Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, August 11, 2012 7:31 AM
My lab consists of the following 2008 R2 servers:
1 DC,
1 RODC,
1 standalone root CA
1 enterprise subordinate issuing CA
1 member server with the DHCP role
On the issuing CA I've also installed the Online Responder, CA Web Enrollment and NDES role services. I followed the instructions from the MS 70-640 Training Kit to install the CAs, configure the online responder, create a duplicate EFS template, and configure autoenrollment. I assigned the Network Service account read permission to the OCSP Signing certificate. Everything works fine except for adding http locations to the revocation configuration. I'd like to know how to set this up.
If I use the ldap locations the online responder returns no errors and there are none in PKI either. If I add http locations for the revocation provider I get this error below. I've tried revoking the CA Exchange certificate and re-adding and re-configuring the base and delta crls but I still get this error. Can anyone offer further suggestions?
Type: Microsoft CRL-based revocation status provider. Revocation provider is not working on the Array controller.
The revocation provider failed with the current configuration. The object identifier does not represent a valid object. 0x800710d8 (WIN32: 4312), 0x800710d8
All replies (2)
Monday, August 13, 2012 5:41 AM âś…Answered
Hi,
Thanks for posting in Microsoft TechNet forums.
Please check the information in the article below regarding how to troubleshoot the error "Revocation provider is not working on the Array Controller":
Online Responder Installation, Configuration, and Troubleshooting Guide
http://technet.microsoft.com/en-us/library/cc770413(v=ws.10).aspx
Regards
Kevin
Monday, August 13, 2012 6:11 AM
Thanks. I'll read through this and see if I can get these http locations to work.