Forum

Online Responder Se...
 
Bildirimler
Hepsini Temizle

Online Responder Services - 2008 server

1 Yazılar
1 Üyeler
0 Reactions
896 Görüntüleme
(@rahmidilli)
Gönderiler: 2458
Famed Member
Konu başlatıcı
 

http://technet.microsoft.com/en-us/library/cc753468.aspx  

Setting Up Online Responder Services in a Network 

Setting up Online Responder services involves several interrelated
steps. Several of these steps must be performed on the certification
authority (CA) that will be used to issue the Online Certificate Status
Protocol (OCSP) signing certificates necessary for an Online Responder
to function. These steps include configuring the appropriate
certificate template, enabling the certificate template, and
configuring and completing certificate autoenrollment so that the
computer hosting the Online Responder has the certificates needed for
the Online Responder to function.

Installation and
configuration of an Online Responder involves using Server Manager to
install the Online Responder service, the Certificate Templates snap-in
to configure and publish OCSP Response Signing certificate templates,
the Certification Authority snap-in to include OCSP extensions in the
certificates that it will issue and to issue OCSP Response Signing
certificates, and the Online Responder snap-in to create a revocation
configuration.

The following topics describe the steps needed to
complete these installation and configuration steps and how to verify
that the installation was successful.

http://technet.microsoft.com/en-us/library/cc774575.aspx

AD CS Online Responder

The Microsoft Online
Responder service makes it possible to configure and manage Online
Certificate Status Protocol (OCSP) validation and revocation checking
in Windows-based networks. The Online Responder snap-in allows you to
configure and manage revocation configurations and Online Responder
Arrays to support public key infrastructure (PKI) clients in diverse
environments.

Aspects

The following is a list of all aspects that are part of this managed entity:

Name Description

AD CS Online Responder Service

The
status and functioning of the Microsoft Online Responder service has
dependencies on numerous features and components, including the
ability to access timely certificate revocation data, the validity of
the certification authority (CA) certificate and chain, and overall
system response and availability.

Related Management Information

Active Directory Certificate Services

AD CS Online Responder Service

Updated: November 27, 2007

The
status and functioning of the Microsoft Online Responder service has
dependencies on numerous features and components, including the
ability to access timely certificate revocation data, the validity of
the certification authority (CA) certificate and chain, and overall
system response and availability.

Events

Event ID Source Message

16

Microsoft-Windows-OnlineResponderRevocationProvider

For configuration %1, the Online Responder revocation provider failed to update CRL information: %2.

17

Microsoft-Windows-OnlineResponderRevocationProvider

For configuration %1, the Online Responder revocation provider either has no CRL information or has outdated CRL information.

17

Microsoft-Windows-OnlineResponderWebProxy

The Online Responder ISAPI extension failed to Initialize. %1

17

Microsoft-Windows-OnlineResponder

OCSP Responder Services was started.

18

Microsoft-Windows-OnlineResponderRevocationProvider

For configuration %1, the Online Responder revocation provider found a delta CRL that refers to a newer base CRL.

18

Microsoft-Windows-OnlineResponder

The Online Responder Service was stopped.

18

Microsoft-Windows-OnlineResponderWebProxy

OCSP ISAPI Extension was loaded.

19

Microsoft-Windows-OnlineResponderWebProxy

The Online Responder ISAPI extension was stopped.

19

Microsoft-Windows-OnlineResponder

The Online Responder Service did not start because a safe boot was detected.

20

Microsoft-Windows-OnlineResponder

The Online Responder Service did not start: %1.

20

Microsoft-Windows-OnlineResponderWebProxy

The Online Responder Service detected an invalid configuration for the %1 property. The value was changed from %2 to %3.

21

Microsoft-Windows-OnlineResponder

%1: The Online Responder Service detected an exception at address %2. Flags = %3. The exception is %4.

22

Microsoft-Windows-OnlineResponder

The
Online Responder Services did not process an extremely long request
from %1. This may indicate a denial-of-service attack. If the request
was rejected in error, modify the MaxIncomingMessageSize property for
the service. Unless verbose logging is enabled, this error will not be
logged again for 20 minutes.

23

Microsoft-Windows-OnlineResponder

Online Responder Service: For configuration %1, could not locate signing certificate.(%2)

25

Microsoft-Windows-OnlineResponder

Online Responder Services: For revocation configuration %1, the signing certificate is going to expire soon.

26

Microsoft-Windows-OnlineResponder

Online
Responder Service: For configuration %1, the signing certificate has
expired. Any OCSP request for this configuration will be rejected.

27

Microsoft-Windows-OnlineResponder

Online Responder Services: For configuration %1, the signing certificate was not updated.(%2)

29

Microsoft-Windows-OnlineResponder

OnlineResponder
Service: For configuration %1, settings could not be loaded. Any OCSP
request for this configuration will be rejected.(%2)

31

Microsoft-Windows-OnlineResponder

Online Responder Service: Could not initialize performance counters.

33

Microsoft-Windows-OnlineResponder

Online
Responder Service: For configuration %1, failed to create an enrollment
request for the signing certificate template %2.(%3)

34

Microsoft-Windows-OnlineResponder

Online
Responder Service: For configuration %1, an error occurred while
submitting the enrollment request to the certification authority
%2.%3(%4)

35

Microsoft-Windows-OnlineResponder

Online
Responder Service: For configuration %1, failed to install the
enrollment response for the signing certificate template %2.%3(%4)

 

 

 
Gönderildi : 19/08/2008 19:11

Paylaş: