Quantcast
Channel: Security forum
Viewing all 12072 articles
Browse latest View live

Help creating correct certificate

December 31, 2015, 10:12 am
$
0
0

Hello,

I need to create a certificate in order to enable server-to-server authentication between my SharePoint 2016 server and my Office Online Server per this article (Link). I initially tried creating a self-signed cert on the Office Online server through IIS but it didn't work and said that the cert wasn't trusted. I verified that it was in the Trusted Cert location in the Certificates mmc on the SharePoint server.

Now I have installed the ADCS role on the DC to create a cert that way but I find I am not sure how to create the correct cert for what I need. Any ideas?

-Peter

Search

Windows 7 Delta CRL issue

January 6, 2016, 10:49 pm
$
0
0

Hi Friends

I have an interesting issue where a Windows 7 system (using CAPI2 calls and http link only) downloads the base CRL and delta CRL successfully for the first time in a session, from there on when the delta CRL expires it cannot download the delta CRL and error message is shown below with CAPI2 events. The CDP servers are all online and PKIView.msc run from another system returns with success.

CAPI2 events are below:

   [ CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG]  true

  - AdditionalParameters

   [ timeToUse]  2016-02-06T17:23:18.132Z

   [ currentTime]  2016-02-06T17:23:18.132Z

   [ urlRetrievalTimeout]  PT20S

  - RevocationStatus

   [ index]  0

   [ error]  80092013

   [ reason]  0

   [ actualFreshnessTime]  P32DT10H28M0S

  - CertificateRevocationList

   [ location]  TvoCache

   [ url]  http://testca.com/CDP/Test%20Online%20CA/Test%20Online%20CA.crl

   [ fileRef]  A41D704EB238DF130B16696551887930BC022F9E.crl

   [ issuerName]  Test Online CA

  - CertificateRevocationList

   [ deltaCRL]  true

   [ location]  TvoCache

   [ url]  http://testca.com/CDP/Test%20Online%20CA/Test%20Online%20CA+.crl

   [ fileRef]  79FDA5174520C71740D900680A8E42FBB90ADA707.crl

   [ issuerName]  Test  CA

  - EventAuxInfo

   [ ProcessName]  MM.EXE

  - CorrelationAuxInfo

   [ TaskId]  {565CE0BF-D263-4D93-A096-E060D792E433}

   [ SeqNumber]  14

  -Result The revocation function was unable to check revocation because the revocation server was offline.


I am not sure what might be the issue. Any help is appreciated.

Thanks.

Change a newly created expired Local User's password Remotely?

December 22, 2015, 3:10 pm
$
0
0

Server 2012 R2, WORKGROUP Server

My goal here is that I want to be able to provide a method to change the LOCAL ACCOUNT passwords.  RDWeb is not actually needed, but I found that it was possible for users to change passwords with the password.aspx form that is included in it.  Ultimately I want to create a user with change at next login, and them able to change the password REMOTELY before using their account for other purposes on the server.

Keep in mind, this is a WORKGROUP server, not a DOMAIN joined/active server.

I read that RDWeb's password.aspx form will do this with Domain Users, but When I try to use it to change a Local account it just gives a generic error.  I can only guess that the password change function either inherently will not work with local accounts or needs appropriate permissions to do so.  I tried changing AppPool Settings to have RDWeb run as Administrator, thinking it might give the appropriate permissions to the form/WebApp, but that didn't change anything.

Is this possible at all, or is there another less complicated method to achieve this, maybe even without RDWeb?

Thanks!

Cant Select Online Certificate Authority When creating Web Cert through IIS

January 7, 2016, 2:25 am
$
0
0

I have a feeling i must have missed something but the subject explain everything. I have a root and SUBCA in my environment . I can create the certificates using the MMC and requesting web server certificate. Its just not working for any IIS server in my environment. 

Please can anyone help?


Regarding Microsoft Improperly Issued Digital Certificates Spoofing Vulnerability (KB3046310)

January 7, 2016, 2:47 am
$
0
0

Hi Microsoft,

I have a question regarding the security vulnerability found by Microsoft, as title above, which affecting Windows Server 2008 and above. The issue I am having is, based on Microsoft, this vulnerability can be remediate with Microsoft Windows update, however my company environment only allows third party patching tools like Altiris and SCCM due to policy restriction. The affected servers in my company are also restricted from internet connection, thus we are unable to download the patch manually to the servers. Is this vulnerability only able patch via Microsoft auto update? Or is there any other patch that can be downloaded?

