Quantcast
Channel: Security forum
Viewing all 12072 articles
Browse latest View live

System account logon failures

October 2, 2012, 11:27 pm
$
0
0

Hi,

We are experiencing numerous logon failures by a system account on a newly installed 2008R2 Server running Symantec's CCS 11 application.
The account seems to be invoked by a lsass.exe process. Please find logs below. We would love to find a way to stop these logon failures.

Thanks a mill.

Guy

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          2012/10/03 08:12:04 AM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      Server
Description:
An account failed to log on.

Subject:
    Security ID:        SYSTEM
    Account Name:        SERVER$
    Account Domain:        DOMAIN
    Logon ID:        0x3e7

Logon Type:            3

Account For Which Logon Failed:
    Security ID:        NULL SID
    Account Name:        
    Account Domain:        

Failure Information:
    Failure Reason:        Unknown user name or bad password.
    Status:            0xc000006d
    Sub Status:        0xc0000064

Process Information:
    Caller Process ID:    0x208
    Caller Process Name:    C:\Windows\System32\lsass.exe

Network Information:
    Workstation Name:    SERVER
    Source Network Address:    -
    Source Port:        -

Detailed Authentication Information:
    Logon Process:        Schannel
    Authentication Package:    Kerberos
    Transited Services:    -
    Package Name (NTLM only):    -
    Key Length:        0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4625</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12544</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2012-10-03T06:12:04.377951200Z" />
    <EventRecordID>601000</EventRecordID>
    <Correlation />
    <Execution ProcessID="520" ThreadID="8972" />
    <Channel>Security</Channel>
    <Computer>SERVER</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-5-18</Data>
    <Data Name="SubjectUserName">SERVER$</Data>
    <Data Name="SubjectDomainName">DOMAIN</Data>
    <Data Name="SubjectLogonId">0x3e7</Data>
    <Data Name="TargetUserSid">S-1-0-0</Data>
    <Data Name="TargetUserName">
    </Data>
    <Data Name="TargetDomainName">
    </Data>
    <Data Name="Status">0xc000006d</Data>
    <Data Name="FailureReason">%%2313</Data>
    <Data Name="SubStatus">0xc0000064</Data>
    <Data Name="LogonType">3</Data>
    <Data Name="LogonProcessName">Schannel</Data>
    <Data Name="AuthenticationPackageName">Kerberos</Data>
    <Data Name="WorkstationName">SERVER</Data>
    <Data Name="TransmittedServices">-</Data>
    <Data Name="LmPackageName">-</Data>
    <Data Name="KeyLength">0</Data>
    <Data Name="ProcessId">0x208</Data>
    <Data Name="ProcessName">C:\Windows\System32\lsass.exe</Data>
    <Data Name="IpAddress">-</Data>
    <Data Name="IpPort">-</Data>
  </EventData>
</Event>

Search

PKI Migration from Domain A to Domain B

September 19, 2018, 3:40 am
$
0
0

Hi People, is there any documentation on Migration of a mature PKI solution to another domain.
What I mean by another domain is, the company I work for has been taken over and instead of being called DomainA.com we are now DomainB.com

Regards

Richard

admin audit logs

September 19, 2018, 3:58 am
$
0
0

Dear Team,

I want to enable admin audit logs on Active directory and Exchange servers and to know how to read and trace logs if any user made any changes and run command so it can be capture.

CEP not working on Server running CEP (WS_E_ENDPOINT_FAULT_RECEIVED)

September 19, 2018, 6:27 am
$
0
0

Hi Everyone,

I try to hunt down the following issue i get with a deployment of mine.

My deployment looks like the following:

Issuing CA running on Server 1

IIS for CRL, CEP, CES and NDES running on Server 2

Servers are all running 2016

Cert enrollment from a client machine is working as expected through CEP (receiving policy, and CES URLs and successfully requests certificates).

My problem is on the Server 2 itself. As it must request certificates through CEP what points to himself (A Record for cep.domain.com)

Some more details:

AppPools Running with identity ces$ (group managed service account) with Managed Pipeling Mode set to Integrated and the account having the following set:
servicePrincipalName:
HTTP/cep.domain.com + HTTP/cep

HTTP/ces.domain.com + HTTP/ces

msDS-AllowedToDelegateTo:
HOST/Server1.domain.com

RPCSS/Server1.domain.com

But Kerberos delegation should not be the problem because i can see in the IIS Logs:

