custom templates not available to publish
question asked 1ooo times on all forums and always same answer: v2 templates not supported on standard edition.but i have CA on w2k8 R2 standard - since R2 v2 certs are supported. i tested on virtual...
View ArticleClik here to view.
Signed Executable Expiring
I am curious, what will happen to a signed executable that starts a service and the certificate expires? I'm guessing there must be configuration parameters that on the server that allow you to ignore...
View ArticleKerberos encryption algorithms in FIPS 140-2 compliant mode.
Windows Vista/7/Server 2008/R2 support AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96for Kerberos in FIPS 140-2 compliant mode.However, AES-CTS itself is not listed in NIST FIPS140-2 approved...
View ArticlePKI certificate enrollment behind firewall
We have PKI setup in our lab with 1 root, 1 issuing CA and 1 CDP. We have an edge network in our lab using a RODC (Read Only Domain Controller) and a serverX in that RODC edge network. There is a...
View ArticlePassword storage in AD
Hello,I'm working at a client site and was just asked "are the passwords that are stored in AD stored in a functionality that is FIPS140-2 compliant?" Can someone comment on this?Thanks in...
View ArticleIs there any step by step guide to seup private CA for EFS by windows 2003...
Is there any step by step guide to seup private CA for EFS by windows 2003 and 2008 ?
View ArticleCRL Publication and Validity
HiI have a issuing CA server in a lab environment to test a production configuration. I have a certificate policy determined by an external body, who operate the root CA server, which state a CRL...
View ArticleCertificate Chain and verification
Awhile back we re-issued certificates in our Forest/domains with 1024 key. We were at 512. We are now having a problem with an application trying to use SLDAP and allow the user to change passwords....
View ArticlePreventing Administrators from accessing payroll information
We need to allow access for 3 members of our HR staff to sensitive payroll information that is stored in files (not in a database). I want to ensure that our administrators cannot access the data....
View ArticleComputer randomly restarts
in my event log i have bunch of entries by Security-Spp and one of them says Successfully scheduled Software Protection service for re-start at 2112-12-24T05:46:25Z. Reason: RulesEngine.when my...
View ArticleKRB5_KDC_ERR_NOSUPP error for every cipher other than rc4-hmac
Team,After trying the following:Enabling FIPS mode in registry, enabling AES for user on AD, setting proper value in registry to enable support all ciphers in windows 2008R2.still when my kerb client...
View ArticleRepair Disc in windows server 2008
Hello sirI have windows server 2008 enterprise edition sir I have to repair disc of this server. I have checked but there is no option to create the repair disk. what is the process to repair disc of...
View Articleauditing file share on windows 2008 R2
I think I may need a little handholding here. I have been working with our new Windows 2008 R2 file server. I am having a problem doing some simple file level auditing.I turned on Audit Object Access...
View ArticleSchannel. Event ID 36886, 36887.
Hi! After installing ADCS I've got warnings on both domain controllers (Win 2008 R2):Event ID :- 36886 Source :- Schannel Description :- No suitable default server credential exists on this system....
View ArticleDomain Administrator Password Change Question
Hi, are there any other repercussions to changing the domain administrator password that was used during domain creation (other than services that depend on the credetials to start not starting)?...
View ArticleClik here to view.
Certificate Error on particular URL Hit
HI FriendsI have one URL when I hit in BROWSER IT GIVE ME below screen;when I click continue to this site and investigate i found this.Kindly help me resolve this issue. and suggest me some URL where i...
View ArticlePKI - Security
We have a problem with permissions in security tab. We have several branch offices with single AD Domain.Every branch has a Certification Authority. AD Domain contains an OU for each branch. Question:...
View ArticleKB956744 is failing no new 2003 R2 servers - KB Log below.
Hi,Can anybody please help, I have an update which is deployed via WSUS, and has also been attempted manually KB956744 but it fails on 3 test servers so far.The update is not already installed. The...
View Articlesecure UDP 500 on 2003 R2
I have a 2003 R2 server running an IPSec policy to secure a few ports between client/server. The IPSec policy works fine, however I've noticed that the server has opened UDP 500 for IKE which does...
View ArticleJoin member to domain root CA is downloaded
Fact: when the member computer is joined to the domain, the AD-published Root CA certificate is pushed to the new member automatically.Question: is there any PKI MVP blog that describes this in more...
View Article