Quantcast
Channel: Security forum
Viewing all 12072 articles
Browse latest View live

wevtutil to retrieve security log with special string

December 17, 2009, 12:59 am
$
0
0
hii...
on win2003 i use eventquery.vbs to retrieve security log  logon/logout infos for administrative user.on a dc.
it works very well. now on server 2008 it works anymore.
i find wevtutil to retrieve sec log infos, but it seems to me very complex and i´m not able to acomplish the goal.
wevtutil qe security /rd:true /f:text /q:"*[System/EventID=4634 and 4624] and *[EventData/Data[@Name='TargetUserName']='Administrator']" /c:20 >c:\temp\log.txt
retrieves the necessary infos but only for the last 20. i´d like to narrow it down for the last 24 hours.
i´m not able to add the " TimeCreated[timediff" option.
what i need is: to have a time option to narrow it down, to add more targetusernames and that the file (log.txt) should be named with the date of the day when the script was started. e.p. 20091216_dc1.log

thanxs for any help
kuno
Search

CA server issue: "The revocation function was unable to check revocation because the revocation server was offline" Error 0x80092013

February 28, 2014, 9:38 am
$
0
0

My expertise with regards to Certificate Services is limited so bear with me please... I inherited a network with a single domain that has an Offline Root CA along with the online issuing CA. I first ran into problems when I tried topublish the New Certificate Revocation List; this usually gets done once a year. 

I started up the offline CA and generated a new CRL using CERTUTIL, then exported the file onto the issuing CA server and copied it to the WWWPKIpub folder, replacing the old one.  
On the issuing CA server, when I open Pkiview.msc to check that the new certificate has been accepted, I get an error message to say that the CA is currently offline.

On the CA MMC, it says that the RPC server is not listening and when I try to start the service, I get: "The revocation function was unable to check revocation because the revocation server was offline" Error 0x80092013.

Your help is much appreciated.

  

Marco S

CDP and AIA need to be updated in AD for Offline Root CA

March 11, 2014, 6:50 am
$
0
0

I have a 2 tier PKI infrastructure. When running pkiview.msc I find the the CDP and AIA locations of the offline RootCa has a typo. I need to update the CDP and AIA in AD for the offline RootCA.

I am not sure how to do this. My other intermediate CA's report OK. It is only the offline rootCA that shows the error. 

How do I republish the CDP and AIA for the offline RootCA? Do I have to reissue certs to the intermediate CA's once I corrected the RootCA CDP and AIA?

B. 

 

ACTIVE DIRECTORY CERTIFICATE SERVICE

January 20, 2014, 9:38 pm
$
0
0

Team,

I an trying to publish my CRL to a webserver and I did the ffg

-- configured the CA--- installed ADCS correctly

--created an IIS server and created a virtual directory called  certdata

--on the CA I issued the command bellow: and restarted ADCS

certutil -setreg CA\CRLPublicationURLs “1:%WINDIR%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n10:LDAP:///CN=%%7%%8,CN=%%2,CN=CDP,CN=Public Key Services,CN=Services,%%6%%10\n2:http://www.goryeal.com/certdata/ %%3%%8%%9.crl”

Note: www.goryeal.com is the FQDN of my IIS server

---I then Published a new CRL on the CA

---I noticed that the CA only publish the CRL locally, when i looked in Certdata folder on the IIS server, i did not see any CRL

--From the  the CA i can ping the webserver by its IP and also i can access www.goryeal.com/certdata from the browser

Thank you in advance

I wonder if i am missing anything. Any help will be much appreciated

Thank you

Certutil -deleterow cert Access is denied

March 11, 2014, 8:54 am
$
0
0

I'm having trouble running certutil -deleterow %date% cert command.

I get an access is denied error. I am a CA Admin and have rights to do it. I ran the command prompt as administrator.

The weird thing is I can delete certs by ID.

Since I'm unable to post images, here is a copied example:

Running certutil -deleterow 4 Cert

Deleting row ID: "4"
Rows deleted: 1
CertUtil: -deleterow command completed successfully.

Running certutil -deleterow 3/11/2014 Cert

Rows deleted: 0
CertUtil: -deleterow command FAILED: 0x80070005 (WIN32: 5)
CertUtil: Access is denied.

Any help on understanding this would be great! Thank you!


Can I login to windows through Credential Provider with just username?

March 11, 2014, 10:28 am
$
0
0

I am developing a credential provider for Windows 7 and other versions.  The provider will be operate on some unique information that will be retrieved from the user. Information retrieved from the user if found in the reference list, username of the user will be obtained.

Question is, when only username is provided to Local Security Authority through Credential Framework, will that work?

In other words, are username, password and domain mandatory values for LSA to complete windows level authentication?

Regards,

Umesh

IIS 8 Wont Trust Windows 2012 Root CA Cert

March 11, 2014, 11:51 am
$
0
0

I can't figure out why my IIS 8 website trusts my Windows 2003 root CA but not the Windows 2012 root CA.  Both roots are installed in the trusted root store, but the server behaves as if the new CA doesn't exist or isn't valid for authenticating clients.