2018-09-19 12:47:03 10.0.200.17 POST /ADPolicyProvider_CEP_Kerberos/service.svc/CEP - 443 DOMAIN\SERVER2$ 10.0.200.17 MS-WebServices/1.0 - 500 0 0 4990

if i fire up a CMD running under the SYSTEM Account, i can see that SERVER2 received a correct TGT by running the following command:

certutil -ping -kerberos -config <CEPURL> CEP

followed by a klist

i also receive a "command completed successfully" with a public cert if i try to ping the CES interface like this

certutil -ping -kerberos -config <CESURL> CES

with fiddler i was able to trace the internal server error a little bit deeper:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"><s:Header><a:Action s:mustUnderstand="1">http://schemas.microsoft.com/net/2005/12/windowscommunicationfoundation/dispatcher/fault</a:Action><a:RelatesTo>urn:uuid:48639d1e-97e0-4aaf-805a-bcf04f8a1959</a:RelatesTo><ActivityId CorrelationId="abe52901-1ebf-4330-aa0b-b8f51b272628" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">00000000-0000-0000-0000-000000000000</ActivityId></s:Header><s:Body><s:Fault><s:Code><s:Value>s:Receiver</s:Value><s:Subcode><s:Value xmlns:a="http://schemas.microsoft.com/net/2005/12/windowscommunicationfoundation/dispatcher">a:InternalServiceFault</s:Value></s:Subcode></s:Code><s:Reason><s:Text xml:lang="de-CH">GetAccessRights</s:Text></s:Reason><s:Detail><ExceptionDetail xmlns="http://schemas.datacontract.org/2004/07/System.ServiceModel" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><HelpLink i:nil="true"/><InnerException i:nil="true"/><Message>GetAccessRights</Message><StackTrace>   at Microsoft.CertificateServices.Policy.Providers.EnrollmentPoliciesMgr._GetResponse(Int32[] filteredPolicies, WindowsIdentity caller, Boolean bKeyBasedRenewal, CertificateEnrollmentPolicy[]&amp; enrollmentPolicies, CA[]&amp; enrollmentCAs, OID[]&amp; enrollmentOIDs)&#xD;
   at Microsoft.CertificateServices.Policy.Providers.EnrollmentPoliciesMgr.GetPolicies(RequestFilter requestFilter, WindowsIdentity caller, Boolean bKeyBasedRenewal, CertificateEnrollmentPolicy[]&amp; enrollmentPolicies, CA[]&amp; enrollmentCAs, OID[]&amp; enrollmentOIDs)&#xD;
   at Microsoft.CertificateServices.Policy.Providers.ADPolicyProvider.GetPolicy(WindowsIdentity caller, Boolean bKeyBasedRenewal, DateTime clientLastUpdate, RequestFilter requestFilter, Response&amp; response, CA[]&amp; CAsOut, OID[]&amp; OIDs)&#xD;
   at Microsoft.CertificateServices.Policy.PolicyService.GetPolicies(GetPoliciesRequest request)&#xD;
   at SyncInvokeGetPolicies(Object , Object[] , Object[] )&#xD;
   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)&#xD;
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp; rpc)&#xD;
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp; rpc)&#xD;
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc&amp; rpc)&#xD;
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)</StackTrace><Type>System.Runtime.InteropServices.COMException</Type></ExceptionDetail></s:Detail></s:Fault></s:Body></s:Envelope>

any one a idea? 

Please remember to mark the replies as answers if they helped.

Certificate Enrollment - Error

September 19, 2018, 7:24 am
$
0
0

I am getting the following error when I have the setting for delegation "Trust this computer for delegation to specified services only" and have it set to "Use Kerberos Only" with having "Host" and "rpcss" for the CA. I have full open ports for the TCP 135 and the higher random ports also open, and the connection from Web Enrollment server to the DC we have ports 440 and 636 opened. I am using the DefaultAppPool for my CertSrv applications in IIS and I am using "ApplicationPoolIdentity" as Identity for that pool.


Request Mode:
newreq - New Request
Dis
(never set)
Disposition message:
(none)
Result:
The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)
COM Error Info:
CCertRequest::Submit: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)
LastStatus:
The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)
Suggested Cause:
This error can occur if the Certification Authority Service has not been started


But when I change setting for delegation "Trust this computer for delegation to specified services only" and have it set to "Use any authentication protocol" with having "Host" and "rpcss" for the same CA I get this error when just trying to access the certrqma.asp site.

<fieldset>

500 - Internal server error.

There is a problem with the resource you are looking for, and it cannot be displayed.

</fieldset>



How to verify credential roaming is working for user certificates?

September 19, 2018, 3:36 pm
$
0
0

I applied a GPO for credential roaming and I know the GPO is successfully applied to the computer because other settings in the policy are working.

How do I verify credential roaming of user certificates is working?


Limit Certificates Visible In Web Enrollment Page?

