Can i have 2 Enterprise Sub-ordinate CA in the same domain for different Sites?
I am working on Secure Wifi Implementation for a client who has single domain. The client is repsonsible for America Site alone where i am implementing the secure wifi. Now i read many articles and...
View ArticleMigrating the computer to another domain in the same forest but the...
Hi,We are migrating computer objects and users from one domain to another in the same forest using ADMT.Example:From domain: olddomain.contoso.comTo domain: newdomain.contoso.comWe can see that after...
View ArticleBest practice settings for Computer Template Certificate and Server Template...
Hi,We are going to deploy a new computer certificate to all workstations and laptops.At the same time we are changing SubCA to a new one and eventually decommissioning the old one so we have...
View ArticleRadius and WPA-2 Enterprise authentication problem
Need some suggestions here. I have just setup a Access Point to use Radius wireless auth in a test environment.1) I have a Radius global security group setup in AD. When I add the computer account...
View ArticleMS08-068 SMB Vulnerability and IIS FQDN Resolution
The MS08-068 patch introduced behavior changes in IIS 5.1 and above, particularly the inability to resolve the FQDN or host headers when browsing (or making a web service call) on the same machine to...
View Article"The RPC Server is unavailable" error requesting a certificate with...
I am creating a web service that allows users to request a certificate.The web service can be accessed with windows authentication. I would like to impersonate the authenticated user to submit the...
View ArticleFix W2K12 CA form Issuing 1024-bit WebServer Certificates
Hello, and thanks in advance for the help.I've got a freshly built Windows 2012 Datacenter CA, happily serving certificates out to the the forest.However, it keeps issuing 1024-bit WebServer...
View ArticleCan you revoke a root certificate?
A customer has lost the backup of it's own offline PKI Root Server (Windows 2003). As a security precaution we want to revoke the current root and issuing certificates.In our test environment we...
View ArticleCorrected CDP/AIA points on RootCA, how to have this on SubCA
I corrected my CDP/AIA points on RootCA (so it is correct for the chain)I re-newed SubCA certificate (now I have 2 certificated in properties, one "old" with wrong CDP/AIA & one "new" with correct...
View ArticleNeed Hardening SCRIPT (.bat,.vbs , etc) for Windows Server 2008 R2 64 bit
Hi,I need Hardening SCRIPT (.bat,.vbs , etc) for Windows Server 2008 R2 64 bit. Can anybody help me with that. I have searched all around but have only been able to find the Security Guide , documents...
View ArticleKB2416472 installement disappeared from server
Hi,I have a web portal that went live on production server.In 2011, I installed KB2416472 on the production server.Few months ago, I upgraded .NET framework from 4.0 to 4.5.Later on, I noticed that...
View ArticleSSPI handshake failed with error code 0x80090311
Hi guys,I get this error and i know it comes from my Linux server in an IPA domain.Error: SSPI handshake failed with error code 0x80090311But i want to trust this connection. How do i do this?Kind...
View ArticleAD Selective Authentication on non-domain devices
Here is our setup.domainA.com domain trust with domainB.com with selective authentication. ACLs are in place on OU's that contain computer objects which have 'allowed to authenticate' enabled. Users...
View ArticleEFS Encryption
I have seen tons of posts everywhere about default recovery agent for Server 2000, but I need to know if this applies to Server 2008 as well. Who is the default agent? Is it the first who logs on to...
View ArticleWCF REST Service Directory Security Attributes
Hi ,I am working on a REST based WCF service. The service is hosted using basic authentication over SSL. When i using the HTTP Requests, the request is serviced correctly and I am getting the expected...
View ArticleCertificate Services: CA-Xchg certificate renewal ignoring configuration...
HiI'm seeing a problem with CA-Xchg renewal and I'm hoping someone can help. This is on w2k3 r2 SP2 CA machine that's attached to an HSM.The first time the CA issues itself the CA-Xchg certificate, it...
View ArticleCA EFS certificate on encrypted SMB share folder issue
Hi, I have an issue I don't understand. In my lab I have 1 DC 2008R2, 1 Member Server 2008R2 with Enterprise CA, 1 win7 Client. I have created 1 duplicate EFS template and 1 duplicate EFS Agent...
View ArticleBest path to stop using the Administrator account?
Hi, My organization is running a domain at the 2k8 R2 functional level, and for the life of the organization, the IT department (myself included) has been undisciplined about not using the...
View ArticleDocumentation about implementation of security requirements
Dear Microsoft, the client I work for needs details about the security architecture and functionalities implemented for their products, which rely on some MS software (Windows Server 2008 and/or...
View ArticleEventID 675 Failure Code 0x19 (Windows Server 2003 as DC, Windows Server 2008...
Hello,We are trying to narrow down as to what is causing a lot of Kerberos Pre-Authentication Failures and logging events to Domain Controller. Every 675 event is followed by 672 for successful logon....
View Article