6404 BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate

Written when BranchCache could not authenticate the hosted cache using the provisioned SSL certificate. It indicates a failure to establish trust with the hosted cache.

Overview

The subcategory is Audit Other System Events. It is generated when a BranchCache client cannot authenticate the hosted-cache server with the configured SSL certificate.

How it is triggered

When the hosted cache’s SSL certificate does not match the client-side configuration and authentication fails.

Security review points

A certificate-authentication failure means a secure connection to the hosted cache cannot be established. Besides certificate mismatch, expiration, or misconfiguration, also consider the slight possibility of trying to connect to an unexpected host.
In environments running BranchCache, use it to check certificate configuration.

Notes for log review

It only carries meaning in BranchCache environments. The main cause is certificate distribution/configuration inconsistency. If it recurs, review the certificate configuration.

Key fields

Field	Meaning
Hosted cache/certificate info	The target that failed authentication

References

Microsoft Learn: 6404(-) BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.