Quantcast
Channel: Security forum
Viewing all 12072 articles
Browse latest View live

CAPI2 Error - Access Denied

October 18, 2012, 11:21 am
$
0
0

I am seeing tons or errors regarding CAPI2 Access Denied. I have Windows Server 2008 R2 SP1

-<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
-<System>
<ProviderName="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />
<EventID Qualifiers="0">4110</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreatedSystemTime="2012-10-18T10:12:12.316910600Z" />
<EventRecordID>2516754</EventRecordID>
<Correlation/>
<ExecutionProcessID="992" ThreadID="15340" />
<Channel>Application</Channel>
<Computer>Server name removed</Computer>
<Security/>
</System>
-<EventData>
<Data />
<Data>Access is denied.</Data>
</EventData>
</Event>

Any Suggestions ?

Thanks

Search

The Sing in method your trying isnt allowed ?!!!

November 10, 2015, 5:16 am
$
0
0

Hi all , 

i was doing some tests on GP, user right assignment (allow logon locally ). for one of the users (user1) i have created in AD.

now i removed the GPO and moved the user to another OU, still im getting the msg : the sign in method your trying is not allowed, even im login as DC01\user1

what could be the issue....

how to check i users ability ?

regards

Windows defender for windows server 2012

March 31, 2013, 12:30 am
$
0
0
No antivirus software is provided with windows server 2012 standard edition and I can't find any windows defender version for windows server 2012... So if there is any antivirus product for windows server 2012 to protect my computer from malicious software, PLEASE PLEASE inform me........

SQL Server Local Database suspicious script

November 20, 2015, 3:01 am
$
0
0

Greetings,

I was working on database, using visual studio sql server explorer, in LocalDB logins folder i saw a suspicious sql script, which i modified but then it was modified, here are screen shots

sa Login Script

And when i opened this file i got this code

So, i have to ask whether it issafe or not

---------------------Do the Impossible--------------------- Great Software at http://atosoft.webs.com/

How can I limit connection to my server from remote?

November 16, 2015, 2:21 am
$
0
0

Hello.

I have a Windows server 2008 R2 and I don't like anyone can connect to it remotely. How can I specific IP for connect?

Thank you.

BitLocker won't start, can't open settings, etc

November 20, 2015, 9:38 am
$
0
0

I'd like to use drive encryption/BitLocker pin on start-up, but I can't even get the thing open. 

Screenshots: http://i.imgur.com/XeQYrjH.png

http://i.imgur.com/7a4Hu6m.png

Any ideas? Google did not help.

Unable to update SP1 with server 2008 Enterprise R2

November 20, 2015, 9:32 pm
$
0
0

Hi,

 I am unable to update SP1 with Server 2008 Enterprise R2, After installation complete error  0x8e5e0147

Dedicated Certification Authority Web Enrollment - No Templates Found Error

November 20, 2015, 6:32 pm
$
0
0

Hi all,

I have a 2 tier PKI setup - offline CA and issuing sub CA.  Original setup had the Certification Authority Web Enrollment page on the subCA but MS recommended moving that to a dedicated web server. So I followed the MS documentation to install this feature on my Win 2012 server.  It's pretty straight forward and all went smoothly.  I load the site http:// ourpki/certsrv  that is hosted on this dedicated web server, I get the correct page to load, click "Submit a request" link, then click the "Submit a certificate request by using a base64....." link I get the dreaded "No templates found" error message. Since the Certification Authority Web Enrollment page is still on the subCA (haven't removed yet until I get it working on the dedicated web server), if I hit the page on that server http:// oursubcapki/certsrv, I can click through the same links successfully and generate a cert.

I've tried everything I've read online.

- changing permissions on template.  even created a template that all authenticated users could enroll (not autoenroll).  No templates.

- created new app pool for certsrv site with Network Service for identity account.  No templates.

- loaded browser using admin creds (same as when hitting site on subCA) - No templates.

- restarted all servers in the PKI environment

I'm stumped.  Anyone have any success in setting up a web server that is used to host the Certification Authority Web Enrollment feature that points to another CA server (part of the wizard setup) and get it to work?  I'm confident that this is permissions related but can't figure out where it's tripping up.

Any info or suggestions would be greatly appreciated.

Thanks

Search

Uncheck "include inheritable permission..." does not block the action of "replace all child..."

November 18, 2015, 6:28 pm
$
0
0

Hello!
I need your help, on a 2008 R2 server, unchecking the option "include inheritable permission from this object's parent" on a subfolder has no effect. Everytime I check "replace all child object permission" on the parent folder, the subfolder security will be reset like the parent folder and worse than that, the option "include inheritable permission..." is then selected

I always thought that checking the option "replace all child objet..." would not change the security of a subfolder if the "include inheritable" option was uncheck, I guess I'm wrong??