I've tried reinstalling the Windows 2012 root CA.  I've tried adjusting the registry SendTrustedIssuerList value, but all that seems to do is make the certificate unavailable at the client end.

What is going on with this new server?

Windows 2008 Certificate Authority Upgrade to Windows 2012R2

February 11, 2014, 9:20 am
$
0
0

I am currently running a Windows 2008 Standard edition CA in a Windows 2008 domain (version 44).  I would like to migrate the CA role off the Windows 2008 server onto a Windows 2012R2 server.  Both servers are members of the domain.

What would be the best way to go about this?  Some sites that I have been to recommend using the same server name for the new one?  Right now both servers have different names.  I am a little unfamilair with the nitty gritty of the Certificate Authority role.

Thanks in advance

Search

Workstation login failures not being logged on domain controller

February 26, 2014, 5:58 pm
$
0
0

For some reason our domain controllers (2008 R2) are not logging failed logon attempts from users on workstations. The 4625 event ID will get logged on the workstation but not on the DC. Account lockouts will show up on the DC in the security log though.

We had recently created new domain controllers with the same name and IPs as the previous 2003 servers and demoted them as we replaced them so I don't know if something got messed up in the process.

I saw this thread and the things that made sense to me didn't apply but that doesn't mean the answer is not in there!

http://social.technet.microsoft.com/Forums/windowsserver/en-US/90f0b010-b6f2-4055-9dd7-98f0d35c57b7/failed-logon-attempts-to-domain-are-being-logged-on-local-workstations-but-not-on-domain-controllers?forum=winserverGP

Any ideas?

Free computer help and tips http://www.onlinecomputertips.com

Issuing Printer Certificates

February 28, 2014, 1:33 pm
$
0
0

Hey,

I've rolled out port security for windows workstations and now I'm working on other devices, primarily Lexmark printers (using Certificates). Can someone explain to how I can issue a certificate to the printer with my enterprise CA? I can generate the request from the printer but If I request it using the web interface then:

a) I need to pick a template

b) Its listed as issued to "me"

I found documentation for lexmark: http://www.lexmark.com/publications/pdfs/2007/embedded-web-server/EWS_HSP_Security_AdminGuide_Lexmark_en.pdf Pg22

But it lacks the insight I need for the windows side of thing. Any advise or blogs of someone doing this would be great. Thanks.

Password reset customization

March 7, 2014, 1:41 pm
$
0
0

We are running 2008 R2 Active Directory, staff log in to Windows machines on the domain so we have no issues with password reset settings there.

The issue we have is that we have students logging in from remote sites via a portal that, whilst using AD authentication, does not give students access to AD. The problem I have been asked to solve is this. When a student forgets their password they contact the service desk and request a reset. The service desk have password reset rights BUT they do not have direct access to AD, they use an admin password reset tool on the portal which allows them to reset the users password.

This works as far as it goes, but the issue is we cannot enforce the "reset password at next logon" because the portal does not recognize this, it simply says the password is incorrect and denies access.

I need to be able to find a way to enforce a reset at next logon, or at least within 24 hours. The original request was to disable the account if a reset is not done within 24 hours, though that causes other issues as I am not sure how I can reset the auto disable when the student does a reset.

Has anyone come across this type of requirement before? Is there a magic way to make this happen without having someone check each student account every day to make sure it isn't going to expire? Is there some miracle cmdlet in powershell that will let me set this?

If anyone has any ideas I'd love to hear them, I'm hitting a brick wall.

Thanks

Configuring 802.1x authetication with EAP-TLS on Windows XP or 7 clients and Windows 2003 IAS (RADIUS)

October 22, 2011, 8:50 am
$
0
0

Greetings,

 

Setup:

Windows 2003 Enterprise server with IAS (Server is not a domain controller with a standalone CA)

Third party Wireless Access Point configured for external RADIUS authentication and pointing at the 2003 server

Windows XP Pro SP3 using wireless zero supplicant or Windows 7 (These PCs are not joined to any Windows domain)

 

Goal:

Successfully authenticate the Windows supplicants using computer certificates only. The supplicants would associate to the AP (authenticator), which would proxy the EAP exchange to the 2003 server IAS.

 

Questions:

1. Can this be done using the setup above? I don't want to join the supplicants to the domain. I also don't want to use user certificates so that I am not  prompted with username/password during 802.1x authentication.

 

2. Does the Windows Server have to be a domain controller with Enterprise CA for this to work or is standalone server OK?

 

3. Would the Windows Supplicants request the computer certificate via the web enrollment using http://x.x.x.x/certsrv ?

 

4. Any good related white papers, links, tutorials, etc... ?

 

 

Thanks in advance!