September 19, 2018, 3:59 pm
$
0
0

We want only certificates that require CA Certificate Manager approval to be available in the web enrollment page.  Users who need to request user certificates from devices not joined to our domain will use this.

We want users to be able to auto-enroll without manager approval from domain joined computers.  However, when we make a certificate template available for auto-enrollment, the certificate becomes visible in the web enrollment page.

How can we fix this?


X.509 SSL Self-Signed Certificate

September 20, 2018, 4:41 am
$
0
0

Hi,

We run a nessus scan on our domain and getting alerts regrading SSL certificate which is assign to PC.

  • https://www.tenable.com/plugins/nessus/57582
  • http://www.nessus.org/plugins/index.php?view=single&id=51192
  • http://www.nessus.org/plugins/index.php?view=single&id=35291

Is they any way i can tell then system that this is our trusted certificate. This is only being used internally.

Search

Event 7040 -- System keeps changed startup mode on SQL Server Services

September 20, 2018, 8:23 am
$
0
0
We have a Windows 2016 server that is used to host a SQL Server database instance. Services "SQL Server (MSSQLSERVER)" "SQLSERVERAGENT" keep getting reverted from startup mode automatic to manual start. Event viewer states that SYSTEM is doing this, but it is worth noting that we have a Managed Service Account used for the login for these services. Any ideas on what might be causing this? I am stumped!

Certificate Services - CES/CEP Returning Invalid Function when trying to Enroll via CES, But Can Enroll DIrectrly to the CA

September 20, 2018, 4:04 pm
$
0
0

When using ADCS CES/CEP Proxy to ENroll for a Computer Certificate, I am given the certificate template that is available, but when it goes to actually enroll I get the following error in certenroll.log in the windows directory:

Nothing is sent to the CA...it all seems to stop at the enrollment proxy....possibly a permissions issue?  This is all running on Server 2016, CAs are running 2016 Core.

========================================================================

402.478.948: Begin: 9/20/2018 6:41 PM 29.748s

402.483.0: MMC.EXE

402.491.0: GMT - 4.00

2005.228.0: certca.dll: 10.0.14393.2248 retail

2005.228.0: certcli.dll: 10.0.14393.2248 retail

2005.228.0: certenroll.dll: 10.0.14393.2248 retail

3000.838.0:<2018/9/20, 18:41:31>: 0x0 (WIN32: 0)

3000.839.0:<2018/9/20, 18:41:31>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2032.4369.0:<2018/9/20, 18:41:31>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY): Fetch Id

3000.838.0:<2018/9/20, 18:41:31>: 0x0 (WIN32: 0)

3000.839.0:<2018/9/20, 18:41:31>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

3000.875.0:<2018/9/20, 18:41:31>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY): PsPolicyID

437.633.0:<2018/9/20, 18:41:31>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): LDAPFlags

2720.294.0:<2018/9/20, 18:41:36>: 0x800704c7 (WIN32: 1223 ERROR_CANCELLED)

2007.238.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): XTS-AES

2007.238.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): SHA224

2007.238.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): curve25519

2047.644.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): curve25519

2047.781.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): Microsoft Software Key Storage Provider

2047.859.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): curve25519

2007.238.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP256t1

2047.644.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP256t1

2047.781.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): Microsoft Software Key Storage Provider

2047.859.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP256t1

2007.238.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP384t1

2047.644.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP384t1

2047.781.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): Microsoft Software Key Storage Provider

2047.859.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP384t1

2007.238.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP512t1

2047.644.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP512t1

2047.781.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): Microsoft Software Key Storage Provider

2047.859.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP512t1

452.856.0:<2018/9/20, 18:41:37>: 0x80090029 (-2146893783 NTE_NOT_SUPPORTED): ECCCurveName

452.149.0:<2018/9/20, 18:41:37>: 0x80090029 (-2146893783 NTE_NOT_SUPPORTED): ECCCurveName

2047.551.0:<2018/9/20, 18:41:37>: 0x80090029 (-2146893783 NTE_NOT_SUPPORTED)

2047.781.0:<2018/9/20, 18:41:37>: 0x80090029 (-2146893783 NTE_NOT_SUPPORTED): Microsoft Software Key Storage Provider

2047.859.0:<2018/9/20, 18:41:37>: 0x80090029 (-2146893783 NTE_NOT_SUPPORTED): curve25519

2007.238.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP256t1

2047.644.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP256t1

2047.781.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): Microsoft Software Key Storage Provider

2047.859.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP256t1

2007.238.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP384t1

2047.644.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP384t1

2047.781.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): Microsoft Software Key Storage Provider

