none
Certificate: Revocation Status: The revocation function was unable to check revocation because the revocation server was offline.

    Question

  • Hi Team,

    I had a problem, I had 3 tier certificate chain. Root,Intermediate,Enterprise CA.

     My Enterprise CA had an issue

    Revocation Status : The revocation function was unable to check revocation because the revocation server was offline.

    The latest event viewer is error Certificate Authority event id 66 Active Directory Certificate Services could not publish a Base CRL for key 1 to the following location: file://\\my-location.crl.  Cannot create a file when that file already exists. 0x800700b7 (WIN32/HTTP: 183).

    Friday, August 16, 2013 8:29 AM

Answers

  • Hi,

    Possible resolutions to this event log message include:

    • If the event log message specifies an Active Directory location that has been formatted as a Lightweight Directory Access Protocol (LDAP) address, confirm that the certification authority (CA) has Write permissions to this location. To do this, follow the procedure in the "Confirm Active Directory CRL distribution point permissions" section.
    • Check the access control list on any file locations referenced in the event log message to confirm that the CA computer has Write permissions to those locations. To do this, follow the procedure in the "Confirm CRL distribution point permissions" section.
    • Follow the procedure in the "Check network connectivity" section to check network connectivity between the CA and domain controller.
    • After any network or permissions problems have been resolved, use the procedure in the "Publish a new CRL" section to publish a new CRL.
    • If you still cannot publish a new CRL, confirm that the CRL distribution point is valid by following the procedure in the "Confirm the validity of configured CRL distribution points" section.

    Quote from:

    http://technet.microsoft.com/en-us/library/cc726342(v=ws.10).aspx

    In addition, here is a similar thread for you to refer to:

    The revocation function was unable to check revocation because the revocation server was offline

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/b03aba0e-757f-40a9-b246-73cbc4226a5a/the-revocation-function-was-unable-to-check-revocation-because-the-revocation-server-was-offline

    Regards,

    Yan Li


    Cataleya Li
    TechNet Community Support

    Saturday, August 17, 2013 5:33 AM
    Moderator

All replies

  • I assume that you have seen this article?

    http://technet.microsoft.com/en-us/library/cc726371(v=ws.10).aspx

    As the error states, the file already exists which is true as it is supposed to be there. As the CA is unable to update the file, the first I would check is permissions needed. I'd say permissions are wrong. For details, see the above article.


    Hth, Anders Janson Enfo Zipper

    Friday, August 16, 2013 9:20 AM
  • Hi,

    Possible resolutions to this event log message include:

    • If the event log message specifies an Active Directory location that has been formatted as a Lightweight Directory Access Protocol (LDAP) address, confirm that the certification authority (CA) has Write permissions to this location. To do this, follow the procedure in the "Confirm Active Directory CRL distribution point permissions" section.
    • Check the access control list on any file locations referenced in the event log message to confirm that the CA computer has Write permissions to those locations. To do this, follow the procedure in the "Confirm CRL distribution point permissions" section.
    • Follow the procedure in the "Check network connectivity" section to check network connectivity between the CA and domain controller.
    • After any network or permissions problems have been resolved, use the procedure in the "Publish a new CRL" section to publish a new CRL.
    • If you still cannot publish a new CRL, confirm that the CRL distribution point is valid by following the procedure in the "Confirm the validity of configured CRL distribution points" section.

    Quote from:

    http://technet.microsoft.com/en-us/library/cc726342(v=ws.10).aspx

    In addition, here is a similar thread for you to refer to:

    The revocation function was unable to check revocation because the revocation server was offline

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/b03aba0e-757f-40a9-b246-73cbc4226a5a/the-revocation-function-was-unable-to-check-revocation-because-the-revocation-server-was-offline

    Regards,

    Yan Li


    Cataleya Li
    TechNet Community Support

    Saturday, August 17, 2013 5:33 AM
    Moderator