Stand Alone CA:Win 2008 RC2: How to add Certificate Policy Extension to...
Greetings, We have a Stand Alone CA:Win 2008 RC2: and are wondering how to add Certificate Policy Extension to non-CA certs via Xenroll or CertEnroll browser controls.Patrick Henry Tronnier
View ArticleCreating IPsec filter list to encompass port range
This was previously posted to Platform Network, but I have removed it there, since I did not receive replies:Hello,I am aware that I can either use an IPsec policy, or the newer Windows Firewall with...
View ArticleCA errors
hello,Im monitoring CA(win 2008 sp2) with SCOM and i see 3 errors: Event Description: A certificate in the chain for CA certificate 0 for ServerCA has expired. A required certificate is not within its...
View ArticleUser certificate autoenrolment
Hi There,I have one DC and One CA server both are windows 2k8. I have configured a GPO for computer and user certificate auto enrollment for the domain users. I find that I am able to get computer...
View ArticleHow to create request for thirdparty Sub-CA ?
We want to use a https-proxy-appliance as a subordinate ca. The appliance can't create a request file for a subordinate certificate request. The Root-CA is a Windows Server 2008 R2 standalone...
View ArticleIPsec security rule with user certificate authentication
Hi,I have set up a connection security rule with user certificate as second authentication method. This works fine as long as the user certificate is enrolled and stored directly in the personal...
View ArticleNDES automated renewal of existing certificate via SCEP not working
Hi there,we are currently testing the following scenario (which we already had working) - the goal is an automated renewal of existing certificates by Cisco iOS-Devices.The renewal is working, but...
View ArticleConfiguring Wired 802.1x Authentication step-by-step guide
Hello AllI don't have a question at the moment, but I wrote a step-by-step guide on how to configure Wired 802.1x Authentication on Windows Server 2012 using Cisco switches.You can find the document on...
View ArticleIs the local system account the same as the computer account in this scenario?
Hi,I'm having a problem trying to get a PC to access a remote file share at login.The share contains an msi that is to be installed before the user logs in. I take it that the software will be...
View ArticleWhy are users getting Version 1 User certificate?
HiI wonder if someone can explain why I am seeing behaviour I do not expect from our PKI. It is a 2 tier CA hierarchy, offline stand-alone root with Server 2003 R2 SP2 Enterprise Issuing CA. We have a...
View ArticleWhat is the best Microsoft antivirus solution for Windows Server 2003?
Hello,I have a medium network of 24 client computer, with 2 Windows Server 2003 SP2 (32 bits). One of them a DC.What is the best Microsoft antivirus solution for domain network with Windows Server...
View ArticleEnterprise Sub CA backup / restore in Virtul environment
Dear All , We have a physical standalone offline Root CA enterprise Sub CA , online responders in a virtual environment. Backup Strategies are as follows On the Root CA ##################### 1-...
View ArticleReset password on Windows Server 2008 R2
Hi All, We have an Employee Self Service application running on standalone server. One of the feature of the application is "forgotten password", so employees can reset their own passwords. It works...
View ArticleServer 2012 hardening?
Hello,has anyone seen any DOD or similar server 2012 hardening templates? We are looking into bringing some 2012 web servers into production, but we need to harden first. Other than the security...
View ArticleHow to Set Deny Users to Move one Folder to Another but Allow them full...
Hi,We have a network drive called Drive P (for example) and under Drive P are Folder A and Folder B. SCENARIO1. Security Group Folder A gives full rights to Folder A (all subfolders and files)....
View Articlenew enterprise CA
will configuring new enterprise AD CS server in environment start issuing certificate immediately ? i mean will autoenrollment start immediately ?if yes..how can we avoid it ?thnx
View ArticleEFS & decommissioning old Enterprise CA
I have old Windows Server 2003 domain controller with enterprise Certification Authority installed. This CA has issued some EFS certificates for users (not too many, fortunately, but to find those...
View ArticlePort 3127
I have a Windows Server 2003 box running IIS 6 and while looking at my netstat I found port 3127 was LISTENING. I tracked down the process associated with the port and it is 'inetinfo.exe'. Just...
View ArticleIIS - CA certificate error
Greetings All:Client provided a certificate I installed on Cert Manager in Trusted Root Certification Authorities – Certificates. When I click it says "Certificate is OK" that means it is installed...
View ArticleSecret key archival is only configurable for CA unit not template unit ?
we use windows 2003 Enterprise CA.It looks CA do not archive secret key.we use EFS for end user.If we use EFS recovery certificate and resister it to GroupPolicy, group policy publiced EFS encryped...
View Article