Quantcast
Channel: Security forum
Viewing all 12072 articles
Browse latest View live

Template does not show up in Web Enrollment pages.

March 23, 2010, 8:54 am
$
0
0

We duplicated the Web Server version 1 template on our Windows 2003 Server CA and published it to the CA for issuence.  Set the permissions accordingly, Domain Admins: Read, Write, Enroll  

 

Then when we go to a Windows Server 2008 R2 Enterprise server login with an account with Domain Admins and run http://OurServer/certsrv to submit an Advanced Certificate Request we can not see that template.  Days went by from the time we made the template and tried the request.  The CA was stopped and restarted.

 

Other duplicate temples do show up just not this one, any ideas?

Search

folder permission

July 13, 2014, 10:38 pm
$
0
0

HI

My question is

I have a shared GENERAL folder which is having R/W permission to all members in the organization.Inside the GENERAL  folder i have created a folder and some files inside that folder...

I want to limit the permission for all the users as READ ONLY and One person Should have WRITE access....

Note...The main folder is having everyone R/W

Regards

Mat

Audit Event 577

July 11, 2014, 2:56 am
$
0
0

hi all. there was a suspected case somebody change the system time of a server.I search in the internet talking about event ID 577.

i see primary logon id and client logon ID, which is code that I am not understand..

is it machine id ? hostname ? can we transform it to hostname?

Root CA not allowing LDAPs anymore. "Domain controller template using: client authentication, Server Authentication template."

July 17, 2014, 6:01 am
$
0
0

Root CA not allowing LDAPs anymore.  "Domain controller template using: client authentication, Server Authentication template."

Our Certificate Authority server has suddenly stopped allowing ldaps to bind against our active directory domains.

All certs were valid for data and subject and had been working for several months.  Root CA allows other domain controllers to enrol against it and using ldp.exe we can connect using port 389 and 636 + ssl.  However, if we try to bind, this then fails. Events show Schannel errors, however we have checked the issued certs and they have private keys assigned.

In an attempt to resolve this we removed all Root Certifiactes, un-enrolled domain controllers and revoked certificates.  Re-creating the root certificate and re-enrolling the domain controllers to the domain controller template has not resolved the issue.

Can anyone advise where we might be going wrong?

Many thanks

Active Directory Certificates

July 17, 2014, 2:16 pm
$
0
0

The branch where I work is having a problem which I associate with the recent renewal of the 2008 primary domain controller's certificate. The first problem is that our internal wireless devices no longer accept the DC's certificate, & will only connect to the internal SSID (secured with WPA-Enterprise by Windows credentials) if we turn off client-side certificate validation/verification on each client. Now, though, when a Windows password expires, the new password is successfully accepted & the user can log in, but if the user logs out again or tries to use the Internet (through our proxy), the account is immediately locked-out & must be unlocked by the AD administrator.

I'm at a loss,

WINDOWS KEEPS LIEING TO ME!

July 17, 2014, 3:34 pm
$
0
0

HAY MICROSOFTY,

I AM TODAY USING WIND8WS SERVER 2008.

AND I HAVE A PROBLEM.

WINDOWS REQUIRE THAT THERE ARE COMPLEX USER NAMES AND PASSWORDS.

ONE OF THE REQUEST IS THAT PASSWORD DOES NOT CONTAIN MORE THAN THREE CHARACTERS FROM USER NAME.

SO, BECAUSE OF THIS, I CREATED USER NAME AND PASSWORD WHICH I NEWER USE.

AND A FEW HOURS LATER, AFTER I LOGGED OFF, IT APPEARS THAT I FORGOT MY USER NAME.

I THINK I KNOW IT, HOW IT WAS, BUT I AM NOT SURE.

BUT WINDOWS SERVER 2008 DOES NOT PROVIDE A LIST OF USER NAMES ON THE LOGON SCREEN.

SO, I CAN NOT LOG BACK IN.

