv4pln0gqae4yjnxly0dny0hky6yhnafukzjsyrsqhk

All opinions expressed within these pages are sent in by members of the public or by our staff in their spare time, and as such do not represent any opinion held by sircles.net Ltd or their partners.


stevefckay
3 years ago
The Certificate Revocation List is a list of certificates that have been marked as invalid prior ro their expiry date. It is for browsers and other certificate clients to check that a certificate is trusted.

If the The Certificate Revocation (CRL) becomes mismatched - such as after an upgrade where the new Certificate Authority (CA) has not issued the certificates in the CRL then you see this error.

The fix is to manually recreate the CRL:

To manually create a CRL by using the CA administrative tool
[list]
  • 1.In the CA snap-in, from console tree, click Revoked Certificates
  • On the Action menu, click All Tasks and then Publish
  • Select New CRL which will then instruct the CA to replace the previous CRL[/list]

  • Now click OK and you're done.

    The error should not reappear.