Quantcast
Channel: Security forum
Viewing all 12072 articles
Browse latest View live

IPAD - Deploy domain certificate

September 18, 2012, 2:49 pm
$
0
0

I've researched deploying certs to IPADS extensively and found a bunch of info, but nothing is working.

We secure our WIFI with domain certs and our NPS server doesn't verify if the cert is a computer or user certificate.

How can I get a certificate to an IPAD if the IPAD isn't on the corporate network?  I've looked at the IPHONE config utility and that let's you create the SCEP profile, but the ipad needs to then talk to the CA server which I can't do right now.

Is there a way to go to the CA page and create a certificate I can deploy to the IPAD?  If I use the IPHONE config tool and create the scep profile than what tracks what device is actually getting the certificate?  Is there a way to have any approval process built into the deployment?

Search

efs file decryption

April 12, 2013, 11:25 am
$
0
0
I work at a site that has EFS issue. All files are encrypted on file server (end user home share). end users certificates expired that encrypted the file. Now encrypted file can not be opened or decrypted by end users gets access denied. I checked the encryption properties of the files of users who can access the files, it points to expired users certification and expired recovery agent certication thumbprint. Is there any way to get file decrypted on file server? do I need keys from expired cert? to decrypt files.

ohms102910@yahoo.com

ohms

Error ADCS revoke a certificate using CERTADMINLib.dll

April 11, 2013, 4:13 pm
$
0
0
Hi, I developed a service to manage Active Directory Certificate Services, but when I try to revoke a certificate using CERTADMINLib.dll is obtained an error message.
 
I generated CERTADMINLib.dll with tlbimp command and certadm.dll as follow:
 
tlbimp certadm.dll /machine:x64
 
Because my system running 64bits, after I copy certadm.dll in System32 directory and register dll with regsvr32... I added CERTADMINLib.dll in the   project references and created a instance of the CCertAdmin interface as follow:
 
CERTADMINLib.CCertAdmin objAdmin = new CERTADMINLib.CCertAdmin();
 
And I got the error:
 
Retrieving the COM class factory for component with CLSID {37EABAF0-7FB6-11D0-8817-00A0C903B83C} failed due to the following error: 80040154.
 
Any ideas to solved this problem?
 
Note:
 
I tried with x86 too, same results

Unable to load self-signed certificate into IE and have it like it. Loaded into Store, but still getting error

April 12, 2013, 10:24 am
$
0
0


  • I'm trying to load a self signed certificate (in our case, from vCenter) - into Windows 2008 using the mmc/certifcates add-in or by going to https://siteURL../ in IE and installing.

    Neither work.  I loaded the cert into Trusted People/Local Computer as I've always done, but when going to this site the certificate error still shows in IE.  For kicks, I tried loading it into various other stores - same result.

    What is strange is that when you browse with IE to the site, you should be able to click on "Continue" and view/install the certificate, but you can't.  Clicking on "Continue...." doesn't do anything.

    Was unable to resolve this, so we took the machine off the domain to ensure there were no GPO rules preventing this from happening, rebooted, tried again - same result.

    So we tried with Firefox...initial error, but we were able to view the cert, install it, and it was happy thereafter.

    But IE simply will not working, and I think this problem is causing downstream problems with our other app integrations.  Until IE is happy, I don't think many other things will be either.

    I can view this certificate in Trusted People/Local Computer and the name is correct, but it does say "this certificate cannot be verified....has an invalid signature".

    Anyone have any ideas?  I'm almost out of them all. :)

    Thanks


How to ask a question efficiently in TechNet forum

October 17, 2011, 4:28 pm
$
0
0

Thank you for posting in TechNet forum. The online problem solving can be relatively time consuming because it may demand several messages back and force to fully understand the symptom and background, especially at the very beginning. Here are a few suggestions that help you get the best answer to your question as quickly as possible.

 

When You Ask

1. Selecting a good title which summarizes the specific problem you have. It will be the one of the main driving forces for others to want to actually read your item. Choosing a badly-formatted title will drive people away, thinking that since the title is so badly written, so must be the information and the question within the thread.