I DO NOT KNOW WHAT TO DO ELSE, EVEN IN SAFE MODE, I HAVE TO LOG IN.

EXCEPT GOING IN RECOVERY.

USING CMD, BECAUSE APPLICATIONS WHICH REQUIRE USER INTERFACE SUCH AS CONTROL.EXE OR MMC.EXE DOES NOT WORK IN RECOVERY.

AND, YES, ONE MORE THING.

MANAGING USER ACCOUNTS FROM CONTROL PANEL DOES NOT WORK, SINCE COMPUTER IS DOMAIN CONTROLER, AND IT WORKS ONLY FROM MMC.EXE SNAP IN ACTIVE DIRECTORY USERS AND WHATEVER IS THE LAST WORD.

I HAD IDEA HOW TO SOLVE THIS USING RECOVERY BUT IT  DOES NOT WORK.

I WENT INTO RECOVERY, AND I TYPED NET USER AND I FIGURED MY USER NAME.

FOR THIS EXAMPLE LETS SAY USER NAME IS ABC123def

AND, THAN I USED FOR THIS EXAMPLE LETS SAY NET USER ABC123def PASswo123+_×÷=% £€¥₩

THIS SHOULD RESET THE PASSWORD.

AND AFTER I USE NET USER ABC123def

IT WRITES ME INFORMATION WHERE I COULD SEE THAT PASSWORD WAS CHANGED AT THIS MOMENT.

BUT, WHEN I EXIT RECOVERY, AND AFTER 25 MINUTS OF BOOTING WINDOWS SERVER 2008 NORMALLY, AND WHEN I REACH LOGON SCREEN, WHEN I ENTER USERNAME ABC123def AND PASSWORD PASswo123+_×÷=% £€¥₩ IT KEEP SAYING THAT The user name or password is incorrect.

IT DOES NOT ALLOW ME TO LOG ON.

WHAT CAN BE THE CAUSE OF THIS?

CAN IT BE A GROUP POLICY? I UPDATED IT JUST BEFORE I LOGGED OFF.

HOW TO REMOVE IT? :O

(EXCEPT BY REINSTALLING WINDOWS)

AM I DUING IT RIGHT?

(I MEAN USING NET COMMANDS IN RECOVERY TO RESET USERNAME AND PASSWORD)

ANYWAY, COULD IT BE DONE ON THE WAY I DESCRIBED?

AND WHY IS WINDOWS LIEING TO ME?

HE SAYS THAT IT IS INCORRECT, BUT IT IS NOT TRUTH.

I TYPED THE EXACT SAME USERNAME AND PASSWORD WHICH I SETTED UP USING NET USER COMMANDS IN RECOVERY.

THE EXACTLY THE SAME.

SO, IT IS NOT INCORRECT, IT IS CORRECT, BUT WINDOWS LIES TO ME THAT IT IS NOT. WHY?

IS THIS BECAUSE IT IS DOMAIN CONTROLLER? I HAVE READ THAT DOMAIN CONTROLLERS HAVE ITS SPECIAL WAY OF HANDLING USERS AND SO ON.

(IT IS NOT REAL DOMAIN CONTROLER, IT JUST HAS THE ROLE INSTALLED)

HOW TO RESET USER NAME AND PASSWORD IN RECOVERY?

OR CAN I MAKE A NEW USER?

OR CAN I DELETE GROUP POLICY SO IT IS NOT APPLIED WHEN I START WINDOWS (USING RECOVERY)?

(IT MIGHT BE THE GROUP POLICY THE CAUSE).

WHAT ELSE CAN BE THE CAUSE?

OR SHELL I JUST MADE A NEW INSTALLATION OF WINDOWS?

