Event ID 4868 – The Certificate Manager Denied A Pending Certificate Request
|Category||Object Access: Certification Services|
|Description||The certificate manager denied a pending certificate request.|
Generally, administrators and certificate managers are configured to approve Certification Authorities and Certificate Templates only after which the certificate can be signed and issued by the CA. When the certificate manger denies the request, event 4868 is logged.All events pertaining to the same request will be logged with the same Request ID. For this event to be logged, the corresponding feature needs to be enabled in the CA's properties tab.
This log data provides the following information:
- Request ID
Why does event ID 4868 need to be monitored?
Event ID 4818 is primarily monitored to ensure only authorized and allowed certification request are carried out. This should be monitored for signs of malicious activity.
With 200+ reports and real-time email and SMS alerts, ADAudit Plus tracks all certificate services related events, thus helping you meet your security, operational, and compliance needs with absolute ease.
Event 4868 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10