none
OCSP Location Red X but working properly

    Question

  • We recently deployed a 2-Tier PKI but have not gone live with autoenrollment. Everything seems to be working fine but we have a small red X in the upper-right hand corner of our online-responder host of the ADCS MMC. I've searched and found this post about the windows online responder not supporting LDAP: http://social.technet.microsoft.com/Forums/windowsserver/en-US/7f275db2-711f-4c26-98c4-4c64d4f8f04a/online-responder-service-ocsp-for-crl-check-shows-red-x?forum=winserversecurity.

    I was surprised by this because the guide we used (https://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx) and several other online resources we found also set the AIA extensions to include LDAP.

    I also found this posting indicating the problem might be due to out of date information being included in the CA Exchange Certificate AIA extensions: http://social.technet.microsoft.com/Forums/windowsserver/en-US/cc4ed25a-5c0e-41b6-982a-9ed940292754/ocsp-location-1-error?forum=winserversecurity. We tried these steps and they did not help.

    There are no errors in the event log and as I said, everything seems to be working fine. Wireless users are being authenticated using EAP-TLS just fine. I tried to attach some screen caps showing the small red X but it wont let me attach them until my account is verified. Does anyone have any idea what this red X means and what can be done to get rid of it?

    Jim

    Tuesday, October 08, 2013 5:46 PM

All replies