locked
win2008 each 15min generates three personal certificates RRS feed

  • Question

  • Hi all,

    we have DC on w2008R2 and each 15min we have the CPU performance for 100% (next 5mins) because of taskhost.exe (96%). When I opened in MMC the certificate Snap-In I found we have many certificates provided by our PDC. I have tried to found the reason but no success. In event log I see many warnings event ID 64. I will appreciate all help.

    Thanks Vasek

    Monday, February 20, 2017 12:34 PM

All replies

  • Hi,

    For event ID 64:A computer certificate on a managed computer, not a certification authority (CA), must be renewed when it passes 90 percent of its validity period or has expired. Because a successful renewal will generally be initiated before the certificate reaches 90 percent of its lifetime, this error indicates that there may be a problem automatically obtaining a new certificate via autoenrollment.

    REF:https://technet.microsoft.com/en-us/library/cc774595(v=ws.10).aspx

    Do you have ADCS in your domain?If you have,please check the certificate renewal period and autoenrollment process.

    REF:Troubleshooting Autoenrollment

    https://blogs.technet.microsoft.com/xdot509/2012/10/18/troubleshooting-autoenrollment/


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, February 21, 2017 2:25 AM
  • Hi,

    I investigate that the task SystemTask in \Microsoft\Windows\CertificateServicesClient is launched every 5min, but the trigger is set up on 8hour. Strange is that this each 5min request is by Event:

    Task Scheduler launched "{00000000-0000-0000-0000-000000000000}"  instance of task "\Microsoft\Windows\CertificateServicesClient\SystemTask"  according to an event trigger.

    I tried to disable the option On event (temporary solution- hope not very problematic), but I would like to know what kind of event requests this task. Can you help me with it?

    Thank you

    Tuesday, February 21, 2017 9:34 AM
  • Hi,

    I have checked in my lab.The SystemTask have 3 triggers.

    Did you have these triggers too?

    If there is nothing created or modified the task,the cause may be in the custom trigger that I  can't confirm,it should be by design.If you still want to know what it is,I suggest you open a case with Microsoft, more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.

    Here is the link:

    https://support.microsoft.com/en-us/gp/support-options-for-business


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, February 23, 2017 4:27 AM
  • Hi,

    I am checking to see if the problem has been resolved. If there's anything you'd like to know, please feel free to ask.

    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, February 28, 2017 9:03 AM