I am supposed to login via weblogin,desktop,mobile,Proximity Card,Bio Metric,IVRS to Web-based Applications / Client Server Applications / Mainframe Applications / .Net Applications / Java Applications / Legacy Applications using single signon feature..
what are all my prerequisites
↧
enterprise single signon
↧
reg
why all the reg errors I cant do much after update to 10074 help
↧
↧
tracking a security breach
I have a popup on my computer saying that AT&T has stolen some of my information.
↧
An extended error has occurred. Failed to save Local Policy Database.
Strange Error. I have a system running server 2012 r2 datacenter, as a development environment and workstation for my use.
It is not running AD, and is not joined to the domain. It sits on its own isolated network actually, and thus has only one user. The one user I want to be the administrator account but I don't use the administrator user name. So when I
go into the Local Security Policy and change the field
Local Policies --> Security Options --> Accounts: Rename administrator account
I'm not sure what the issue is. The only reason I even have to do this is because of the (as far as <g class="gr_ gr_561 gr-alert gr_tiny gr_spell undefined ContextualSpelling multiReplace" data-gr-id="561" id="561">i</g>
can tell) unchangeable policy preventing anyone but built in administrator from burning discs...
Does anyone have any ideas here?
Thanks!
↧
No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.
Hi
I was able to issue a cert 2 weeks ago. But now something is wrong with my CA
I have the error in title everytime I click on "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file."
I've made several searches on the web before posting here. I've made sure the AppPool has the Process Model "NetworkService", Anonymous Authentication disabled.
Anything else I could verify?
Thanks in advance,
Martin
↧
↧
Custom OID in certificate subject
Hi all,
I need to include custom OID in certificate's subject (DN): 2.5.4.97 (organizationIdentifier).
When installing standalone Root CA, it's working - I'm able to include it in DN string and it appears in Root CA certificate. But later, when I'm trying to do the same trick for subordinate enterprise CA's certificate - it's not working. Although the subject (DN) string is the same as it was for Root CA and certificate for sub CA is being issued from the same Root CA - custom OID disappears from sub CA certificate.
I was trying to tweak various registry settings (ca\... and policy\...) with no luck. If it worked for Root CA certificate, then it should be the way to do the same with Sub CA certificate, I suppose.
Any ideas?
Best regards,
Andrej
↧
Firewall
How toenable
a port, just twousers on the localWindowsFirewall?
I needonly twousers across thenetwork,they canbe allowedto port83andthe other usersdo not connect.
Waiting for your comments.
Cheers,
I needonly twousers across thenetwork,they canbe allowedto port83andthe other usersdo not connect.
Waiting for your comments.
Cheers,
Edwin Duran Ospina Si la respuesta ha Colaborado con tu solución, favor marcarla como correcta.
↧
How to Migrate my PKI Infrastructure
Hi All.
I have one CA root (Enterprise) y one subordine, both servers in windows 2003. I need to migrate both server to windows 2012. considering that both servers are domain controllers.
Please I need to know the order to migrate and if there are any documentation than I help me with these migrations.
Cheer..
↧
Which firewall is recommended for IIS Server.
Hello.
I have a Windows server 2008 R2 with IIS and I want to know how can I secure it. My server just provide Web service and in your idea which security software is recommended for it ? I enabled Windows Firewall but I guess it is not Enough.
Thank you.
↧
↧
Single Root CA server, CRL expired
Hi guys,
I need some help with our Certificate Authority. It was set up by generations past of IT folks, so no one really knows why it is the way it is, and no one wants to touch it. We seem to have two independent Root CA servers, and seem to both have the default
certificate templates, so I think certificates are issued randomly from the two CAs. They aren't in a hierarchy or subordinate role to each other (as far as I can tell, certainly open to validate that). Doesn't seem like a good set-up.
One of them went down today, and I was unable to start the ADCS service. Errors with "Object not Found" in the CA MMC. Further digging using certutil, I find that the CRL expired about the time the services stopped working. The hitch that I'm in, is I cannot generate a new CRL (certutil -crl) because the services are stopped (command errors with "RPC server is unavailable"), and I cannot start the service with the expired CRL.
All threads I find on this topic, the resolution involved re-issuing the CRL from one of the other subordinate or Root CA servers, however in my case, I have a single server for the CA, so that's not an option. Can I force the ADCS services to start without CRL so I can then regenerate the CRL properly? Can I manually do something to extend the CRL time without the ADCS service running?
↧
PKI, Find the Interanl / external certificate
Hello Everyone,
I am new to PKI (AD CS) environment, in my organization i found there are several Certificates issued from the help of AD CS tool. And those are showing Expiring in couple of months.
As i come to know that Internal certificates will be auto-renewed and external certificate we have to do manually.
1.Is there any way how to find the which are Internal and External.
2.How do i check the Subordinate CA's Expiry date.
3.What steps/Action, i have to take to renew / Re-issue the certificate.
Thanks in advance,
Shivakumar
↧
Active Directory Certificate Services could not publish a Base CRL for key 0 or Delta CRL Key 0 (Event Id's 74 & 75)
Hi,
We are getting below mentioned error in our Enterprise Sub-ordinate CA's server, as Microsoft suggested i have checked the network and CA's permission for CDP folders in ADSS everything is fine. Kindly help me to resolve this issue.
↧
Implement Microsoft EFS with a Active Directory Certificate Services
Hi Team,
I need to implement Microsoft EFS with an Active Directory Certificate Services Infrastructure.
