After configuring PKI cluster , I am not able to publish CRL, i am seeing the error below when i try to publish CRL
Event log error
Event ID 74
Active Directory Certificate Services could not publish a Base CRL for key 1 to the following location on server DC.goryeal.com: ldap:///CN=PKI100A(1),CN=pki100p,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=goryeal,DC=com. Directory object not found. 0x8007208d (WIN32: 8333).
ldap: 0x20: 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=PKI100P,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=goryeal,DC=com'
I tested my cluster using the commands below and it seems to be configured correctly
C:\Users\administrator>certutil -config pki100p\pki100a -ping
Connecting to pki100p\pki100a ...
Server "PKI100A" ICertRequest2 interface is alive
CertUtil: -ping command completed successfully.
C:\Users\administrator>certutil -config pki100p\pki100a -pingadmin
Connecting to pki100p\pki100a ...
Server ICertAdmin2 interface is alive
CertUtil: -pingadmin command completed successfully.
C:\Users\administrator.GORYEAL>certutil -getreg ca\crlpublicationurls
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\PKI100A\CRLPublicationURLs:
CRLPublicationURLs REG_MULTI_SZ =
0: 65:C:\Windows\system32\CertSrv\CertEnroll\%3%8%9.crl
CSURL_SERVERPUBLISH -- 1
CSURL_SERVERPUBLISHDELTA -- 40 (64)
1: 79:ldap:///CN=%7%8,CN=pki100p,CN=CDP,CN=Public Key Services,CN=Services,%6%10
CSURL_SERVERPUBLISH -- 1
CSURL_ADDTOCERTCDP -- 2
CSURL_ADDTOFRESHESTCRL -- 4
CSURL_ADDTOCRLCDP -- 8
CSURL_SERVERPUBLISHDELTA -- 40 (64)
2: 0:http://%1/CertEnroll/%3%8%9.crl
3: 0:file://%1/CertEnroll/%3%8%9.crl
CertUtil: -getreg command completed successfully.