IPSec Certificate on Enterprise CA
Hello,I'm trying to setup a VPN with IPSec, but I'm having some issues with the certificate request. My CA server is a 2008 R2, the CA is root and enterprise, and I'm using the Cisco ASA to setup the...
View ArticleCertutil and indirect CRL
Hello!I need to verify a certificate manually. CDP in this certificate points to indirect CRL. Hence, the issuer of CRL is not equal to the issuer of certificate.I try the command:certutil -verify...
View ArticleOCSP Error PKIView
I do not knowwhat the problem isbutIPKIViewtheOCSPerrormessage.Although theOCSP serviceis working correctly,certificates verified by thecertutil-urlverifiescorrectly.BrianI once wrote thatyou need to...
View ArticleCertification Authority
We installed the Certification Authority service on a 2008 server. How do we issue a certificate to a user to allow them to digitally sign Excel and Word documents? When I try to sign a document...
View ArticleFile/Folder Auditing in Windows Server 2003; Event 560/562 spam
I'm attempting to test auditing out (for files/folders), and I'm bumping into an issue:I have adjusted the audit object access to Success/Failure under Group Policy, and I've added the OU I want under...
View ArticleKerberos delegation works, but only for 10 hours
Hi all - and please forgive in advance if this isn't the right forum for the question.I have an application service which watches for a file to be dropped and then calls a SQL stored procedure which...
View ArticleWindows 2012 Stand Alone CA and IIS 8: Looking for the quickest way to issue...
Hello,I have a Windows 2012 Stand Alone CA. I like to provide SAN (Subject Alternative Name) certificates to a farm of IIS 8 servers.To my understanding IIS 8 is not able to create a request for SAN...
View ArticleHow to Find or Know Which Certificate is the Certificate Chain in a Domain...
I'm being asked to find the certificate that is the certificate chain for a domain controller. There is no CA in place. When I look in the Personal Folder for the local computer there are no...
View ArticleEnterprise subordinate Issuing CA Server 2003 will expired
Dear AllOur company has an CA Server ,Root-CA (Server 2003 platform ca-expired in 2019)Server was offline and we can not find the physical location.And the Issuing CA(Server 2003 Platform) which is...
View ArticleUAC Affects Local Account Access of Remote Shares
I came across an odd manifestation of UAC today. It's been a long time since I've had to set up CIFS shares using local accounts for authentication, having always had domain-joined computers, but...
View ArticleAccess Denied when trying to open or copy IIS logs
When I try to open my IIS 7 logs or copy them to another folder I get access denied. I have tried using CMD, Explorer and Notepad with run as admin.If I just try to open the file from explorer without...
View ArticleTemplate does not show up in Web Enrollment pages.
We duplicated the Web Server version 1 template on our Windows 2003 Server CA and published it to the CA for issuence. Set the permissions accordingly, Domain Admins: Read, Write, Enroll Then when...
View ArticleHow to locate Malicious or unwanted scripts in a Server 2008 R2 install?
I am Managing two systems as part of a competition, Windows Server 2008 R2 and a Windows 7 Machine. The competition is the National Collegiate Cyber Defense Competition. Part of my issue is i normally...
View Articleputty: network error permission denied
Hello, I posted this here and they send me to your TechNet forum. Because i misread the topic i also posted it here and the owner suggested i post it under Windows Server Forums> Security . I hope...
View ArticleACTIVE DIRECTORY CERTIFICATE SERVICE
Team,I an trying to publish my CRL to a webserver and I did the ffg-- configured the CA--- installed ADCS correctly--created an IIS server and created a virtual directory called certdata--on the CA I...
View ArticleAD CS (PKI): Offline Root still best practice, even with HSM guarding the...
Hi!It's been a while since I've implemented a PKI that has access to a HSM, and I'm wondering if the concept of having an offline Root CA still applies?Since you can't sign any objects without having...
View ArticlePKI: Recommended design for (legacy or otherwise) device interoperability
Hi!Working on a new two-tier PKI design, I have come across an uncertainty which I cannot quite google an answer to.In the design, I wish to use CNG with SHA2 (SHA-256) and 4096-bit keys. The clients...
View ArticleNDES service account
Hello, I have a general question that I have been thinking about. Is it possible to use a Managed Service Account or Group Managed Service Account for the Network Device Enrollment Service? I have...
View ArticleCertificate Auhtority Post Migration Issue - URGENT
Hi,two days a go I migrated our CA from 2003R2 to 2008R2. the server name of the destination is different than the server name of the source. I followed all the steps that I knew of and matched them...
View ArticleMS11-061 still vulnerable after patch applied
I have a Windows 2008 R2 Server serving as an RDS gateway. We also use Qualys to do vulnerability scanning. Qualys is still reporting: Microsoft Windows Remote Desktop Web Access Elevation of...
View Article