Dave

Certificate Template OID not working in INF file

March 10, 2014, 1:15 pm
$
0
0

I am trying to create a certificate request using the following INF file but I keep getting the following error:

"An attempt was made to perform an initialization operation when initialization has already been completed. 0x800704df (WIN32: 1247) ./cert.inf"

I have noticed that if I replace the certificate template with the actual name of the template as oppose to the OID all works fine. Why will it not accept the OID of the template, MS documentation states it should take either. 

INF file : 

[Version]
Signature = "$Windows NT$
[NewRequest]
Subject = "CN=npeorg,OU=DISA,OU=PKI,OU=DoD,O=U.S. Government,C=US"
KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
[RequestAttributes]
CertificateTemplate= "1.3.6.1.4.1.311.21.8.10914437.5958723.2445199.10881373.13000133.184.5889660.12536910"

Please help ??



ADFS, ADCS, and SQL Express

March 10, 2014, 10:00 pm
$
0
0
I have a very limited budget and want to setup an ADFS server for testing only. My question is can I setup ADFS, ADCS, and SQL express on the same member server? I believe IIS has to be separate is that correct?

IE cannot display the webpage

March 12, 2014, 3:22 am
$
0
0

Recently we have moved our site from a windows 2008 server to a windows 2012 server.
We have a wild card 2048bit certificate from comodo that has sha1 signature hash algorithm.

The site is working at windows vista, 7, 8 at all browsers and at XP at opera, chrome, mozila.
It also work at iOS safari. The problem is at ie8 at XP. It shows error page "Internet explorer cannot display webpage." We also have a .net 3.5 application that also in XP cannot make a System.Net.WebRequest to the same server using SSL.

I have tried a couple of Microsoft fixes for XP such as
http://support.microsoft.com/kb/968730
but with no success.

I have moved the dns settings of one subdomain that does not worked at XP from the new server to the old one.

And there it works again!!!

This means that it is not a client problem. Something needs to be set up at the new server.

What could it be? Any ideas?

Search

Does Active Directory Certificate Services support Card Verifiable Certificates?

March 12, 2014, 3:26 am
$
0
0

Does Active Directory Certificate Services support accepting requests for, and generation of, Card Verifiable Certificates (TR-03110)?

If so, in which version of Windows Server was the functionality introduced?

I have been unable to find any reference to Card Verifiable Certificates in the Active Directory Certificate Services documentation or by searching online, so it looks to me like this might not be supported, but it would be good to know definitively.

Certificate Services Website CSP

March 12, 2014, 7:03 am
$
0
0

I would like to set the default Cryptographic Service Provider and Key Size which are presented on the form when a user wants to do an Advanced Certificate Request on the CERTSRV website on my CA.

It's a Standalone CA, Windows Server 2003.  I'm transferring it to a VM from an old server and so far I'm doing OK but when I log on to the website there are a few details left which I'd like to set by default if I can, the CSP, Key Size and whether the key is exportable.  If I set them manually it works but users being users I like to try to fill in as much as I can for them.

Is that possible?

Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth.

Defender in Server 2012 R2

March 12, 2014, 9:48 am
$
0
0

Greetings!

Please forgive me if this was already answered in another thread, but I couldn't find it!

I've read that MS has included Defender in Server 2012 R2 but in my installation of this OS I could not find it, nor can I see it in any roles/features to add.  The articles I read mention it's installed by default in when you do a core install, however I installed Server 2012 R2 Standard, complete with GUI.  If I missed something, how do I install it?

Thank you for your time.

- Dan-o

An error occurred while applying security information to: c:\boot, c:\bootmgr, c:\hiberfil.sys, c:\pagefile.sys, c:\program files, c:\windows

July 23, 2009, 12:09 pm
$
0
0
Hi,

I am using an administrator account to change the permission setting in the c:\ drive of my w2k8 x64 server.

Every time I try edit a permission (read, write, read & execute..... anything), I got a whole wack of paremeter errors (this happen to all account i used):

First, I would get the message

An error occurred while applying security information to: c:\boot

and I click continue, a new message would appares say

An error occurred while applying security information to: c:\bootmgr, and so on, until c:\windows.

I tried to turn off/on UAC but this doesn't help.

I need your help on soving this problem.

Thanks


Class not registered 0x80040154 (02147221164) When running CertReq

March 12, 2014, 8:04 am
$
0
0

Hi Im trying to create a certificate with using a SAN.

When I run the following command I get receive this error

My certreq.ini is as follows

[NewRequest]
Subject="CN=nashcaspri.nashuact.uct.ac.za,OU=ICTS - Technical Support Services,O=University of Cape Town,L=Rondebosch,S=Western Cape,C=ZA"
Exportable=TRUE
KeyLength=2048
KeySpec=1
KeyUsage=0xf0
MachineKeySet=FALSE
 
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1
OID=1.3.6.1.5.5.7.3.2
 
[RequestAttributes]
SAN="dns=ccpdashboard.uct.ac.za"

I am using Windows server 2012 with IIS 7.5 , Can anyone tell me if I have done something wrong or if something is missing from my server.

Thanks

Andy



Thanks Andy

Viewing all 12072 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>