none
ADWS certificate warning 1400 despite valid certificate on all DC's RRS feed

  • Question

  • We get on every DC (2008 R2 SP1) restart a ADWS warning with the ID 1400. We have an internal Enterprise CA (installed on one of the DC's). Have added the group "Domain Controllers" to the CERTSVC_DCOM_ACCESS group. 

    On one DC, I have deleted the domain controller certificate, have executed "gpupdate", and the following certificate was installed immediately. It should be valid for ADWS:

    Thank you in advance for any hint what we can do that ADWS recognizes the certificate as valid.

    Franz

    Thursday, February 14, 2013 2:05 PM

Answers

  • Thank you, have already examined the links above. They point in the right direction without providing a solution.

    But we were able to fix the error: The cause is that "Domain Controller Authentication" Certificate template has set the Subject name to "None". After changing this to "Common Name" with setting the checkbox on "DNS name", and after deleting the domain controller certificate and reissuing one that is based on the changed template, the ADWS error disappeard.

    There is a blog entry that the subject name on this certificate template is empty "by design": http://blogs.technet.com/b/askds/archive/2008/09/16/third-party-application-fails-using-ldap-over-ssl.aspx. However, Microsoft talks only about third party applications that don't work with this setting. But ADWS is affected as well and is a Windows core component.

    Franz

    • Marked as answer by 朱鸿文 Monday, March 4, 2013 6:58 AM
    Monday, February 18, 2013 12:45 PM

All replies

  • Hi,

    Thanks for posting in Microsoft TechNet forums.

    The information in the threads below might be helpful during the troubleshooting:

    ADWS Event ID 1400
    http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/5fac0d70-7dff-46f7-8c3a-b2982bc7fffc/

    Event 1400 Active Directory Web Services
    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d236b513-94df-4b9a-b034-f3b15b2b115f/

    Regards

    Kevin
    Monday, February 18, 2013 5:01 AM
  • Thank you, have already examined the links above. They point in the right direction without providing a solution.

    But we were able to fix the error: The cause is that "Domain Controller Authentication" Certificate template has set the Subject name to "None". After changing this to "Common Name" with setting the checkbox on "DNS name", and after deleting the domain controller certificate and reissuing one that is based on the changed template, the ADWS error disappeard.

    There is a blog entry that the subject name on this certificate template is empty "by design": http://blogs.technet.com/b/askds/archive/2008/09/16/third-party-application-fails-using-ldap-over-ssl.aspx. However, Microsoft talks only about third party applications that don't work with this setting. But ADWS is affected as well and is a Windows core component.

    Franz

    • Marked as answer by 朱鸿文 Monday, March 4, 2013 6:58 AM
    Monday, February 18, 2013 12:45 PM
  • Thank you, it solved the problem also on win 2012R2.

    Mauro


    Mauro Poletti

    Tuesday, September 9, 2014 9:47 AM