MAC and Linux NPS authentication
Hi,I am setting up PKI and NPS environment for 802.1x authentication. I published computer certificates to all Windows Domain Computers. All Windows Domain Computers are connected successfully using...
View Articlecertification authority - Migration
Hellopeople,I have acertification authorityinstalled on myDC.I need tomigrate thiscertification authoritytoanotherserver withjust this functionand removetheDC.How can Ido thissafely, without...
View ArticleHow to get the number of issued active certifcates from a CA
Hi,We have a PKI infrastructure still running on Windows Server 2003. How can I get the number of active certificates issued? I have used the filter option on the issued certifcates node listing the...
View ArticleHow to do domain-join with IPSec?
How can new computers join the domain when the Domain controller requires IPsec?I could think of ways if the authentication method Pre-shared key was used or if a certificate was used but what if the...
View ArticleStandalone CA Certificate
Hi, Can a standalone root CA, that is not a domain member, issue IPSec (IKEv1 or IKEv2) certificates to users of a domain to connect to a VPN?CA: Server 2012Domain Controller: Server 2008 R2
View ArticleEvent ID 36887, Schannel 45
Hi,I've been noticing the following in the Event Log:Event 36887, SchannelThe following fatal alert was received: 45 Log Name - SystemSource - SchannelEvent ID - 36887Level - ErrorUser - SystemOpCode:...
View ArticleWindows Firewall doesn't work as advertised: "File and Sharing (SMB-in)"...
Hello,I'm trying to understand whether I'm the one who's crazy, doing something wrong, or whether Windows Firewall was designed to be broken (and stay that way through Windows Server 2008 R2!)When I go...
View ArticleSubordinate per domain?
5000-10000 users/devices. 5 domains in same forest. root offline CA required. Windows 2012 CA. Windows 7 clients.Any advantage or disadvantage of having a subordinate CA in each domain?Thanks
View ArticleCertificate Validity Period Question
I work for a foster care organization and cant decide on how long we should have our Validity period last. These certificates will be used for digitally signing word docs. The problem im running into...
View ArticleSSL/TLS connection issue
Hello,I had windows 2003 certficate authority and ssl deployment were fine. Now with 2008 Certficate authrity i am having a issue.One of the SSL website is not working when browsing from windows 2003...
View ArticleWindows 2012 Stand Alone CA and IIS 8: How to request to issue SAN Certificates?
Hello,I have a Windows 2012 Stand Alone CA. I like to provide SAN (Subject Alternative Name) certificates to a farm of IIS 8 servers.To my understanding that IIS 8 is not able to create a request for...
View ArticleUsing RemoteApp to limit malware threats on clients
Greetings, I have a proposed setup that I would like to get some feedback on possible security implications on. This is the setting: There are two LAN-segments, divided by a firewall. Lan-segment 1...
View ArticleRPC over HTTP basic authentication keeps getting disabled after 5 minutes
We have a SBS 2008 standard server SP2 with Exchange 2007 SP2. Some of our users use RPC over HTTP to retrieve their e-mail only it's not functioning anymore. I found out that basic authentication...
View ArticleWindows Server 2008 (R2): Grant specific Permission to view Service State
Hello!I´ve got the following security question:Scenario:Microsoft Dynamics CRM 2011 (5.0) should be installed on a new application Server (W2K8R2) with the Database on an existing separate SQL Server...
View ArticleAD CS (PKI): Offline Root still best practice, even with HSM guarding the...
Hi!It's been a while since I've implemented a PKI that has access to a HSM, and I'm wondering if the concept of having an offline Root CA still applies?Since you can't sign any objects without having...
View ArticleOCSP and external HTTP address
HelloIs thehttp address,which will be availableoutside the companysuch as: http://ms.te/ocsphas to point toan internal serverthat is running theOCSPservice?
View ArticleLDAP over SSL on Windows 2012R2 Server DCs - TLS 1.2 not working
Hi there,We've upgraded our DCs from 2008 R2 to 2012 R2.After moving the Enterprise CA from 2008 R2 to 2012 R2 domain controller (same IP, same hostname) according to this guide:...
View ArticleInternet Explorer 9 not showing as not installed when using Windows Update -...
I built a few new Windows Server 2008 R2 with SP1 VMs today and ran into a problem where Windows Update is not detecting the fact that Internet Explorer 9 is already installed. Internet Explorer 9...
View Article529 event ID in Security audit failure
Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 1/20/2014 Time: 8:20:50 AM User: NT AUTHORITY\SYSTEM Computer: Server1 Description: Logon Failure:...
View ArticleDefining more "predefined groups" of ip to use in rules
I want to add some rules to inbound connection of my win 2012 server. All the rules should apply to a group of ip addresses. It looks like the firewall supports groups of IP (predefined groups) but -...
View Article