Certificate Authority in the DMZ

December 9, 2015, 1:21 pm
$
0
0

Hi,

I have some DMZ workgroup servers that require certificates installed on them. I am thinking of deploying a Windows certificate authority in the DMZ. 

However, I am not sure if this is a good idea?

 Please advise

Thanks

ECC smartcard logon certificate / This smart card does not support the requested feature 0x80100022

January 7, 2016, 6:21 am
$
0
0

Hello,

I try to get an ECC smartcard logon certificate on an SafeNet eToken 5100 but all my tests fail (This smart card does not support the requested feature 0x80100022, -2146435038 SCARD_E_UNSUPPORTED_FEATURE). I have installed the Gemalto SafeNet Minidriver 9. It works with RSA certificates. After this documentation from gemalto it shoud work:

http://data-protection-updates.safenet-inc.com/files/2015/05/007-012974-001_SafeNet_Authentication_Client_Minidriver-9-0_CRN_Revision-.pdf

New Features:

ECC support Algorithms and key sizes supported:

Elliptic Curve Diffie-Hellman (ECDH) P256, and P384

Secret agreement and key exchange

Elliptic Curve Digital Signature Algorithm (ECDSA) P256, and P384

Any ideas? Does anyone use a EEC smartcard (vendor?) for windows logon?

Best regards

Oliver 


Event 4776 - Not logging real source workstation

January 6, 2016, 2:53 pm
$
0
0

Kerberos authentication tickets are recording events perfectly fine, but my google-fu is failing me as to determine how to accurate log all other auth requests.

Event 4776 is being recorded when I expect it to(logging in to 3rd party apps that don't utilize Kerberos tickets), however the source_workstation attribute shows one of the Domain Controllers instead of where the request originated. The end result I am looking for is to know what systems are sending these requests.

I have turned on all other auditing in hopes of finding something but was ultimately unsuccessful.

Ex.

01/06/2016 04:42:22 PM
LogName=Security
SourceName=Microsoft Windows security auditing.
EventCode=4776
EventType=0
Type=Information
ComputerName=DOMAINCONTROLLER
TaskCategory=Credential Validation
OpCode=Info
RecordNumber=48145070
Keywords=Audit Failure
Message=The computer attempted to validate the credentials for an account.

Authentication Package:	MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account:	<expecteduseraccount>
Source Workstation: DOMAINCONTROLLER
Error Code:	0xC000006A (expected bad password code)


Search

Single Root CA server, CRL expired

December 14, 2015, 3:32 pm
$
0
0

Hi guys,
I need some help with our Certificate Authority. It was set up by generations past of IT folks, so no one really knows why it is the way it is, and no one wants to touch it. We seem to have two independent Root CA servers, and seem to both have the default certificate templates, so I think certificates are issued randomly from the two CAs. They aren't in a hierarchy or subordinate role to each other (as far as I can tell, certainly open to validate that). Doesn't seem like a good set-up.

One of them went down today, and I was unable to start the ADCS service. Errors with "Object not Found" in the CA MMC. Further digging using certutil, I find that the CRL expired about the time the services stopped working. The hitch that I'm in, is I cannot generate a new CRL (certutil -crl) because the services are stopped (command errors with "RPC server is unavailable"), and I cannot start the service with the expired CRL. 

All threads I find on this topic, the resolution involved re-issuing the CRL from one of the other subordinate or Root CA servers, however in my case, I have a single server for the CA, so that's not an option. Can I force the ADCS services to start without CRL so I can then regenerate the CRL properly? Can I manually do something to extend the CRL time without the ADCS service running?

New certificate request (client-server auth template) includes "NETWORK SERVICE" private key permissions SOMETIMES

December 31, 2015, 9:22 am
$
0
0

On a handful of PC's if you renew the local machine certificate and go to manage the private key permissions, I see different things on different computers and its causing issues.

Problematic PC has:  Administrators and System account listed.