THANX

Lost all permissions in Windows Server 2012

July 2, 2014, 6:54 pm
$
0
0

I installed a new server for a client 3 months ago.  The new server runs Windows Server 2012 Standard.  Everything was fine until randomly i could not open the Chrome icon on the taskbar.  Error said the following : "windows cannot access the specified device path or file. you may not have the appropriate permission"

I tried to use the control panel but got the same error.  I can, however, using classic shell start menu, right click on control panel and click open to get to it.  If using the start menu i click on control panel the little windows extends and says "empty".  As of note I uninstalled classic shell to no avail.

Trying to run sfc /scannow generates the following error "Windows Resource Protection could not perform the requested operation"

I also cannot open the hosts file, access denied.  I changed ownership and granted all access, still nothing.

In the notification area, the network icon has a red x and says "Connection Status: Unknown" yet internet and network access is uninhibited.

Using the "subinacl /subdirectories c:\*.* /grant=administrator" changed nothing.  

I decided to disable UAC via registry key after which I rebooted and could no longer login.  I received the following error: "The sign-in method you're trying to use isn't allowed.  For more info, contact your network administrator."

In response I attempted to run gpedit and I went to Computer Configuration> Security Settings> Local Policies> User Rights Assignment| and checked the Deny log on locally settings. Only SBS Remote Operators, SBS STS Worker, and Support_38945a0 were listed, none of which are groups that the administrator is a member of.  Also, this led to the discovery that all settings within gpedit are grayed out and cannot be changed.

To fix, I logged in as another user and removed the administrator from the Domain Power Users group which fixed the login issue.  I am unable to perform windows updates.  There are no virus or malware detected by Trend Micro, RogueKiller, TDSSKiller, MalwareBytes, or RKill.

CCleaner did not fix.  

PLEASE HELP!!!


certutil -template command returns "the data is invalid"

July 17, 2014, 1:30 am
$
0
0

All,

Platform: MS Enterprise CA

When the command is ran in the CA server, it returns the error "the data is invalid"

When using mmc to request for certificate on the CA server, the same message is returned.

I do not see any other errors.

What is the problem?  Please advise.

Thanks,

Hans

Search

Event viewer : The type initializer for 'advancedsetttings' threw an exception

July 17, 2014, 5:23 am
$
0
0
I am recieving a " The type initializer for 'advancedsetttings' threw an exception" error when i try to view subscriptions in event viewer.  The machine is a windows 2008r2 server.  It was working before but just stoped working.  I tried loging in as the local admin account on machine and that did not work.  It also does not work with an account that is a domain admin.  Has anyone else experienced this or know how to fix this issue?

How SID is getting generated?

July 17, 2014, 6:31 pm
$
0
0

Hello Friends,

Hope everyone doing great, I have a basic doubts about the SID generation, please help me on this.

I wanted to know about SID generation process and how it is generated, and which component triggers to generate the SID?

Regards,

Satheesh.

Satheesh KUmar

Conflicting Reporting of Patches and Vulnerabilities

July 2, 2010, 8:34 am
$
0
0
I have a number of Windows 2003 R2 servers which are patched using WSUS. I am evaluating network security scanners and am currently testing a device from nCircle. The problem I am having is that the reports of the scanner are at odds with the reports of WSUS and the Windows update site. I'm not sure how to interpret what I am seeing and hoped someone here might have some insight into what is going on.
 
A good example of what I am talking about is a reported vulnerability involving the lack of the KB953155 Patch. It is also listed as MS08-062 and deals with Internet printing Integer Overflow Vulnerability. I saw the vulnerability reported and talked to the person responsible for running WSUS. He checked and WSUS had the patch in inventory and when he checked the report on the server in question it said it's patch levels were up to date and that the KB was "not applicable". Since we had encountered a problem and had to completely rebuild our WSUS and looking at the age of the patch, we took this as having been installed by the old WSUS. I was a bit confused so I thought I may as well go to the source and browsed to windowsupdate.microsoft.com from the server in question. This patch was not listed in the needed items. 
 