2. Provide all the necessary information in your initial post. The following information would be very helpful:

-Symptom description: Detailed description of the problem. If you receive any error messages, please let us know the exact error WORD BY WORD.

-Environment: The system environment, such as your OS/application version, your network topology, and your domain environment, etc.

-Any recent relevant configuration change(s): If the issue started to occur after installing any application/updates or changing the configuration, please let us know.

-Any additional information. Tell what you have done prior to asking your question. This will help us understand that you've done so far.

3. Write in a clear language.Avoiding spelling mistakes or grammatical errors. Don't type IN ALL CAPS, which in most cases is read as shouting and considered rude.

4. Keep with the same thread. Do not refer to a post you made last year, and above all, Please come back. There are hundreds and thousands of posts where we have seen people given great and wonderfully long answers yet no reply from the original poster.

5. Be courteous to reply, even if it's to say. "I've given up" or thanks that worked. (This helps the whole community when you do this, and makes the people who donate time, warm and fuzzies.)

 

When answered

Give Positive Feedback. Once you've received a correct answer to your question, either from a Microsoft employee, an MVP, or the community in general, pleases replies that the issue or question has been answered. And if possible mark the solution as answered: This step is important, since it lets other people benefit from your posts.

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Decrypt files

April 12, 2013, 11:21 am
$
0
0
I work at has EFS issue. All files are encrypted on file server (end user home share). end users certificates expired that encrypted the file. Now encrypted file can not be opened or decrypted by end users gets access denied. I checked the encryption properties of the files of users who can access the files, it points to expired users certification and expired recovery agent certication thumbprint. Is there any way to get file decrypted on file server? can I get keys from expired cert?

[email address redacted for privacy]

ohms


Non-domain-joined Windows 7 Clients User Authentication

April 12, 2013, 7:33 pm
$
0
0

Hi,

Our organization has many employees with laptops not connected to a domain. We are trying to implement PEAP MsCHAP V2. We want the non-domain-joined computers to be able to provide user credentials for authentication. It works well on XP machines on which the domain name can also be provided along with the username/password. The problem we are facing is with Windows 7 machines where domain cannot be specified when providing credentials. When win 7 user provides their AD credentials, NPS sees machine account name instead and denies access. One work around we found was to go into the settings of the wireless profile and specified 802.1x authentication to be user based authentication. 

Is there a way to bypass this step of asking users to change wireless profile settings in win 7 machines?

Appreciate your help...

Hammad

What is WGASETUP.EXE

November 20, 2009, 2:27 pm
$
0
0
I have blocked this program and need to know what it is? I think I have been hacked and Phished and then this popped up so I blocked it. Is it a program I need? I am at my wits end trying to figure out everything that is going on. How do I get rid of a hacker? I think my Mcafee product has been corrupted as well.
Thanks for any help! Please reply ASAP!
Search

pre implementation checklists

April 14, 2013, 12:47 pm
$
0
0
Do your organisations have any sort of formal procedure of security verifacation of your windows servers before you join them to your production/live network. we come across many common silly security mistakes on windows servers joined to the domain (i.e. open shares with sensitive data) that i am trying to prescribe some form of formal procedure whereby the network admin has to verify the security of the server before it is joined to the domain. i wonder if you do similar and if so what specific checks do you perform before the server is signed off as "security acceptable" to be joined to the live network.

Event Id Security:620 - Trusted Domain Information Modified

March 31, 2013, 6:42 pm
$
0
0
I am reviewing event logs and notice Event Class ID Security:620. The target user name is ANONYMOUS LOGON. How can I identify why the trust information was modified by this user? is there some process that runs that uses ANONYMOUS LOGON in order to update trusts? The only somewhat relevant events I notice prior to this are Security:576 and Security:628 which are privledge and account changes for two machine accounts. Does the event Security:620 have anything to do with the fact that a computer account (ends with $) password was set with the same timestamp of the Trusted Domain Information Modified event?

