Event ID 128 – Certification Authority

KB ID 0001033 

Problem

Seen in the application log of a Windows Certificate Services server (Server 2012 R2)

[box]Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Date: 07/02/2015 15:55:26
Event ID: 128
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: PNLPKI00v.petenetlive.com
Description:
An Authority Key Identifier was passed as part of the certificate request 29. This feature has not been enabled. To enable specifying a CA key for certificate signing, run: "certutil -setreg caUseDefinedCACertInRequest 1" and then restart the service.[/box]

Solution

The event is pretty much telling you exactly what to do to fix it! Open an elevated command prompt and enter the following commands;

[box]

certutil -setreg caUseDefinedCACertInRequest 1
net stop CertSvc
net start CertSvc

[/box]

Or you can simply open the registry editor and navigate to;

[box]HKLM > SYSTEM > CurrentControlSet > Services > CertSvc > Configuration > {your-server-name}[/box]

Change UserDefinedCACertInRequest and change its value to 1 (one). then restart the certificate services service.

Related Articles, References, Credits, or External Links

NA