Certutil -crl problems (the directory name is invalid)

Another problem for you fine experts to consider...2 tier PKI, offline Root 2008 R2, 1 Sub Ent CA in Domain1 (2008 R2) and 1 Sub Ent CA in Domain2 (2012 R2).
SubCA 1 and 2 are configured pretty much identically, however when setting up SubCA 2 I am having issues running the Certutil -CRL command to publish the CRL.
My CDP locations are configured as follows;
65:c:\WIndows\System32\CertSrv\CertEnroll\%3%8%9.crl
79:ldap://CN=%7%8,CN=CDP,CN=Public Key Services,CN=Services,%6%10
6:http://pki.domain2/CertEnrolment/%3%8%9.crl
65:file://\\pki.domain2\CertEnrolment\%3%8%9.crl
I can confirm that the base CRL publishes correctly to the CertEnroll location and LDAP correctly. But it fails trying to publish to the HTTP/File location (which is the same path).
I get the error:
CertUtil: -CRL command FAILED: 0x8007010b (WIN32/HTTP: 267 ERROR_DIRECTORY)
CertUtil: The directory name is invalid
Also the Delta CRL fails on the CertEnroll default directory as well as the file/http path with error;
Active Directory Certificate Services could not publish a Delta CRL for key 0 to the following location: file://\\pki.domain\CertEnrolment\CANAME+.crl.
Operation aborted 0x80004004 (-2147467260 E_ABORT)<o:p></o:p>
I'm pretty certain it's not a permissions issue as I've added Everyone for NTFS/share permissions to test without any change. The install was done with an Enterprise
Admin account but I'm doing all the testing now with a normal admin account (admin in the CA/server but not domain or enterprise admin).<o:p></o:p>
<o:p></o:p>
The File/HTTP location is on the CA itself (I know this is likely not best practise, but needs to be there in the short term) so not sure if the Windows firewall comes into play.
Thanks!

Hi driko,
It's not a best practise to give Everyone NTFS/share permissions!
What I suggest is you
1. Create a dedicated folder f.e. "C:\Repository" on CA and share it only with permissions to specific account (see below)
2. In CA publish CRLs to c:\WIndows\System32\CertSrv\CertEnroll\%3%8%9.crl
only and create a task in task scheduler that will be running on the dedicated account and will copy c:\WIndows\System32\CertSrv\CertEnroll\*.crl
to \\pki.domain2\Repozitory\*.crl 
3. Make sure that account that is running this task on CA1 (Domain 1) has enough permissions for Repository share in Domain 2 (try running cmd as this user on
CA1 and copy files manually to \\pki.domain2\Repository\)
4. Map your http://pki.domain/CertEnrolment URL with IIS to physial C:\Repository\  folder path
Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.

Similar Messages

  • TMG Error Code 502 Proxy Error. The directory name is invalid. (267)

    Hi,
    I am having problem with a website in specific.
    Is showing the following error message.
    Error Code: 502 Proxy Error. The Directory name is invalid. (267)
    Server: TMG.personaldomain.local
    Source: web filter
    I have found no information in the logs to help identify the problem.
    I suspect that may be temporarily unavailable from the website. I enter the site without using the TMG and the same is responding.
    The problem is solved when I restart the service "Microsoft Forefront TMG Firewall"
    I suspect that may be cached in TMG that the site remains unavailable.
    Any idea?
    Tks.
    MCITP|Enterprise Administrator

    Hi,
    Thank you for the post.
    I did some research and found 267 error code may occur where the TMG tracing showed an issue accessing the Malware Temporary Storage directory which was resolved by changing the direction from C:\windows\temp directory
    to a custom directory. You could make this change as a pro-active step. Meanwhile, if you are running AV software on the TMG server, please also ensure you have reviewed the following article:
    http://technet.microsoft.com/library/cc707727.aspx
    Regards,
    Nick Gu - MSFT

  • Error running javaws.exe  "The directory name is invalid"