So, how can I reset security of many subfolder without changing the security of some?

thanks for your help


2008 R2 reboots automatically( events id 1015 & 1074)

November 22, 2015, 9:53 pm
$
0
0

EVENTS ID 1015:

A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255.  The machine must now be restarted.

EVENTS ID 1074: 

The process wininit.exe has initiated the restart of computer ACCOUNT-SRV on behalf of user  for the following reason: No title for this reason could be found
 Reason Code: 0x50006
 Shutdown Type: restart
 Comment: The system process 'C:\Windows\system32\lsass.exe' terminated unexpectedly with status code 255.  The system will now shut down and restart.


Stale PKIView CDP Location

February 8, 2012, 11:57 am
$
0
0
I am trying to change the CDP locations for our Issuing CA (Server 2008 R2). We are publishing to LDAP and HTTP succesfully. I have updated the CDP locations in the extensions tab for the CA, and verified with certutil -getreg that those locations (in addition to the local publish-to-self location) are the only locations configured.

Yet, when I view the CA with PKIView, it still shows the old CDP location, in addition to the new locations. I see no reference to the old location anywhere else. I have restarted certificate services, rebooted, flushed mmc files, and checked the exchange certificate (which does not list this old CDP location). 

Where could PKIView be pulling the old CDP location from?



Thanks,


Daniel

Certificate Enrollment Request creating Issue

November 23, 2015, 3:14 am
$
0
0

Hi,

I am new to the Certificate enrollment process. I have a CA server (windows server 2008 R2) with Enterprise Root CA. I am enrolling certificate to the users. some time i am facing Time out issue and it cause the failure in the enrollment process. when i go to MMC-> Add/Remove Snap-ins-> certificates , there i found a folder Certificate Enrollment Request ->certificates folder . in which there are multiple entry with some of the entries are having undefined issued to and issued from field values. there is no entry in the Pending request list under certificate authority . when i remove the request fromCertificate Enrollment Request ->certificates folder, enrollment start working fine. i have below questions-

  • what is the purpose ofCertificate Enrollment Request store? 
  • why certificate request resides in Certificate Enrollment Request ->certificates folder?
  • how can i restrict my enrollment process to not to make any entry inside this folder so that timeout will not occur?

 please help.

Regards

Sonam

Certificate Auto Enroll Picks Up Old Certificate Server (Domain Controller Templates, Web Server and Computer Authentication).

January 15, 2015, 9:10 am
$
0
0

Hello,

I have recently deployed a new Windows 2012 CA server. The new CA, 2012CA1 is an enterprise issuing CA. I'm only using HTTP for CDP and AIA locations (no LDAP). I have deliberately set LoadDefaultTemplates=0 on 2012CA1. I've configured a GPO and to install the 2012 root certificate into my servers and clients, this GPO has been attached to the OUs containing my servers and clients

We also have a 2003 R2 enterprise issuing CA, 2003CA1. There are no GPOs pointing to 2003CA1. However, a small number of clients are automatically renewing certificates on 2003CA1. Running a gpresult on the clients which have had their certificates auto renewed shows that the GPOs do not refer to 2003CA1, but there is a certificate setting which states "Winning GPO" as "[Default Setting]" - I'm not sure what this setting is or where it's found (searching the registry for 2003CA1 fails to find any references).

Looking at the Public Key Services container in ADSIEDIT reveals that the old and new certificate servers are listed for both AIA and CDP. I want to stop my old certificate server from issuing certs, but I want to make sure that nothing is broken. I'm wondering whether I can do the following:-

1. Load Domain Controller, Computer Authentication and Web Server Templates on my new 2012 CA server.
2. Extend the CRL on my old 2003 server and then stop certificate services

I'm hoping when clients come to renew their certs, they'll check AD and now use 2012CA1 (I'm working on the theory clients check AD and try to auto renew and/or auto-enrol based on the first certificate server found). Please can someone advise what I need to do to stop my clients from automatically using the old CA and start using the new?

Please advise.

Many thanks


how do you monitor who changes what?

November 25, 2015, 1:08 am
$
0
0

Windows Server 2008 R2

i have enabled in GPO auditing of user accounts; successful and failed logins, password changes. however, how do you monitor who changee something (like local accounts password) from each server?