2047.859.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP384t1

2007.238.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP512t1

2047.644.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP512t1

2047.781.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): Microsoft Software Key Storage Provider

2047.859.0:<2018/9/20, 18:41:37>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): numsP512t1

2007.238.0:<2018/9/20, 18:41:38>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): ECDSA_P224

2047.644.0:<2018/9/20, 18:41:38>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): ECDSA_P224

2047.781.0:<2018/9/20, 18:41:38>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): nCipher Security World Key Storage Provider

2047.859.0:<2018/9/20, 18:41:38>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): ECDSA_P224

2007.238.0:<2018/9/20, 18:41:38>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): ECDH_P224

2047.644.0:<2018/9/20, 18:41:38>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): ECDH_P224

2047.781.0:<2018/9/20, 18:41:38>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): nCipher Security World Key Storage Provider

2047.859.0:<2018/9/20, 18:41:38>: 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO): ECDH_P224

452.695.0:<2018/9/20, 18:41:38>: 0x80090030 (-2146893776 NTE_DEVICE_NOT_READY): Microsoft Platform Crypto Provider

2017.267.0:<2018/9/20, 18:41:38>: 0x80090030 (-2146893776 NTE_DEVICE_NOT_READY): Microsoft Platform Crypto Provider

2017.1094.0:<2018/9/20, 18:41:38>: 0x80090030 (-2146893776 NTE_DEVICE_NOT_READY): Microsoft Platform Crypto Provider

2017.1112.0:<2018/9/20, 18:41:38>: 0x80090030 (-2146893776 NTE_DEVICE_NOT_READY): NCryptOpenStorageProvider

2017.349.0:<2018/9/20, 18:41:38>: 0x80090030 (-2146893776 NTE_DEVICE_NOT_READY): Microsoft Platform Crypto Provider

2017.369.0:<2018/9/20, 18:41:38>: 0x80090030 (-2146893776 NTE_DEVICE_NOT_READY): Microsoft Platform Crypto Provider

2017.1452.0:<2018/9/20, 18:41:38>: 0x80090030 (-2146893776 NTE_DEVICE_NOT_READY): Microsoft Platform Crypto Provider

2027.3410.0:<2018/9/20, 18:41:39>: 0x0 (WIN32: 0): XXX PKISupport Center RSA Class 1 Client CA G1.1

2027.3419.0:<2018/9/20, 18:41:39>: 0x1 (WIN32: 1 ERROR_INVALID_FUNCTION)

2027.3410.0:<2018/9/20, 18:41:39>: 0x0 (WIN32: 0): XXX PKISupport Center RSA Class 1 Client CA G1.1

2027.3419.0:<2018/9/20, 18:41:39>: 0x1 (WIN32: 1 ERROR_INVALID_FUNCTION)

2027.10578.0:<2018/9/20, 18:41:39>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2710.607.0:<2018/9/20, 18:41:39>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2013.3265.0:<2018/9/20, 18:41:41>: 0x90658 (591448)

2015.3487.0:<2018/9/20, 18:41:41>: 0x90658 (591448)

2014.5082.0:<2018/9/20, 18:41:41>: 0x90658 (591448)

2014.2996.0:<2018/9/20, 18:41:41>: 0x90658 (591448)

2009.6707.0:<2018/9/20, 18:41:41>: 0x90658 (591448)

2009.6188.0:<2018/9/20, 18:41:41>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2014.5381.0:<2018/9/20, 18:41:41>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2009.5605.0:<2018/9/20, 18:41:46>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2009.1788.0:<2018/9/20, 18:41:46>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2009.6397.0:<2018/9/20, 18:41:47>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2009.6397.0:<2018/9/20, 18:41:47>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2027.10578.0:<2018/9/20, 18:42:26>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2710.607.0:<2018/9/20, 18:42:26>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2027.8410.0:<2018/9/20, 18:42:26>: 0x80004003 (-2147467261 E_POINTER)

2044.313.0:<2018/9/20, 18:42:26>: 0x80004002 (-2147467262 E_NOINTERFACE)

2009.6707.0:<2018/9/20, 18:42:26>: 0x90658 (591448)

2009.5333.0:<2018/9/20, 18:42:26>: 0x800700aa (WIN32/HTTP: 170 ERROR_BUSY)

2009.2458.0:<2018/9/20, 18:42:26>: 0x800700aa (WIN32/HTTP: 170 ERROR_BUSY)

2040.1254.0:<2018/9/20, 18:42:26>: 0x800700aa (WIN32/HTTP: 170 ERROR_BUSY)

2009.3505.0:<2018/9/20, 18:42:26>: 0x1 (WIN32: 1 ERROR_INVALID_FUNCTION): Microsoft Strong Cryptographic Provider