    I am attempting to run a VPN client for Sabre. Once I installed their VPN client (installing JRE 1.5 + their custom icon) I am unable to successfully launch the VPN using the desktop icon as a power user in an active directory network environment, however as an admin it works fine.
    C:\Program Files\java\jre1.5.0_11\bin\javaws.exe "The Directory name is Invalid" <----Error message I get when I launch VPN.
    This is what the target location says - "C:\Program Files\Java\jre1.5.0_11\bin\javaws.exe" http://sabrevpn.sabre.com/vpnclient/sslvpn-tn.jnlp
    Now I have enabled access for our limited users by adding their group with modify access to the c:\program files\java folder and still I get this error. Any idea what this could be?!
    Thanks in advance.

    Hi,
    Thanks for your question.
    Can you access other websites?
    Did you use TMG 2010 and install SP1 on it? Did you configure HTTPS inspection?
    If yes, it may because TMG 2010 SP1 sends an empty client certificate to the web server during the initial Secure Sockets Layer handshake and
    you can refer to the KB below:
    http://support.microsoft.com/kb/2423401/en-us
    In addition, did you mean that the issue went away after you start Windows Firewall service? In general, Windows Firewall must be enabled on the computer where TMG operates. I am not sure if it is due to the Windows Firewall is not working.
    You can also check if Windows Firewall is enabled when you receive that error.
    Best regards,
    Susie

  • •Error Code: 502 Proxy Error. The directory name is invalid. (267)

    Hi..my name is Fajar..
    I facing same situation getting an error cannot access
    www.pajak.go.id. I have followed up soulution  to restart firewall services its resolved only one day, once I get back to the office cannot access again.
    btw sometimes after the error shown up, I press refresh button and the page getting blank and then refresh again. the error shown up again.
    is there any permanent solution to resolved this issue?

    Hi,
    Thanks for your question.
    Can you access other websites?
    Did you use TMG 2010 and install SP1 on it? Did you configure HTTPS inspection?
    If yes, it may because TMG 2010 SP1 sends an empty client certificate to the web server during the initial Secure Sockets Layer handshake and
    you can refer to the KB below:
    http://support.microsoft.com/kb/2423401/en-us
    In addition, did you mean that the issue went away after you start Windows Firewall service? In general, Windows Firewall must be enabled on the computer where TMG operates. I am not sure if it is due to the Windows Firewall is not working.
    You can also check if Windows Firewall is enabled when you receive that error.
    Best regards,
    Susie

  • When trying to install Firefox 3.6.11, after extraction, I get the message "The directory name is invalid", and the installation won't continue (Windows Vista Home Basic 6.0).

    That's about it.

    I downloaded a program from Roboform called rfwipeout.exe. I backed up my passwords, identities, etc and completely removed all traces of roboform. This did not help. When I re-installed the roboform new release it got the same message that it thinks I am using version 3.6 of Firefox instead of 11.0. There must be some setting in the Firefox folders that never gets changed when you update to a new version.
    Soon after that I ran a backup of Firefox profiles identities, etc using MOZ BACKUP. I had never noticed this until then but the message asks if I want to backup Mozilla Firefox 3.6. Since 2 completely different programs refer to my installation as 3.6 there must be something wrong in one of the Firefox files.

  • The directory name is invalid

    Can anyone explain how to avoid this error when using CreateProcess to launch a java app from within a Windows Service.
    The exact same call works fine when executed from the context of a Windows application or Windows Command Windows (DOS box). Yet, it fails when invoked from a Windows service.
    I've tried all the standard tricks of running the services as a specific user, granting FULL rights to all user ID on my machine, etc.
    Is there something weird about the relationship between a service and the java engine. It looks like the java engine doesn't even get launched...

    Have a read of Techincal reference document on 'Quoting and Special Characters in MaxL'.
    I just picked these lines for you,
    One backslash is treated as one backslash by the shell, but is ignored or treated as an escape
    character by MaxL. Two backslashes are treated as one backslash by the shell and MaxL.
    Hope it helps.