Is there a good article you all can recommend to set this up? I am looking to implement this on Windows Server 2008 R2 Domain controller and by setting up a new ADCS. I need to know how the integration of AD and ADCS works in the EFS Scenario.
Appreciate if someone can shed some light on this.
Thanks in Advance!
Dileepa
↧
↧
CA - no certificate templates could be found.
Dear All,
I have a 2008 Domain Controller with the CA Server role installed with the issue that the Web-Enrolement procedure is not working proper. I can´t request any cert´s using the web-browser. Cert requests via powershell works fin thought.
I get the following error:
"No Certificate templates could be found. You do not have the permissions to request a certificate from this CA, or an error occured while accessing the Active Directory"
I allready compared the the sServerConfig value in the Certdat.inc file with the dNSHostName attribute at the pkiEnrollmentService object. The values are the same (case sensitive).
I also checked the permissions on the certificate templates - they are o.k. since I do the request with a domain admin account.
I appreciate an help and thanks in advanced,
Chris
↧
Microsoft .NET Updates - KB3097996 and KB3098781 - Error 406 Error on .axd files
Microsoft,
Please note that the following updates KB3097996 and KB3098781 broke our company eCommerce Web sitewww.shoeshow.com on all browsers Firefox, Chrome and Internet explorer.
After the applying the updates we started receiving NetworkError: 406 Not Acceptable Error(s) on .axd files.
TypeError: Sys.Webforms is undefined
Sys.WebForms.PageRequesManager._initialize('ScripManager1, 'Main_Form', ['tpn...
TypeError: Sys.Webforms is undefined
var pgRegMgr = Syst.Webforms.PageRequesManager.getInstance()
I wanted to let you know because we cannot apply these patches until we know more about them.
Moojjoo MCP, MCTS <br/> <a href="http://moojjoo.blogspot.com" target="_blank">http://moojjoo.blogspot.com</a>
↧
DELETING USERS PROFILE (USERNAME.V2) FOLDERS
All,
I have been doing this for years. For the life of me, is there a easier way to delete users profile directories after they move on? I cant seen to take ownership and delete their User Profiles and user folders.
Is there a tool?
Thanks.
Michael Agee
↧
MIM CM - Offline Unblock Process
We have installed MIM CM 2016 in a test environment, and I can issue smart cards to users fine. I enabled the Offline Unblock Policy to be able to unblock smart cards for user when they enter their PIN wrong for several times. I basically have two groups"Issuers" and "Subscribers",
The Issuers have Grant permissions to Initiate offline Unblock Request andUnblock Agent for Offline Unblock Requests.
On the Service Connection Point the Issuers have the following permissions: (This are the permission on the MIM CM Server)
- Read,
- FIM CM Enrollment Agent,
- FIM CM Request Enroll,
- FIM CM Request Recover,
- FIM CM Request Renew,
- FIM CM Revoke, and
- FIM CM Request Unblock Smart Card
On the Subscribers Group in AD: the Issuers have the following permission
- Read,
- FIM CM Enrollment Agent,
- FIM CM Request Enroll,
- FIM CM Request Recover,
- FIM CM Request Renew,
- FIM CM Revoke, and
- FIM CM Request Unblock Smart Card
On the certificate template that we used for the Smart Card Logon, the Issuers and the Subscribers have the Read andEnroll permissions.
On the Active Directory Sites and Services in the Profile template "Centralized Smart Card Profile Template", theIssuers and Subscribers have theRead and FIM CM Enroll permissions
Basically members of the Issuers groups have administrator rights and can enroll a smart card on behalf of other users, and theSubscribers group are the end user/domain users.
While I can execute an offline unblock policy with no problem for a smart card that has been blocked due to the user entering the PIN wrong several times, when the User uses the Response that is generated on the MIM CM portal, it won't let the User to reset the PIN. I get the following error on the Client Computer "The Smart card could not be unblocked. Please ensure that your response is correct and your new PIN meets the complexity requirements of your organization"
I tried to find a solution for this, but I couldn't find anything.
Thank you for your help
↧
↧
ADCS SHA1 deprecation SHA256 change question
We read the Microsoft blog that walked us through this (I do not have the link on hand) we ran the following powershell command:
certutil -setreg ca\csp\CNGHashAlgorithm SHA256
and everything went according to plan... The CA is issuing Hashes with SHA256
When I look further down on the certificate the thumbprint algorithm still states SHA1, is this by design? Can we update this to SHA256 as well? If so how do we do it?
NOTE: all CA's are running 2012 OS with powershell version 3.0 running.
↧
Help creating correct certificate
Hello,
I need to create a certificate in order to enable server-to-server authentication between my SharePoint 2016 server and my Office Online Server per this article (Link). I initially tried creating a self-signed cert on the Office Online server through IIS but it didn't work and said that the cert wasn't trusted. I verified that it was in the Trusted Cert location in the Certificates mmc on the SharePoint server.
Now I have installed the ADCS role on the DC to create a cert that way but I find I am not sure how to create the correct cert for what I need. Any ideas?
-Peter
↧
New certificate request (client-server auth template) includes "NETWORK SERVICE" private key permissions SOMETIMES
On a handful of PC's if you renew the local machine certificate and go to manage the private key permissions, I see different things on different computers and its causing issues.
Problematic PC has: Administrators and System account listed.
Good PC has: Administrators and System account in addition to NETWORK SERVICE w/ read permission.
The template used doesn't have the "Authorize additional service accounts to access the private key" checked, but I'm not sure if that is needed or not.
Can someone explain this behavior?
Thanks!
↧