Prevent an OU from requesting certificates

April 15, 2013, 1:16 pm
$
0
0
In my organization, we place all service & testing accounts into an OU called "Non-People Accounts".  I was asked by a manager if it would be possible to prevent accounts contained in this OU from requesting certificates from the Enterprise CA.  I'm assuming this is something you can do easily with group policy, but I'm not sure how.  

some Certificate have Issued automatically

April 15, 2013, 12:42 am
$
0
0

I've implemented 2-tier CA Hierarechy after followed the link bellow , some certificate are issuing automatically while I have not publish any Group policy to issue cert in the domain automatically.howevere users didn't request to give cert.

http://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx

as suggested in this link  I ran this command:certutil –dspublish –f rootca.crt RootCA
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/7d0893cd-a2c2-46cf-ae11-0e637dbcfaf2

does it make problem?why issuer is issuing Basic EFS Cert automatically to domain users?


Windows server 2008 R2 Standard se apaga automaticamente

April 11, 2013, 6:56 pm
$
0
0

Que tal todos Espero se encuentren bien,

Encontré una respuesta parecida, pero de igual manera quiero saber si también esto ocurre con el SO operativo mencionado en el titulo.

Saludos,

Daniel

NDES service doesnt work when linked CA is restarted

April 16, 2013, 1:56 am
$
0
0

We restart the Issuing CA for maintenance purpose regularly...

After CA is restarted, the NDES service that is linked to it in another server, loose the capacity to make requests to this CA...

So, we need to manually restart the NDES service, computer also.

Someone knows about this behavior, and how to handle it, in order to provide a continuous service ??

Many thanks

JOSELITO


How to undo certutil –dspublish in CA

April 16, 2013, 12:15 am
Search

Microsoft PKI Certificate Yield Sign on Subject Alternative Name

April 16, 2013, 4:28 am
$
0
0
Hey does anyone know why I have a yellow yield sign on my Subject Alternative Name in a PKI cert?  I followed MS instrructions to create a template, request the web certificate, input the DNS SAN as instructed. I have other certificates that have the same DNS SAN but they have a blue arrow on them indicating they are fine. How do you even start to troubleshoot this?

Rhonda J. Layfield

Два разных леса и домена и общие ресурсы

April 16, 2013, 5:52 am
$
0
0

Добрый день,

Есть один лес с доменом А(Win2008), со своими БД и Exchange2010 с подсетью 10.110.110.*

Есть второй лес (разделены физически) с доменом B (Win2008), с подсетью 10.110.111.*, где планируется установка Exchange2010.

Планируется объединить сети с помощью VPN роутера для использования ресурсов(баз данных и неких приложений) из домена и сети А в домене и сети B.

Не нужно чтобы пользователи этих доменов могли использовать свои учетки для входа в систему в чужом домене.

Что нужно сделать чтобы дать доступ на некоторые тевые ресурсы сети А домену B, нужно ли настраивать доверительные отношения и т.д.?

Спасибо.

How to create .pfx files using .crt?

April 16, 2013, 6:07 am

Wireless Problem connnection IAS // Radius

April 16, 2013, 6:24 am
$
0
0

Hi, 

I have a probelm with Cisco WLC and  IAS // Radius some times clients got a disconnect wireless network, clients are using Windows XP SP3, the wireless connection uses 802.1.x, the certificate is no enabled. 

If I connect the PC to wired network and the reconnect to wireless,  it works, or if I delete the wireless SSID on PC a recreate it works too. 

It could be some Windows XP SP3 problem?

In the radius I got this error type: 2142, 262.

Regards

How to add active directory attribute to certificate template?

April 15, 2013, 1:49 pm
$
0
0

Hi,

I am looking for some help in creating a certificate request on windows server 2008.

The certificate request needs to include a customized active directory attribute such as employee ID into subject so it will read as:

CN = John smith

employee ID=1234567

OU = sales dept

O= abc company

C=ca

DC=abc

DC=ca

I was just wondering if someone could please send me instructions on how to do this. 

Thanks

Viewing all 12072 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>