Bug in Authentication Policies (R2 feature)
It's possible to delete an Authentication Policy (R2), even if it is applied by an Authentication Silo. Resulting in unexpected results or an ADAC crash... probably a bug?
View ArticleCertificate based authentication for mobile
We are looking at deploying mobile applications to our mobile BYOD estate. One of the ideas we're looking at is using user certificates pushed to the devices as a form of authentication in addition to...
View ArticleCan't establish IKEv2 VPN connection - "Error 13819: Invalid certificate type"
I'm trying to make a VPN connection to a Windows Server 2012 Essentials server. I can successfully connect using SSTP, but I want to use IKEv2 to improve performance. However, when I try to connect, I...
View ArticleCA Cryptographic service provider?
Hello,I am planning to install Single tier Enterprise CA on a dedicated Windows 2008 R2 Server.We still have Windows XP SP3 workstations and I have some questions about the "cryptography" options on...
View ArticleCreate Uniform Resource Access Custom Certificate Request
Hello,I am trying to create a IP-HTTPS Uniform Resource Access / Direct Access Certificate Request so that I can send it to Thwate as we do not want to manage a public CLR. I am following the...
View ArticleRe-enrollment issue
We are upgrading the clients to Windows 8.1 with SCCM 2012 and are experience a strange issue with users and computers certificates, the clients both consist of laptops, desktops and hybrids (Lenovo...
View ArticleDeleting user certificates
I deployed a user certificate to a group of users with autoenroll for a product we were testing, we needed a slightly different user cert for another product and now users are getting prompted to pick...
View ArticleLocal User group having "interactive" group as a member lets everybody login...
I am setting up 2012 R2 servers. I am rather perplexed that having the "Interactive" group as a member of the Local "users" group allows domain users to logon. A completely empty local "users" group...
View ArticleRoot CA AIA Extenstions
Hi All,I have a question regarding the AIA locations for my PKI infra. My environment;Two Tier – Offline root and 4 issuing servers (all in root domain) All servers are server 2012 STD. My offline root...
View ArticleUser certs not available for Wireless EAP, UPN/Email Fields
Trying to get a new wireless EAP system working with 2008R2 CA auto-enrolment. We're stuck between two methods;The auto-enrol certificate template is set to build the subject name from active...
View ArticleSequential Certificate Serial Numbers using Windows 2008 R2
It appears that Windows Server 2003 Certificate Services supports sequential certificate serial numbers. This was an undocumented feature that could be turned on using the certutil command or...
View ArticleActive Directory Certificate Services upgradation suggestion.
HiWe are preparing to migrate our enterprise PKI infrastructure from Microsoft Windows Server 2008 ADCS to Microsoft Windows Server 2008 R2 ADCS.I have some questions regarding upgradation though?1. Is...
View ArticleError at RSOP while trying to set Audit settings via GPO
Hello,i've configured Audit Policy via GPO and when i run RSOP on the server 2008 R2 i get X with the error "the policy engine did not attempt to configure the setting For moreinformation, see...
View ArticleMicrosoft Anti-Cross Site Scripting Library
HiI was wondering about the licensing using the MS Cross Site Scripting Library - is it free to use?
View ArticleDNS Amplification Attacks
With regards to Windows Servers, and the DNS Service operating on them. I'm absolutely surprised that this still is on-going within the DNS Service and doesn't allow anything but to simply disable...
View ArticleIPAD - Deploy domain certificate
I've researched deploying certs to IPADS extensively and found a bunch of info, but nothing is working.We secure our WIFI with domain certs and our NPS server doesn't verify if the cert is a computer...
View ArticleUnable to authenticate using wired 802.1x
Hello,We have a system with a lot of OS hardening, and Im at my wits end about this:My cisco-switch authenticates fine over radius.My win7 client which is NOT domain-connected(RDP-klient only) is...
View ArticleChecking certificate revocation
We are looking at creating an internal PKI. There is one point I am unsure about regarding certificate revocation checking....we can possible use CRL or OCSP, however how does the entity checking the...
View Articleweb enrollment certificate authority issued certificate but not installed
Server 2008 R2 IE 8Remote Desktop template with "Specify subject name", allow Private key exportableAccessing /CertSrv I can submit request filling Mark PK as exportable & adding attribute...
View ArticleEvent ID 13 enrolling DC Cert
I recently migrated our network from 2 W2003 DC's to 2 W2008 DC's, these are new servers, not in place upgrades. I installed AD CA on one of the DC's, and have since also installed it on the second...
View Article