CA EFS certificate on encrypted SMB share folder issue
Hi, I have an issue I don't understand. In my lab I have 1 DC 2008R2, 1 Member Server 2008R2 with Enterprise CA, 1 win7 Client. I have created 1 duplicate EFS template and 1 duplicate EFS Agent...
View ArticleKB2416472 installement disappeared from server
Hi,I have a web portal that went live on production server.In 2011, I installed KB2416472 on the production server.Few months ago, I upgraded .NET framework from 4.0 to 4.5.Later on, I noticed that...
View ArticleMS12-060 (KB2687441) Patch Installation Issue
HiI use LANDesk Shavlik Protect to scan servers for missing security patches. I have a Windows 2008 server hosting SQL 2008. Shavlik detects patch KB2687441 as missing for two components (Microsoft...
View ArticleCorrected CDP/AIA points on RootCA, how to have this on SubCA
I corrected my CDP/AIA points on RootCA (so it is correct for the chain)I re-newed SubCA certificate (now I have 2 certificated in properties, one "old" with wrong CDP/AIA & one "new" with correct...
View ArticleCan you revoke a root certificate?
A customer has lost the backup of it's own offline PKI Root Server (Windows 2003). As a security precaution we want to revoke the current root and issuing certificates.In our test environment we...
View Articlesmart card interactive logon does not work on some of the domain computers
Dear all,We have a problem with smart card interactive logon, below are the symptoms:smart card interactive logon works on some servers in the same domainroot certificate is deployed via GPO and...
View ArticleClik here to view.
Running Certutil access denied
Hi There,I have issue with Ruining Certutil in my server.User is Domain Administrator and applied for all security Groups.below is the screen shot, any suggestions ???? Vinay Kumar.
View Articleipsec Authentication doesn't work
hi friends in my hyper-v test lab, i have tree win2008 R2 VMs. vm1= dc+enterprise root CA vm2 & vm3 are domain joined VMs. in vm2, via MMC i obtained a computer certificate from...
View ArticleClik here to view.
Remove Certificate from Store
Helloi'm setting up Key Recovery Agent.I have enrolled Certificates and then removed and renewed the certificates from local store and revoked from ca.Now the old Certificate still shows up without the...
View ArticleLogon Events
We are implementing a Barracuda Web Filter in our network and for us to be able to get this to work right with Authenticated users the Barracuda looks at the DC Security log where it tracks Events 4624...
View ArticleDistribution Point URL
The default value for the HTTP CDP is http://<ServerDNSName>/CertEnroll/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl Is there a way to use a variable to fill in the...
View ArticleHow do you disable SSL\ CBC Ciphers and Weak Algorythms in Windows Server 2003
Hello, and please accept my humble thanks in advance.The problem that I'm having is the protocols listed below must be disabled on my Windows 2003 (IIS) Servers before we can pass a PCI audit. Now I've...
View ArticleCan Only Add Cert Template through Command Line (Can't use GUI)
I am hoping somebody can figure this issue out.We have a Server 2008 Enterprise 32 Bit server running AD certificate Services. Plan was to migrate the server to 2012 R2 (64 bit). I went through the...
View ArticleWindows CA Template issue problem from Certsrv WEB page
I’m trying to generate an SSL cert for Vmware with a Microsoft 2008 R2 CA. We are only using a single Root CA.I have followed the instructions outlined in this article for setting up the Certificate...
View ArticleImpact of enabling administrative shares windows 2008
I am currently trying to run an IIS Tool provided by Microsoft to review our current IIS setup but it has now emerged the shares i.e ADMIN$, C$ and IPC$ are needed. Currently we have these shares...
View ArticleThe signature of the certificate cannot be verified 0x80096004 (-2146869244)
hiI am creating a three tier CA infrastruture, I have created the 2 tiers (1 root and 2 standalone CAs), however when I try to create the issuing server (enterprise sub ordinate) I am getting the above...
View ArticleUnable to bind SSL certificate from Network Solutions
I'm not sure if this is the correct forum or not but I didn't see one that looked more suitable.I have a server running 2012 with the RDS role. I'm trying to install an SSL certificate on it in IIS8...
View ArticleShorten the serial number of certificates issued by a Microsoft CA
I've noticed that since using a 2012 CA the serial numbers of issued certificates are enormous (e.g. 2b0000000efdab71d277bb65f200000000000e). I know logically it doesn't really matter how long the...
View ArticleRemove a subordinate CA
I am in the process of setting up a PKI for our organisation. I have setup an Offline Root, Offline Policy Subordinate CA and an Enterprise Subordinate Issuing CA. Due to a number of issues I am...
View ArticleAutomating certificate generation
I have a scenario where I'm using an Enrollment agent cert and certreq to automate certificate requests on behalf of a bunch of users. What I'd like to end up with is a .pfx file (with password) that I...
View Article