  • I downloaded the newest version of firefox but it will not install, it is giving me a message saying the directory name is invalid. Why and what can I do to fix.

    The above message pops up when I try to install the new version of firefox. It will not let me install the new version. I do not know how to fix it. Please advise.

    Try a custom install.
    *https://support.mozilla.com/kb/Custom+installation+of+Firefox+on+Windows

  • TREX creation process fails - directory name is invalid

    Hello All,
    I've installed a TREX instance to be linked up to two SRM instances (SRD and SRT).  I had done this successfully on a prior server, but recently we got a new
    server to run TREX on.
    When I reinstalled TREX on the new server, I have
    success having SRD connect to TREX via SM59, but SRT fails because the program isn't getting registered.
    While looking into the details, I find this error message in the traces:
    [00344] 2007-04-16 14:05:25.519 i Daemon TrexDaemon.cpp(03508) :
    start 'TREXRfcServer.exe -r -host=usalsapt -instance=sapgw52
    -service=TREXRfcServer_13' failed
    [00344] 2007-04-16 14:05:25.519 e Daemon TrexDaemon.cpp(02951) :
    creation of process '"TREXRfcServer.exe" -r -host=usalsapt
    -instance=sapgw52 -service=TREXRfcServer_13' failed: The directory name
    is invalid.
    Has anyone experienced something similar before?  Or have an idea as to which directory the error message references?  Thank you
    ~TJ

    Hi TJ,
    did you check in SM59 if the RFC destination is of type "regestration" and has case-sensitive correct the name in there ?
    Do you see a different error when SRT is down ?
    I guess, you checked to ping usalsapt from the TREX box already ? The instance number is 52 as well ?
    Regards
    Volker Gueldenpfennig, consolut.gmbh
    http://www.consolut.de - http://www.4soi.de - http://www.easymarketplace.de

  • Error 127: The specified file or directory name is invalid

    Hello,
    I am trying, for the first time, to Groom a users home directory. I had created user Home directory policy and have added vault and groom...

    On 5/14/2013 7:16 AM, nwadmsitn wrote:
    >
    > Hi,
    >
    > I'm trying to evaluate File Reporter. I have installed the agent on a
    > OES11 box. This agent is acting as my proxy agent.
    >
    > Then i setup a policie to scan a volume on 2 differents server. One is
    > OES11, the other is OES2.
    >
    > When i launch my policies i have very differents result :
    > - Volume Free Space : After 5 attempts finally it is working
    > -File System DATA : I have most of the time this error : (127) - The
    > specified file or directory name is invalid. Sometimes Operation is
    > successfull but in the reports i have only data for 1 of the 2 volume
    > and only for 2 directories
    >
    > In the log file of the nfr proxy agent i have this kind of error :
    > 01 2013-05-14 13:00:29 7200 3 0006 5953 7f674b5e0700
    > SRSScanAndCollectFileSystemDataService::FinalizeSc anDataEntry() - Worker
    > thread encountered an error and is exiting, Scan ID = "18", Result = 0.
    >
    > Can someone help me ?
    >
    > Stephane
    >
    >
    Stephane,
    Just to clarify a few things:
    1. Do you get these results for both scan targets? Or only a proxied
    scan of the OES11 or OES2 volume?
    2. What sort of volumes are being scanned? NSS? AFP? NCP? What's the
    underlying Linux filesystem type, if applicable?
    Thanks for helping us understand your problem better.
    - NFMS Support Team

  • Consolidate Problem. Copying files failed. The File name was invalid.