Good PC has:  Administrators and System account in addition to NETWORK SERVICE w/ read permission.

The template used doesn't have the "Authorize additional service accounts to access the private key" checked, but I'm not sure if that is needed or not.

Can someone explain this behavior?


Thanks!

Implement Microsoft EFS with a Active Directory Certificate Services

December 19, 2015, 12:55 am
$
0
0

Hi Team,

I need to implement Microsoft EFS with an Active Directory Certificate Services Infrastructure.

Is there a good article you all can recommend to set this up? I am looking to implement this on Windows Server 2008 R2 Domain controller and by setting up a new ADCS. I need to know how the integration of AD and ADCS works in the EFS Scenario.

Appreciate if someone can shed some light on this.

Thanks in Advance!

Dileepa

Bitlocker boots without key

January 7, 2016, 3:33 pm
$
0
0

Hi,

Thanks in advance for your help.

We have a 2012 R2 Standard server.  Bitlocker was installed and configured and keys were generated and copied to USB drives.  The server would not boot with a key inserted as is expected.  This was a few months ago.

Today I was at the customer location and rebooted the server and it came up without a USB key inserted.

I checked Bitlocker and it says it is on and active on both the boot and the data drive.  I am their IT support and I have changed nothing.  No one onsite would have the expertise nor the will to knowingly change anything.

Does anyone know how this 2012 R2 Standard Server could boot without a key when Bitlocker is installed and active?Thanx,

Mel

M

Account lockouts happening on disconnected RDP sessions

January 6, 2016, 5:03 pm
$
0
0

I've found that here at work, 90% of the times a user reports that their account is continually locking out, I find that they have a disconnected RDP session on any server on the network, which has been disconnected for say, 168 days (that was the last user). I asked this user to log into their disconnected session on this particular server and when he did, there was nothing opened, no mapped drives, nudda. The user then logged out of the server and his account was OK going-forward.

My question is thus, why would his account be continually locking out when the RDP session is in a disconnected (inactive?) state?

Here's the event which was triggered at the same time:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          7/01/2016 11:03:49 AM
Event ID:      4771
Task Category: Kerberos Authentication Service
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      MyADServer.MyDomain.com
Description:
Kerberos pre-authentication failed.

Account Information:
    Security ID:        MyDomain\LockedOutUserName
    Account Name:        LockedOutUserName

Service Information:
    Service Name:        krbtgt/MyDomain.com

Network Information:
    Client Address:        ::ffff:IP_Of_Server_With_RDP_Session
    Client Port:        53106

Additional Information:
    Ticket Options:        0x40810010
    Failure Code:        0x18
    Pre-Authentication Type:    2

Certificate Information:
    Certificate Issuer Name:        
    Certificate Serial Number:     
    Certificate Thumbprint:        

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options and failure codes are defined in RFC 4120.

If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4771</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>14339</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2016-01-07T00:03:49.744907900Z" />
    <EventRecordID>391583405</EventRecordID>
    <Correlation />
    <Execution ProcessID="532" ThreadID="856" />
    <Channel>Security</Channel>
    <Computer>MyADServer.MyDomain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="TargetUserName">LockedOutUserName</Data>
    <Data Name="TargetSid">S-1-5-21-1469019637-268265805-317593308-189172</Data>
    <Data Name="ServiceName">krbtgt/MyDomain.com</Data>
    <Data Name="TicketOptions">0x40810010</Data>
    <Data Name="Status">0x18</Data>
    <Data Name="PreAuthType">2</Data>
    <Data Name="IpAddress">::ffff:IP_Of_Server_With_RDP_Session</Data>
    <Data Name="IpPort">53106</Data>
    <Data Name="CertIssuerName">
    </Data>
    <Data Name="CertSerialNumber">
    </Data>
    <Data Name="CertThumbprint">
    </Data>
  </EventData>
</Event>

On the server with the disconnected RDP session, I can see the following events:

Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Date:          7/01/2016 11:03:52 AM
Event ID:      1006
Task Category: None
Level:         Error
Keywords:      
User:          MyDomain\LockedOutUserName
Computer:      Server_With_RDP_Session.MyDomain.com
Description:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
    <EventID>1006</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>1</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2016-01-07T00:03:52.097167800Z" />
    <EventRecordID>138881</EventRecordID>
    <Correlation ActivityID="{C2BA876F-BC40-496F-9E81-634723E5ECD8}" />
    <Execution ProcessID="184" ThreadID="5688" />
    <Channel>System</Channel>
    <Computer>Server_With_RDP_Session.MyDomain.com</Computer>
    <Security UserID="S-1-5-21-1469019637-268265805-317593308-189172" />
  </System>
  <EventData>
    <Data Name="SupportInfo1">1</Data>
    <Data Name="SupportInfo2">5012</Data>
    <Data Name="ProcessingMode">0</Data>
    <Data Name="ProcessingTimeInMilliseconds">2340</Data>
    <Data Name="ErrorCode">49</Data>
    <Data Name="ErrorDescription">Invalid Credentials</Data>
    <Data Name="DCName">
    </Data>
  </EventData>
</Event>

| +-- JDMils |

Restrict access from an AD User to a specif folder on the network

January 6, 2016, 6:47 pm
$
0
0
I have a Windows 2008 R2.

I have a group in my AD called "Finance"

I have a folder on the server C:\fileserver\department\finance\

All users of the above group get mapped to the C:\fileserver\department\finance\

Within the folder C:\fileserver\department\finance\ there is a folder called PayRoll.

A new employee (finance) started to work today.  I created his profile in AD under the Finance group.  But, his boss told me that he can not access (just) the PayRoll folder.

Where do I go and block access to this new user from accessing the PayRoll folder? I have no idea.

Thank you so much

self-signed and Third party Certificate for Exchange 2010

January 6, 2016, 6:11 pm
$
0
0

Hi, 

We have our exchange 2010 with a self-signed certificate installed , now that we have purchased a third party certificate, if i import it  to EMC without removing the  private certificate will it still work because most of our mobile devices have the self-signed certificate installed? 

Thanks.

Search

Certificate server setup

January 8, 2016, 3:48 am
$
0
0

Hi Guys,

I am trying to setup a self signing cerficate server authority in windows server 2003. So I have to create a root ca and an intermediate ca. The intermediate ca needs to be signed by the root ca. Then I have got some CSRs for some network devices (Cisco) which needs to be signed by the intermediate ca.

I was able to create the root ca and using a csr created another certificate named intermediate ca and got it signed by the root ca. Now the problem is when I try to sign the network csrs they are being signed by the root ca and not by the intermediate. I cant figure out how to delegate the sigining to the intermediate rather than the root. Also can the root ca and intermediate ca exist on the same server ?

the certifcation path should appear like 

root ca -> intermediate ca -> network csr

Please can someone help me with this.

Appreaciate your assistance.

Thank you.



Server 2008 R2 Maxium security log size

January 8, 2016, 8:37 am
$
0
0

Our Domain Controllers our 2008 R2.  It is for a school so we can have everyone log on and off at the same times a day every hour.  Our current security log file size is set for a maximum of 80 megs.  The issue is we can only hold about 2 or 3 hours of logs before we over write.

is there any reference material or best practice anyone can point me to that would give me some guidance on a drastic increase in security log size.

say 500 Megs from the current 80 or is this just a bad idea all around?

Thanks

 

Lishron

Which firewall is recommended for IIS Server.

December 9, 2015, 7:05 am
$
0
0

Hello.

I have a Windows server 2008 R2 with IIS and I want to know how can I secure it. My server just provide Web service and in your idea which security software is recommended for it ? I enabled Windows Firewall but I guess it is not Enough.

Thank you.

Configure Windows Server 2008 R2 for DDos Attack.

January 9, 2016, 3:28 am
$
0
0

Hello.

How can I Configure Windows Firewall for protect my Web Server against DDos Attack? My server just run IIS and which services must be disabled ?

Thank you.

Windows Server 2008 R2 unable to translate SID in folder security

January 11, 2016, 1:44 am
$
0
0

Hi,

I am unable to assign folders and files access permissions to my users.

I am able to  add a user using the username as in "active directory users and computer".

However, after I apply the settings, close and reopen the folder/file properties, the username added changes into SID and the user could not access the folder.

There seems to be an issue with the translating. Please advise.

Thank you.

Regards,

Rayden

Viewing all 12072 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>