2009.3506.0:<2018/9/20, 18:42:26>: 0x28 (WIN32: 40): te-ENTPKI-Computer-d87ad73e-0f30-4e19-acd3-a790353430e8

2027.10578.0:<2018/9/20, 18:42:26>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2710.607.0:<2018/9/20, 18:42:26>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2027.10578.0:<2018/9/20, 18:42:26>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2710.607.0:<2018/9/20, 18:42:26>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2040.1379.0:<2018/9/20, 18:42:27>: 0x0 (WIN32: 0): te-ENTPKI-Computer-d87ad73e-0f30-4e19-acd3-a790353430e8

2044.313.0:<2018/9/20, 18:42:27>: 0x80004002 (-2147467262 E_NOINTERFACE)

2016.403.0:<2018/9/20, 18:42:27>: 0x2280000 (36175872):

2004.1422.0:<2018/9/20, 18:42:27>: 0x0 (WIN32: 0): sha1RSA

2004.1432.0:<2018/9/20, 18:42:27>: 0x0 (WIN32: 0): SHA1

2014.2136.0:<2018/9/20, 18:42:27>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2015.1302.0:<2018/9/20, 18:42:27>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2009.6686.0:<2018/9/20, 18:42:27>: 0x90658 (591448)

2014.5049.0:<2018/9/20, 18:42:27>: 0x90658 (591448)

2015.3465.0:<2018/9/20, 18:42:27>: 0x90658 (591448)

2009.6686.0:<2018/9/20, 18:42:27>: 0x90658 (591448)

2014.5049.0:<2018/9/20, 18:42:27>: 0x90658 (591448)

2007.1799.0:<2018/9/20, 18:42:27>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2015.2984.0:<2018/9/20, 18:42:27>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2015.2990.0:<2018/9/20, 18:42:27>: 0x0 (WIN32: 0): SHA1

2014.5218.0:<2018/9/20, 18:42:27>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2013.4665.0:<2018/9/20, 18:42:27>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

410.9193.0:<2018/9/20, 18:42:27>: 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)

410.9198.0:<2018/9/20, 18:42:27>: 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED)

3001.279.0:<2018/9/20, 18:42:28>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED): KeyExchangeAction: FALSE

3001.438.0:<2018/9/20, 18:42:28>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

450.198.0:<2018/9/20, 18:42:28>: 0x1 (WIN32: 1 ERROR_INVALID_FUNCTION): Error

450.199.0:<2018/9/20, 18:42:28>: 0x2710 (WIN32: 10000)

450.202.0:<2018/9/20, 18:42:28>: 0x0 (WIN32: 0): https://XXXv-CEPCES-p1.XXXoc.com/XXX%20PKISupport%20Center%20RSA%20Class%201%20Client%20CA%20G1.1_CES_Kerberos/service.svc/CES

450.202.0:<2018/9/20, 18:42:28>: 0x1 (WIN32: 1 ERROR_INVALID_FUNCTION): A message containing a fault was received from the remote endpoint. 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

450.206.0:<2018/9/20, 18:42:28>: 0x0 (WIN32: 0): Log

708.1567.0:<2018/9/20, 18:42:28>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

708.2126.0:<2018/9/20, 18:42:28>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

708.1819.0:<2018/9/20, 18:42:28>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

708.2141.0:<2018/9/20, 18:42:28>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

708.891.0:<2018/9/20, 18:42:28>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

2027.2869.0:<2018/9/20, 18:42:28>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED): https://XXXv-CEPCES-p1.XXXoc.com/XXX%20PKISupport%20Center%20RSA%20Class%201%20Client%20CA%20G1.1_CES_Kerberos/service.svc/CES

2027.253.0:<2018/9/20, 18:42:28>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED): https://XXXv-CEPCES-p1.XXXoc.com/XXX%20PKISupport%20Center%20RSA%20Class%201%20Client%20CA%20G1.1_CES_Kerberos/service.svc/CES

2027.259.0:<2018/9/20, 18:42:28>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED): The certificate request could not be submitted to the certification authority.

2027.271.0:<2018/9/20, 18:42:28>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED): A message containing a fault was received from the remote endpoint. 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

3007.2408.0:<2018/9/20, 18:42:28>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

3007.2194.0:<2018/9/20, 18:42:28>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED): A message containing a fault was received from the remote endpoint. 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

3007.2212.0:<2018/9/20, 18:42:28>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED): An error occurred while enrolling for a certificate.

The certificate request could not be submitted to the certification authority.