MSE for Windows Server 2012

September 5, 2012, 2:58 pm
$
0
0
Is there any updates for Microsoft Security Essentials for install it on WS 2012 like WS 2008R2?
Because now I can't install no MSE no Forefront Endpoint Protection 2010 on my WS 2012((
Search

advanced audit policy dabbling and regretting

February 29, 2012, 8:27 am
$
0
0

noticed a lot of "windows filtering platform" events on an 2008 r2 member server in a 2008 R2 domain.

for grins, disabled windows filtering platform events on my GPO that sets audit settings. gpupdate on client, events stopped as desired. got rid of the windows filtering platform settings on the gpo, gpupdate on the client, events started again. ok. all working as expected.

then i went in to the local security policy on this same member server and disabled the windows filtering platform auditing. events stopped. i realized *all* security events had stopped. did some research, found out that legacy auditing settings and advanced auditing settings can't live together. so i removed the windows filtering platform configuration from the local security settings on the client. gpupdate /force to get the group policy auditing settings back. they show up in rsop and gpresult /H. but it's still not auditing anything (this is an exchange server so there are constant logins).  auditpol /get /category:/* shows no auditing on anything on this client. i Disabled the "force audit policy subcategory settings to override audit policy category settings" option. gpupdate /force on the client, still no auditing. auditpol /clear and gpupdate /force, still no auditing. group policy is refreshing ok. it's just not getting the auditing settings. this is only on the client where i configured local policy for a minute. when i do a gpupdate, i see a bunch of audit policy 4719 events in the security log, they just say "this/that/success/failure removed." i even made a benign change to the audit policy GPO to see if that would kickstart it, and that change does appear in rsop and gpresult /h. but no auditing. gpresult /H does show the local group policy in the "applied gpos" section, but none of the settings show "local group policy" as the winning gpo.

how do i get this client to pick up the (legacy) audit settings in group policy again?

2012 CA Server Root Cert Default/Extended Attributes on Install & How to Supercede Default CA and Subordinate Templates

November 25, 2015, 11:23 am
$
0
0

Hello,

I'm placing a 2012 R2 Enterprise CA Server into a 2008 AD Domain.

I want to add more attributes into the Root CA's certificate when it is created.

ie. Subject Alt Names (v3 Ext), E, CN, L, ST, etc. (City state zip, email , url)

For the life of me I cannot see how to do this anywhere.

Related to this It would appear as much as I can create additional CA and Subordinate CA templates, I cannot Supersede the already installed "Root Certificate Authority" and "Subordinate Certification Authority" templates with the new ones.

So how does someone install a Itermediate CA (Subordinate) much less a Root CA, and have the 'Duplicate Temlates' be used in precedence over the default Root CA and Subordinate CA templates?

Thanks much.

Windows IIS Event/Security Log ID of Private Key deletion of corresponding TLS certificate?

November 25, 2015, 3:50 pm
$
0
0

I'm in the middle of writing an MS Active Directory Certificate Services Key Management Lifecycle document for my organization. The primary purpose certificates will serve for this organization is to generate TLS certificates for IIS web servers.

I'm using NIST 800-57/NIST 800-52 as standards against which to base this process document. When it comes to the "Destroyed State" for the private key, I want to document how an Auditor can check and verify that a revoked certificate's private key has been "destroyed" (or deleted) based on Windows/IIS) event or security logs.

I have no clue where to find such an event or security log. Can anyone point me in the right direction?

Short version: How might an auditor validate that a web server's SSL/TLS Certifiate's corresponding private key has been deleted from a Windows IIS security/audit logs (What event log ID)?


This operation has been cancelled due to restrictions in effect on this computer. Please contact your systems administrator

November 25, 2015, 5:09 am
$
0
0

Hi,

On one of our servers one user who is domain admin is getting error "This operation has been cancelled due to restrictions in effect on this computer. Please contact your systems administrator" when trying to access the C folder.
I have no idea where to start looking, doesnt seem to be a gpo since other domain admins are not having problems.

Kind regards,

Stephen

Account or, how to view configuration?

November 25, 2015, 2:30 pm
$
0
0

Hi all,

You may have heard of the Dell certificate issue lately. It's a vulnerability my supervisor wanted me to stamp out. The gist is, some basic, harmless Dell software installs a certificate with a security hole in it. Some IT, like my supervisor, removed the Dell bloatware upon implementing a unit, but for those that didn't, a certificate has to be removed from each unit. 

I've found scripts and group policy edits that push out changes, removing the certificate en masse, but not being from Dell we don't trust these scripts. So I've decided to check pcs one by one for the cert, but it's a little laborious. 

So, my question is this, is there a way for me to pull configuration information from the server as to what certificates are installed, services are running, programs installed, etc etc? I can see this type of information being useful in other instances as well.

\

Viewing all 12072 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>