Event ID 13

KB ID 0000520 

Problem

Seen every few hours in the application log:

Source: AutoEnrollment Description: Automatic certificate enrollment for the local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.

Solution

1. Go to your domain controller > Open Active Directory users and computers > Locate the CERTSVC_DCOM_ACCESS group.

2. Add in the “Domain Controllers” group.

3. On your Certification Authority Server > drop to command line and issue the following three commands.

[box]

certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAG
net stop certsvc
net start certsvc 

[/box]

Related Articles, References, Credits, or External Links

NA

Event ID 63

KB ID 0000363 

Problem

Activation context generation failed for “C:Program Files (x86)Common FilesAdobe AIRVersions1.0Adobe AIR.dll”.Error in manifest or policy file “C:Program Files (x86)Common FilesAdobe AIRVersions1.0Adobe AIR.dll” on line 3. The value “MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR” of attribute “version” in element “assemblyIdentity” is invalid.

The version of Abode Air that you are running is out of date! Remove and download a new one. In my case it was the version that installed with Adobe CS4.

Solution

1. Click Start > In the search/run box type appwiz.cpl {enter}.

2. Locate Adobe Air > Un-install

3. You may get a warning to say some applications need Adobe Air to run don’t panic just un-install it.

4. Once its been safely removed go here and download the latest version > then install.

Related Articles, References, Credits, or External Links

NA

Event ID 128 – Certification Authority

KB ID 0001033 

Problem

Seen in the application log of a Windows Certificate Services server (Server 2012 R2)

[box]Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Date: 07/02/2015 15:55:26
Event ID: 128
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: PNLPKI00v.petenetlive.com
Description:
An Authority Key Identifier was passed as part of the certificate request 29. This feature has not been enabled. To enable specifying a CA key for certificate signing, run: "certutil -setreg caUseDefinedCACertInRequest 1" and then restart the service.[/box]

Solution

The event is pretty much telling you exactly what to do to fix it! Open an elevated command prompt and enter the following commands;

[box]

certutil -setreg caUseDefinedCACertInRequest 1
net stop CertSvc
net start CertSvc

[/box]

Or you can simply open the registry editor and navigate to;

[box]HKLM > SYSTEM > CurrentControlSet > Services > CertSvc > Configuration > {your-server-name}[/box]

Change UserDefinedCACertInRequest and change its value to 1 (one). then restart the certificate services service.

Related Articles, References, Credits, or External Links

NA

Exchange – Event ID 25006

KB ID 0000910 

Problem

Freshly installed Exchange 2013 Server (was migrated from Exchange 2007) and it threw out this error.

Log Name: Application
Source: MSExchangeTransport
Event ID: 25006
Task Category: Configuration
Level: Error
Keywords: Classic
User: N/A
Computer: PNL-Exchange.petenetlive.net
Description:
The path to the Queue Quota component log has not been set. Queue Quota component log will not be written.

Solution

1. A quick internet search told me to check what had been set with the following commands,

[box]

Get-TransportServer |
fl Queue*

OR

Get-TransportService |
fl Queue*

[/box]

2. Above we can see three things, Get-TransportServer is a command that is going to be depreciated, there is NOTHING set for the QueueQuotaLogPath, and QueueQuotaLogEnabled is set to true (it’s turned on). Even if we use the newer syntax (below) the result is the same.

3. OK, first I created a folder on the Exchange server and tried to manually set the log path. Then I tried to set QueueQuotaLogEnabled to ‘False’ to see if that cured the problem. It would not let me do either.

Some more searching led me to find that these properties can not be changed (at the moment anyway), as they are both flagged as ‘This parameter is reserved for internal Microsoft use’.

Table Reference

WlmLogPath Optional This parameter is reserved for internal Microsoft use.
QueueQuotaLogEnabled Optional This parameter is reserved for internal Microsoft use.
QueueQuotaLogMaxAge Optional This parameter is reserved for internal Microsoft use.
QueueQuotaLogMaxDirectorySize Optional This parameter is reserved for internal Microsoft use.
QueueQuotaLogMaxFileSize Optional This parameter is reserved for internal Microsoft use.
QueueQuotaLogPath Optional This parameter is reserved for internal Microsoft use.

So, in typical Microsoft fashion, it looks like we will have to put up with this error, until they make those parameters editable. If that changes, send me an email (link below).

Related Articles, References, Credits, or External Links

NA

Event ID 9335 and 9331 Offline Address Book Update Errors

KB ID 0000849

Problem

Seen on an Exchange 2010 server, this server had previously been upgraded from Exchange 2007, and that was upgraded from Exchange 2003.

Event ID 9335

Log Name: Application
Source: MSExchangeSA
Event ID: 9335
Task Category: (13)
Level: Error
Keywords: Classic
User: N/A
Computer: ServerName
Description:
OABGen encountered error 80004005 while cleaning the offline address list public folders under
 /o=org/cn=addrlists/cn=oabs/cn=Default Offline Address Book. Please make sure the public folder
 database is mounted and replicas exist of the offline address list folders. No offline address 
lists have been generated. Please check the event log for more information.
- Default Offline Address Book 

Event ID 9331

Log Name: Application
Source: MSExchangeSA
Date: 29/08/2013 06:10:50
Event ID: 9331
Task Category: (13)
Level: Error
Keywords: Classic
User: N/A
Computer: ServerName
Description:
OABGen encountered error 80004005 (internal ID 50101f1) accessing the public folder database 
while generating the offline address list for address list '/'.
- Default Offline Address Book 

Solution

Note: If you don’t have any Outlook 2003 clients left in the organisation, this is a moot point. Simply disable distribution of the offline address book via public folder. (Newer Outlook clients use web based distribution.)

1. Before we do anything make sure that the offline address book has been specified, is shown on the correct server, and is set as default.

2. From the Exchange Management Console > Toolbox > Public Folder Management > system Public Folders > OFFLINE ADDRESS BOOK > Then in the center window, right click each one > Properties > Replication > The server that hosts the public folder should be in here > (In my case it was not.) > Add it in.

3. Now you can force the OAB to update with the following command;

[box]Get-OfflineAddressBook | Update-OfflineAddressBook[/box]

4. Now recheck the event logs, and you should no longer get Events 9335 and 9331.

Related Articles, References, Credits, or External Links

Update Global Address List Error “WARNING: The recipient “xxxxxMicrosoft Exchange System Objects/xxxxx” is invalid and couldn’t be updated