 

Url: https://XXX-pkiXXX-XX.xxxxx.xx/XXX%20PKISupport%20Center%20RSA%20Class%201%20Client%20CA%20G1.1_CES_Kerberos/service.svc/CES

 

Error: A message containing a fault was received from the remote endpoint. 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

3007.2670.0:<2018/9/20, 18:42:34>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED): https://XXXv-CEPCES-p1.XXXoc.com/XXX%20PKISupport%20Center%20RSA%20Class%201%20Client%20CA%20G1.1_CES_Kerberos/service.svc/CES

2027.2365.0:<2018/9/20, 18:42:34>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

450.198.0:<2018/9/20, 18:42:34>: 0x1 (WIN32: 1 ERROR_INVALID_FUNCTION): Error

450.199.0:<2018/9/20, 18:42:34>: 0x825a0052 (-2108030894)

450.202.0:<2018/9/20, 18:42:34>: 0x0 (WIN32: 0): Local system

450.202.0:<2018/9/20, 18:42:34>: 0x1 (WIN32: 1 ERROR_INVALID_FUNCTION): {D13B6EE7-8B66-44FD-9987-58D7AF04E6E41}

450.202.0:<2018/9/20, 18:42:34>: 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND): ENTPKI-Computer

450.202.0:<2018/9/20, 18:42:34>: 0x3 (WIN32: 3 ERROR_PATH_NOT_FOUND): A message containing a fault was received from the remote endpoint. 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

450.206.0:<2018/9/20, 18:42:34>: 0x0 (WIN32: 0): Log

2027.2400.0:<2018/9/20, 18:42:34>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

2009.3505.0:<2018/9/20, 18:42:34>: 0x1 (WIN32: 1 ERROR_INVALID_FUNCTION): Microsoft Strong Cryptographic Provider

2009.3506.0:<2018/9/20, 18:42:34>: 0x30 (WIN32: 48): te-ENTPKI-Computer-d87ad73e-0f30-4e19-acd3-a790353430e8

2027.7767.0:<2018/9/20, 18:42:34>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

2032.3511.0:<2018/9/20, 18:42:34>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

2027.1541.0:<2018/9/20, 18:42:34>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2032.3664.0:<2018/9/20, 18:42:34>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

2032.3668.0:<2018/9/20, 18:42:34>: 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)

450.198.0:<2018/9/20, 18:42:34>: 0x1 (WIN32: 1 ERROR_INVALID_FUNCTION): Error

450.199.0:<2018/9/20, 18:42:34>: 0xc25a000d (-1034289139)

450.202.0:<2018/9/20, 18:42:34>: 0x0 (WIN32: 0): Local system

450.202.0:<2018/9/20, 18:42:34>: 0x1 (WIN32: 1 ERROR_INVALID_FUNCTION): ENTPKI-Computer

450.202.0:<2018/9/20, 18:42:34>: 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND): https://XXXv-CEPCES-p1.XXXoc.com/XXX%20PKISupport%20Center%20RSA%20Class%201%20Client%20CA%20G1.1_CES_Kerberos/service.svc/CES

450.202.0:<2018/9/20, 18:42:34>: 0x3 (WIN32: 3 ERROR_PATH_NOT_FOUND): N/A

450.202.0:<2018/9/20, 18:42:34>: 0x4 (WIN32: 4 ERROR_TOO_MANY_OPEN_FILES): A message containing a fault was received from the remote endpoint. 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

450.206.0:<2018/9/20, 18:42:34>: 0x0 (WIN32: 0): Log

2032.2588.0:<2018/9/20, 18:42:38>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

2032.2031.0:<2018/9/20, 18:42:38>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

2032.5186.0:<2018/9/20, 18:42:38>: 0x803d0013 (-2143485933 WS_E_ENDPOINT_FAULT_RECEIVED)

402.326.949: End: 9/20/2018 6:42 PM 38.608s


AD CS Cluster problem

September 20, 2018, 11:49 pm
$
0
0
Hi,
I have a problem with the setup of an AD CS cluster. I have followed the “007-008669-001_Microsoft ADCS_Integration Guide_RevN.pdf” but it still doesn’t work.