At that point I returned to the report that I got from the nCircle product and drilled down in the vulnerability it listed. It explained that the test for this is the lack of  a registry key (HKLM\Software\Microsoft\Updates\Windows Server 2003\sp3\KB953155). I went into regedit and manually checked for the existence of this key and it was indeed missing. I then went to the Microsoft site and manually downloaded and applied the MS08-062 patch to the server. I then went back to regedit and checked and this time the necessary key was present. I ran the scan again and the vulnerability was no longer listed. 
 
At this point I'm lost. I'm curious about how WSUS and the Microsoft site checks for the existence of a patch on a server. I'm also wondering how the patch could have been installed by either without the associated registry update.  
 
 Any guidance greatly appreciated

List of all the certificates on smart card

July 18, 2014, 1:14 am
$
0
0
I have asmart cardwith recorded threecertificatesthe same usertolog in bycard.One of thesecertificates isrevoked,and the twoare good.I havea domainpolicysetto read,all certificatesfrom the card:

Allowtimeinvalidcertificates
Filterduplicatelogoncertificates
Forcethereadingof all certificatesfrom thesmart card

Althoughthese settingsdoes not show methe listof certificatesto choose from.What else doI need to setthatappearedlist?Currentlyby default tries tolog on to therevoked certificate.

Connection through SSL VPN client is redirected always to the Domain Controller

July 18, 2014, 4:14 am
$
0
0

Hi,

Up to now we were using L2TP protocol to establish VPN connection with our machines in the workplace. When using the L2TP protocol, it was possible to connect to both the Terminal Server and the Domain Controller, with their respective IPs through Remote Desktop Services.

To take away the burden of configuring the L2TP VPN connection for typical users, I decided to switch into the SSL VPN client, provided by Sophos, which is much easier to install and use.

However, each time I try to connect to the Terminal Server, using its IP, I am redirected to the Domain Controller. Why does this happen. Is it a configuration problem at Sophos router, SSL VPN client, or should I look for the problem elsewhere on the Operating System level?

Thanks,

Devices: Sophos UTM 9.1
Domain Controller (main server) : Windows Server R2 2008
Terminal Server : Windows Server R2 2008

One information which might be useful at this point is that, our Domain Controller (the one that we are automatically directed in case of VPN connection, but we don't want to), communication with another server in another country through VPN. Is it possible that this can cause the automatic forwarding?

Error message while launching certsrv.msc (certificate services)

July 18, 2014, 5:51 am
$
0
0

Hi All,

I am getting the below error message frequently whenever launching the Windows 2008 certificate services.  I had closed and loged off from all the available user profiles and tried to launch after sometime, still no joy.  I am restarting the CA services currently to resolve.  Is there any patch available to fix this?  kindly help, thanks

Illegal operation attempted on a registry key that has been marked for deletion. 0x800703fa(WIN32:1018)

CachedLogonsCount in Windows Servers

October 18, 2008, 6:31 am
$
0
0
If CachedLogonsCount (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon) has a value other than 0, what information is stored locally on the server?     Does Microsoft recommend to set this registry key to Zero for security purposes?     

Thanks in advanced,
Eric Sabo 
Search

LDAP over SSL on Windows 2012R2 Server DCs - TLS 1.2 not working

January 8, 2014, 7:58 am
$
0
0

Hi there,

We've upgraded our DCs from 2008 R2 to 2012 R2.

After moving the Enterprise CA from 2008 R2 to 2012 R2 domain controller (same IP, same hostname) according to this guide: http://technet.microsoft.com/en-us/library/ee126170(v=ws.10).aspx everything seemed to work.

However, some 3rd party (linux) machines that depended on LDAPs connections stopped working:

Log from the Linux server looked like this:

ict_ldap_connect: Unable to bind to server ldaps://*.*.*.* with dn user@domain: -1 (Can't contact LDAP server)

and in the DC system log, hundreds of EventID 36874 and 36888 started appearing:

36888

A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.

