Skip Ribbon Commands
Skip to main content

Ondrej Sevecek's English Pages


Engineering and troubleshooting by Directory Master!
MCM: Directory

Quick Launch

Ondrej Sevecek's English Pages > Posts > Error - AD CS parameter is incorrect
October 29
Error - AD CS parameter is incorrect

When you set the renewal period setting on an AD CS certificate template to be zero (0), Windows 2008 R2 AD CS server cannot issue the certificate and fails with the following error code and message:

Active Directory Certificate Services denied request because
The parameter is incorrect. 0x80070057 (WIN32: 87)
Denied by Policy Module.

Setting the renewal period to zero works well with Windows 2012 Active Directory Certificate Services and newer.

Note although that setting the renewal period to anything shorther than 20% of the certificate lifetime or smaller than six weeks has no sense. Autoenrollment, if configured properly, tries to renew certificates automatically if they are either after their 80% of lifetime or during the preset renewal period or last sich weeks of their lifetime, whichever period is shorter - see here.


There are no comments for this post.

Add Comment

Sorry comments are disable due to the constant load of spam *

This simple antispam field seems to work well. Just put here the number.


You do not need to provide any value this column. It will automatically fill with the name of the article itself.

Author *

Body *