    Hi to everyone,
    My system is 10.5.8, iTunes 9.2.1 (4)
    I tried to consolidate my iTunes library to an external HD. After about 100GB of copied music, I got the message : Copying files failed. The File name was invalid.
    Now everytime I try again to consolidate, I get immediately this message. I am looking everywhere for a solution, and I only find the same problem for Windows iTunes users.
    Actually I found very useful this thread:
    http://discussions.apple.com/thread.jspa?threadID=1708372,
    which talks about with which order iTunes consolidates the media, so by digging a little in the folders to find which track has the problem and make the fix. It says that consolidate start copy the files by the date added order. So I can go in my new iTunes media folder and find the latest added track, then go back in iTunes, sort by date added the songs and locate the next song, to make the fix. However in my case, all previous and next songs (by date added), have been copied in the new locations.
    I am stuck. I have a remaining 300GB of music to consolidate and dont know how to proceed.
    Any help would be much appreciated..

    Finaly, I managed to solve it by myself...,
    following the help I found from the post of the thread I mentioned on my question...
    What was the problem that made things more difficult in my case, is that a big amount of songs have been added at the same time, with just a few seconds time distance. So it was tougher to locate what was the last imported song, and where iTunes consolidation had stopped. Actually I had groups of about 100 songs with the same timestamp of date added and the consolidation was following the rule of the "date added" but not exactly with the order the songs was showing in the iTuned library. So I started checking all the songs very close to the last added in the media folder one by one with the "show in finder" command, and then I managed to found what was the one with the problem.
    Regarding the problematic file, that was a midi file that had been imported in my iTunes.
    I hope this will help anyone else that might have the same problem as me in the future.

  • HT1751 it says copying files failed. the file name was invalid or to long....anyone else have this problem?

    i am trying to move my songs to an external hard drive. after it copies for awhile it will pop up a screen that says....the file name was invalid or to long.....anyone else had this problem?

    What are you copying with? See this backup tip for a suggested method. If SyncToy can't copy a file it will carry on with the others and display a failure report at the end. Ideally you'll be copying the iTunes folder to the root of your external drive.
    tt2

  • I am using itunes 10 and trying to consolidate my files.  I keep getting the error "Copying files failed.  The file name was invalid or too long".  How can I indentify what file is causing this problem or resolve this issue?

    I am using itunes 10 and trying to consolidate my files.  I keep getting the error "Copying files failed.  The file name was invalid or too long".  How can I indentify what file is causing this problem or resolve this issue?

    BUMP
    Yes, I just get that message. I don't see how I could investigate this problem.
    I didn't mention that this happened when I was consolidating my library, not copying files to another computer.
    In other words, I'm using a "normal" itunes procedure, itunes won't complete it, and won't tell me exactly why or how to figure out how to fix it...
    Is there at least some easy way to tell which files were successfully copied to my itunes music folder so I can work on moving the uncopied files?
    Can anybody help me?

  • HT203164 How do I fix a problem when downloading cd into iTunes, "the file name is invalid or too long"? I have never had this problem before until recently.

    The message "the file name is invalid or too long" pops up when I try to download a cd onto iTunes. I never had this problem before but lately it has been happening. What can I do to fix this?

    iPhoto Menu ->
    Preferences ->
    Accounts ->
    Delete and recreate your email settings.
    Alternatively, use Apple's Mail for the job. It has Templates too - and more of them.

  • The service name is invalid (NET HELPMSG 2185)