Environment:
Two tier PKI infrastructure(one offline root and two issuing servers).
Two servers with windows server 2016 (1607 Build 14393.0).
HSM: LunaSA 6.3.0
Cluster node: node110.10.10.111
Cluster node: node210.10.10.112
Cluster name(Service Name):CACluster10.10.10.113
Cluster administration name:AdminCluster10.10.10.115
CA Name:InternalIssuingCA1

Total of 6 objects in HSM.
C:\Program Files\SafeNet\LunaClient>cmu list
Please enter password for token in slot 0 : *******************
handle=340      label=InternalIssuingCA1
handle=357      label=InternalIssuingCA1
handle=139      label=InternalIssuingCA1
handle=189      label=InternalIssuingCA1
handle=250      label=InternalIssuingCA1
handle=191      label=InternalIssuingCA1

Node1 see:
C:\Program Files\SafeNet\LunaClient\KSP>ksputil.exe listKeys /s 0
This Servers Host Name is: node1.labb.test.org and the logged on user is: Admin@labb
Enter challenge for slot '0' :*******************
MachineKey:             InternalIssuingCA1          Handle: 340
MachineKey:             InternalIssuingCA1          Handle: 189


Node2 see:
C:\Program Files\SafeNet\LunaClient\KSP>ksputil.exe listKeys /s 0
This Servers Host Name is: node2.labb.test.org and the logged on user is: Admin@labb
Enter challenge for slot '0' :*******************
MachineKey:             InternalIssuingCA1          Handle: 357
MachineKey:             InternalIssuingCA1          Handle: 139





The problem is that the Failover Cluster Manager cannot start the AD CS service on any of the 2 nodes. However I can start the AD CS service on each node if I use “net start certsvc” and after that the cluster is reachable if I use the command “certutil -config CACluster\InternalIssuingCA1 -ping”.

When using the “Failover Cluster manager” I receive the following error on node1:
Log Name:      Application
Source:        Microsoft-Windows-CertificationAuthority
Date:          2018-09-20 15:23:58
Event ID:      100
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      node1.labb.test.org
Description:
Active Directory Certificate Services did not start: Could not load or verify the current CA certificate.  InternalIssuingCA1 Keyset does not exist 0x80090016 (-2146893802 NTE_BAD_KEYSET).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{XXXXXXXX-YYYY-ZZZZ-WWWWWWWWWWWW}" />
    <EventID>100</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2018-09-20T13:23:58.116529300Z" />
    <EventRecordID>54941</EventRecordID>
    <Correlation />
    <Execution ProcessID="6072" ThreadID="5480" />
    <Channel>Application</Channel>
    <Computer>node1.labb.test.org</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData Name="MSG_E_CA_CERT_INVALID">
    <Data Name="CACommonName">InternalIssuingCA1</Data>
    <Data Name="ErrorCode">Keyset does not exist 0x80090016 (-2146893802 NTE_BAD_KEYSET)</Data>
  </EventData>
</Event>

And on node2:
Log Name:      Application
Source:        Microsoft-Windows-CertificationAuthority
Date:          2018-09-20 14:22:58
Event ID:      100
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      node2.labb.test.org
Description:
Active Directory Certificate Services did not start: Could not load or verify the current CA certificate.  InternalIssuingCA1 The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{XXXXXXXX-YYYY-ZZZZ-WWWWWWWWWWWW}" />
    <EventID>100</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2018-09-20T12:22:58.605162700Z" />
    <EventRecordID>54429</EventRecordID>
    <Correlation />
    <Execution ProcessID="4308" ThreadID="3856" />
    <Channel>Application</Channel>
    <Computer>node2.labb.test.org</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData Name="MSG_E_CA_CERT_INVALID">
    <Data Name="CACommonName">InternalIssuingCA1</Data>
    <Data Name="ErrorCode">The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)</Data>
  </EventData>
</Event>

Any ideas on what could be the problem?




Issue with Certificate Authority Certificate renewal with existing Keypair

September 20, 2018, 11:54 pm
$
0
0
We have a two tier Pki with offline Root CA and enterprise issuing CA with Safenet HSM, Now we are in the process of renewing the issuing CA certificate validity. But we are unable to renew the same. The option for saving the request file is not coming and automatically the CA is starting the service. Kindly let me why this is happening and help me to resolve this issue.

802.1X on a non-domain Radius (NPS) server

September 14, 2018, 2:12 am
$
0
0

hi all,

we deployed a non-domain windows server 2012r2, and enable radius (NPS) for the wifi client authentication via 802.1x

 and after we setup everything, all the smartphones able to connect to the wifi, but the windows laptop can't.

strange!

I using same account (radius server local account) on phone and laptop, only the phone can pass the radius authenticate.

at radius side, I check the event log, shown two 6273 id event log.

the first one said the account is not exist, and the account is my computer hostname.

the second one said authentication failed... (my server's language is Chinese)

thanks

Port Enable in Firewall

August 8, 2018, 11:14 pm
$
0
0

Hi All,

I have enable these ports "137,138,445" on windows server 2012 r2 firewall in base server and in VM also but still this port showing blocked.

