Applies to
All versions of TPP
Microsoft Certificate Services hosting servers.
Summary
Attempts to renew a certificate fail. Checking the CA and attempting to retrieve a list of the templates fails. The message on the top of the screen reads something like this:
Post CSR failed with error: This request operation sent to net.pipe://localhost/XXXXXXXX
did not receive a reply within the configured timeout (00:02:00). The time allotted to
this operation may have been a portion of a longer timeout.
This will generally take about 2 minutes to return, as indicated by the "configured Timeout" message.
More Information
This is usually an indication of some level of failure on the CA. Normally, we've seen this message on Microsoft Certificate Services servers. Unfortunately, root cause has not been determined.
The message itself is a generic Windows Communication Foundation (WCF) framework error. Literally, it means something failed and we timed out, so it doesn't actually point to a fail point.
In some cases, the Certificate Services may actually be able to answer certificate requests from other sources who make their requests without WCF for instance.
Restarting the services on the TPP server or the Certificate server does not resolve the issue, as it appears to be a problem at a much lower layer.
One customer had an issue where the Certificate server was waiting for a response from the HSM, but this is a red-herring and the HSM was actually fine.
Resolution
So far, in every case we've had, we've been forced to actually reboot the Microsoft server hosting the Certificate Services. This has resolved the issue every time once the server actually comes up and, if necessary, reconnects to the HSM.
Comments