    I tried to install the SAP Netweaver 2004s ABAP Trial Version on my PC (Vista).
    I went through the steps:
    1) Install SAP Management Console (sapmmc\sapmmcX86u.msi)
    2) Start the Installer (image\setup.exe)
    3) Start Application Server by selecting Start Application Server
    So far so good.
    I even could start the application server via http://localhost:8000/sap/bc/gui/sap/its/webgui?sap-client=000. And use SAP.
    Then I got on with Getting Started and installed SAP GUI.
    They recommended me to stop the application server thru
    Start u2013> Programs u2013> SAP NetWeaver 7.01 ABAP Trial Version u2013> NSP u2013> Stop Application Server
    This is where the trouble started.
    Since this point I get the following error everytime I try to start or stop the application server thru
    Start u2013> Programs u2013> SAP NetWeaver 7.01 ABAP Trial Version u2013> NSP:
    ============================= Starting database instance ...
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    The MaxDB Database Starter, Version 7.7.04.23
    Copyright 2000-2008 by SAP AG
    Error! Connection failed to node (local) for database NSP:
    -24700,ERR_DBMSRV_NOSTART: Could not start DBM server.
    -24701,ERR_EXHNDLR: Could not initialize exception handler.
    -24748,ERR_FILEOPEN: Error opening file E:\sapdb\data\wrk\dbmsrv_GORDITO-PC.err
    -24826,ERR_NIERROR: Can not open file E:\sapdb\data\wrk\dbmsrv_GORDITO-PC.err''.
    (system error 5; Access is denied.)
    Error: Error while calling dbmcli
    "E:\sapdb\programs\pgm\dbmcli"-d NSP -u , db_online
    ============================= Start database failed!
    After this I couldn't start the application server anymore via:
    http://localhost:8000/sap/bc/gui/sap/its/webgui?sap-client=000
    Internet Explorer cannot display the webpage
       Most likely causes:
    You are not connected to the Internet.
    The website is encountering problems.
    There might be a typing error in the address.
    Has anybody suggestions??
    Thanks,
    Guido

    Hi Kancho Kanchev,
    It seems that the path in the shortcut "Start Application Server" or in the "startSystem.cmd" file is not matching your instalation.
    1) Check the properties "Target" and "Start in" in the shortcut "Start Application Server" to see if the path's are compatible, below my installation:
    Target = D:\SAP\NSP\SYS\exe\run\startSystem.cmd
    Start in = D:\SAP\NSP\SYS\exe\run
    2) Open the "startSystem.cmd" (use wordpad) and check the path's again.
    D:\sapdb\NSP\db\pgm\dbmstart -d NSP
    D:\SAP\NSP\SYS\exe\run\sapcontrol -prot PIPE -nr 00 -host . -function StartWait 180 10
    3) If still dont work, you can execute each command manually (Start / Run / cmd - Change to same directory
    where the file "startSystem.cmd" is). At least you will find out wich command is generating the error.
    If you find out that the path is not matching you may have others problems, its possible that you installed
    the software in especific drive (i.e. "C") but during installation informed a diferent one in the parameters ("D" or "E"..).
    Hope it works and... suppose that "Mr. Guido Verbruggen" is the one who can offer the "10x" . Sry couldn't help you Guido...
    Nice Weekend to all.

  • ITunes v10.6.1.7 "Copying files failed. The File name was invalid or too long."

    I'm trying to organize my music files using iTunes 10.6.1.7 and I keep getting the error message "Copying files failed. The File name was invalid or too long."
    I've got music folders by artist in both the iTunes Music folder and the iTunes Media/Music folder. When I add certain files by drag/drop they sometimes get lost and I don't want that to happen anymore. I used to just consolidate my music files using the File/Library/Organize Library option and that worked, however now when I do that, I get the error message.
    I'm a novice and the only online stuff I see is both confusing and refers to earlier versions of iTunes.
    My concern is that I have heard that people lose entire libraries of their music when they trry to fix things like this and I don't want that. If this is of any importance, I have several files called iTunes library and temp library. I have no idea what that all means but I'm scared to death of it.
    Also, I can't get to the "re-organize library" link at all. It won't let me.
    One thing that be of some interest is that when I pull up the properties of the music and media/music files they are marked "read only" I'm also afraid to touch that!
    Please help and please know that I am a dummy. Be kind and be clear. Step by step would be great, with images even better. Thanks.

    Perhaps nobody knows the answer? We're fellow users here answering questions in our free time when we think we've something useful to contribute.
    You can choose to *Consolidate selected tracks* with a right-click menu. Perhaps if you can identify a specific track that won't consolidate and examine the full path to the file & the path that iTunes would create when it consolidates the problem might become apparent. For example iTunes may not be able to move files if the source or destination path length exceeds 255 characters.
    tt2

Maybe you are looking for