36874

An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

What I've checked as suggested on blogs and forums:

CA is trusted, certs check out, CRL is available

DC certs are valid, trusted, any possible certutil check passed...

port 636 is not firewalled, lsass is listening on the port

Here comes the strange part:

testing with LDP.exe failed from any domain joined machine, even the from the DC to localhost, however LDP could successfully connect to 636/SSL from old Win 7 not joined to the domain.

So we decided to test it from a Linux machine not joined to the domain and eventually found out, that if we try to connect to ldaps over port 636 using TLS 1.2, it fails no matter what (and 36874/36888 EventIDs appear in the eventlog on the DC)

But when we forced the use of TLS 1.1 (or 1.0), everything ran smoothly, DC responded, LDAP queries were succesfull...

So as a workaround I turned off TLS 1.2 in registry and everything seems to work.

My first idea was that there's something wrong with TLS 1.2 on Win Server 2012 R2, but when trying to recreate the behaviour in the LAB, 2012R2 was working flawlessly, LDP.exe could connect over 636 etc...

So anyone can shed some light on the issue ?

Thanks

How to create certificate authority and configure it for IIS

July 19, 2014, 3:56 pm
$
0
0

Hi

I Install ADCS role in Server 2012 and configure it. but when i go to IIS and want to create domain certification , the select button is grey .i think i couldn't configure certificate authority correctly. how can fix this problem.

Whenever you see a helpful reply, click on Alternate Text Vote As Helpful& click onAlternate Text Mark As Answer if a post answers your question.

LinkedIn:  Facebook:  

policies

July 20, 2014, 5:22 pm
$
0
0
I want to tighten the policies for my domain users.
I have disabled local administrator through Group policy, i have blocked removable devices and also black listed devices based on their hardware ids. The computers are update to date with latest antivirus updates. 
Please do guide me more security policies which i can test and apply on domain users. 

MMC console

July 20, 2014, 9:25 am
$
0
0

Hi All

When i try to Request new CA from MMC console
this what is happend



Can we get certificate template list from CA server?

July 10, 2014, 2:25 am
$
0
0

Hi,

I have CA server set up in windows server 2008 R2. I have a client code in C# which created CSR sends to the server and downloads the issued certificate from server. I want to know can retrieve list of certificate template which are there in CA server using C# code?

Can anybody help me in this?


Viewing all 12072 articles
Browse latest View live
Search

Latest Images

7 clever tricks Primark does to keep you walking & buying more than you need...

7 clever tricks Primark does to keep you walking & buying more than you need...

July 20, 2025, 5:14 am
Art for Everyone! Autism advocacy, local stories, and indigenous pride in one...

Art for Everyone! Autism advocacy, local stories, and indigenous pride in one...

July 20, 2025, 5:06 am
Paintings of English Downs 2

Paintings of English Downs 2

July 20, 2025, 4:30 am
How Kerala Women Rescued a Dying Forest and Turned It Into a Safe Haven for...

How Kerala Women Rescued a Dying Forest and Turned It Into a Safe Haven for...

July 20, 2025, 3:30 am
Met Eireann warns of heavy rain & spot flooding for DAYS before big...

Met Eireann warns of heavy rain & spot flooding for DAYS before big...

July 20, 2025, 1:14 am
Who is Kevin Lerena’s wife Geraldine?

Who is Kevin Lerena’s wife Geraldine?

July 20, 2025, 12:57 am
Man stabs woman, baby to death inside Queens home, police say

Man stabs woman, baby to death inside Queens home, police say

July 19, 2025, 11:00 pm
Ang papel ni whistleblower Julie Patidongan sa kaso ng mga nawawalang sabungero

Ang papel ni whistleblower Julie Patidongan sa kaso ng mga nawawalang sabungero

July 19, 2025, 9:45 pm
Telangana Human Rights Commission (TGHRC) seeks report from revenue dept on...

Telangana Human Rights Commission (TGHRC) seeks report from revenue dept on...

July 19, 2025, 7:29 pm
Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

July 19, 2025, 2:11 pm
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>