Event ID 128 – Certification Authority

KB ID 0001033 


Seen in the application log of a Windows Certificate Services server (Server 2012 R2)

Event ID 128

Log Name: Application Source: Microsoft-Windows-CertificationAuthority Date: 07/02/2015 15:55:26 Event ID: 128 Task Category: None Level: Warning Keywords: User: SYSTEM Computer: PNLPKI00v.petenetlive.com Description: An Authority Key Identifier was passed as part of the certificate request 29. This feature has not been enabled. To enable specifying a CA key for certificate signing, run: "certutil -setreg caUseDefinedCACertInRequest 1" and then restart the service.


The event is pretty much telling you exactly what to do to fix it! Open an elevated command prompt and enter the following commands;

certutil -setreg caUseDefinedCACertInRequest 1
net stop CertSvc
net start CertSvc

Event ID 128

Or you can simply open the registry editor and navigate to;

HKLM > SYSTEM > CurrentControlSet > Services > CertSvc > Configuration > {your-server-name}


Change UserDefinedCACertInRequest and change its value to 1 (one). then restart the certificate services service.

Related Articles, References, Credits, or External Links


Author: Migrated

Share This Post On