We have to open these ports for sharing purpose to mac 

but we failed again and again

server edition is datacenter  and i want to know that if we enable the port on vm so is it mandatory to enable the port on base and right now i have enable the port from base as well as VM.

please let me know if anyone knows 

Thanks and Regards

Vipin Jeswani

[Windows Server 2016] CRL Distribution points not working with certutil -setreg

September 21, 2018, 5:49 am
$
0
0

Hi,

I'm currently setting up a Root Certification Authority with CAPolicy.inf file and post installation script afterwards. I noticed, that with setting the CRL Distribution Points with "certutil -setreg CA\CRLPublicationURLs" the replacement tokens will not get properly resolved. In particular I used the following command via batch file to set a standard CRL Publication point:

certutil -setreg CA\CRLPublicationURLs "1:C:\Windows\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n2:http://pki.domain.de/root/RootCAv1%%8.crl"

The result I get when publishing a fresh CRL afterwards is that the "%3%8%9" characters are present instead of resolving "CaName" and other variables properly. If I insert the plain text replacement token similar to configuration via"certsrv.msc":

certutil -setreg CA\CRLPublicationURLs "1:C:\Windows\System32\CertSrv\CertEnroll\<CaName><CRLNameSuffix>.crl\n2:http://pki.domain.de/root/RootCAv1<CRLNameSuffix>.crl"

I get an error message telling me "The filename, directory name, or volume label syntax is incorrect. 0x8007007b (WIN32/HTTP: 123 ERROR_INVALID_NAME". I noticed that some *.tmp files are generated in the correct folder, so I assume the file location in general should be fine. Last but not least: if I set the CDP manually in "certsrv.msc", everything is working fine.

Thanks for any hint about that issue.

Search

PKIview Snapin on 2012

January 29, 2014, 4:23 pm
$
0
0

Hi,

Am doing my first Windows Server 2012 ADCS install and cannot seem to find the PKIview snapin (Enterprise PKI) that was in server manager in 2008 R2. Has this been removed? If so what is the equivalent way of obtaining the information it provided in 2012?

Thanks

Chris

User certificate store

September 23, 2018, 6:37 am
$
0
0

I am facing an issue with a website in IE . This is an external website and i get error message Certificate Not trusted.

It looks like the intermediate certificate is missing .

I downloaded the intermediate cert from vendors site and when i installed it moved to "Users intermediate certificate store"

This solved the certificate error with the browser.

1 have a couple of questions:

Q:when do we need to add certificate to Users Store and when to the computer store (With admin account)

Q:how can we we actually tell if something is missing in users certificate store that may be causing browser certificate errors.

Q:What is the easiest way to distribute Users intermediate certificates.

Thanks in advance

PhoneFactor mobile app activation code URL incorrect

September 18, 2018, 3:00 am
$
0
0

Hi, I have multiple sites (all independent with their own domains) with functioning Multi Factor Authentication Server. I'm in the process of getting the mobile app working and have been successful on all but one site.

The mobile apps works to authenticate, there are no issues with this. The issue is generating an activation code in the user portal produces the wrong URL and hence the wrong QR code. When generating the activation code, I would expect something like this: https://co1pfpad03.phonefactor.net/pad/113237222

Except, I'm getting this: https://server.mydomainname.com/MultiFactorAuth/

The URL appears correctly on the MFA server application and the URL works as it should. Clearly the portal isn't pulling the URL from the MFA server. The only thing that may be worth mentioning is that the user portal is not on the same server as MFA.

Any advice appreciated.

Azure web app certificates

September 18, 2018, 1:05 am
$
0
0

Hello,

We have our internal CA and our web app is hosted in Azure. We have installed cert on Azure web app which is issued by our internal ca. 

By this setup I should be able to access my webapp from our org network as our CA is on same network. But I am still getting an error.

My understanding is if your ca and you are on same network, it doesn't matter, you should be able to access it internally. But why I am getting this error after binding a correct cert in webapp.

I don't want to use this url publically, its for internal access.

Thanks,

Akshay 

Akshay Vithalkar; MCTS(AD) MCTS(Network Infra) MCTS(Server Vitrtualization) MCITP(WindowsServer 2K8) MCSA(WindowsServer 2K8) MCTS(WindowsServer 2K12) MCTS(ExchangeServer 2013) MCTS(Office365 Identities and Requirements) MCTS(Enabling Office 365 Services)


MBSA 2.1 How export reports

August 8, 2009, 11:09 am
$
0
0
Hi.

I want to scanning remote computers using MBSA 2.1 but I want to export the reports to XML or SQL Database. I was reading the option /xmlout but this option only is limited to security scan (no vulnerability assessment checks).

I want to know if exist another way to export the reports generated by MSBA.

thks for any help.
Viewing all 12072 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>