Certificate Removal after Template Revocation
Quick summary, A Domain Admin created a V2 template without following internal best practice.Is there any way of removing the certificates from all the users stores created by the rogue template in an...
View ArticleHEARTBLEED - Verify PKI Infrastructure
Hi,Now a days we are hearing so much of information about heartbleed and how to verify the products against vulenarability.Is there any tool available to verify CA servers in our environment against...
View ArticleAD CS or PKI content comments or questions
You can ask technical questions about AD CS, PKI, or provide feedback about a document on this Security Forum. Please, remember to search the forum for your answer or issue before creating a new...
View ArticleHow to properly request a non-ADCS CA certificate from a stand-alone root
Hello,I need to generate a subordinate CA certificate for a non-Windows piece of infrastructure. Is there guidance published anywhere that explains the process for ensuring that the certificate...
View ArticleRenew Subordinate CA with new key
We have one Enterprise Root CA and one Subordinate CA server in our environment. Subordinate CA issues certificates to many DCs and Webservers.Now the certificate of Subordinate CA is getting expired...
View ArticleAD CS - W2012R2 - How to Automate the Removal of the Decommissioned Root's...
Hi there!We have a failed deployment of the PKI - Root and Subordinate CAs (both are Windows 2012 R2). Is there an automated way to remove their certificates from the Trusted Root Certification...
View ArticleAD CS - W2012R2 - How to Automate the Removal of the Decommissioned Root and...
Hi there!We have a failed deployment of the PKI - Root and Subordinate CAs (both are Windows 2012 R2). Is there an automated way to remove their certificates from the Trusted Root Certification...
View ArticleCannot write to Event Log from asp.net on Windows Server 2012 AZURE VM
I found this post...
View ArticleTLS 1.2 and SHA512
HelloRecently with all the news about Windows Server 2012 R2 and Windows 8.1 Update KB 2919355 and WSUS problems I discovered that TLS 1.2 in general does not work if just one certificate in the whole...
View ArticleSecurity log flooded with 4624 & 4634 - How can I find the source of these...
I recently noticed on one of my servers the security log is flooded with 4624 and 4634 events, for type 3 logons under my domain admin account. The server in question is a low volume terminal server,...
View ArticleCertificate Services compatibility matrix
Hello,I am working on one of the critical project upgrade to Windows Server 2012 R2. However, we are not upgrading the forest / domain as part of our project and our forest is Windows Server 2003...
View ArticleCertificate Authority Recovery
I accidentally revoked the wrong certificate with reason "unspecified", I realize that this was not unrevocable. I restored a CA database backup from last week, but was wandering if there was anyway...
View ArticleSChannel error- The SSL server credential's certificate does not have a...
We have a public SSL certificate that allows for Active Directory sync with LDAPS on port 636 with our email smart host. This was working fine and suddenly stopped working and we are now getting...
View ArticleWebserver template not displaying in Certificate Request on CA
Hi,I have a problem regarding issuing certificates for machines.Scenario:Single domain environment. Fresh install of a Enterprise root CA on one of the DCs.Now I want to request a certificate for the...
View ArticleThe trust relationship between this workstation and the primary domain failed
one of our developers was working on a Windows 2008R2 server and added some web server components to the server. He restarted the server and was able to log back in after rebooting.The error occurred...
View ArticleScripted change of own password.
Hello, I'm having 2 Windows Servers(A and B) that are not in domain, both running Windows Server 2008 R2. On server A I'm logged in as Administrator. On server B I have user account that is only...
View ArticleFrom time to time, I can't verify the expiration of my client certificate on...
I have a IIS web server and a CA(AD CS) server built on a 2008R2 virtual machine. I require a client certificate in order to access the web server. It works very well but FROM TIME TO TIME, a 403...
View ArticleClik here to view.
In ADSI Edit, the issuing CA is not in the Certificate Authorities container...
Hi All;i performed a migration of issuing CA to a new box and everything went well on the migration and all the end entities are able to enroll to new certs but when i go to ADSI Edit, I notice the...
View ArticleBitlocker implementation on Hyper-V host with guest VM
Hi, I've been drilling forums for a few days and can't really find the answer I am looking for. In a nutshell, I need to implement BitLocker on a few Hyper-V hosts that all have Guest VM's...
View ArticleWhy is "Authenticated Users" in the local Users group by default?
This has been bugging me for as long as I can remember:By default, "Authenticated Users" is a member of the local Users group on all Windows Servers (2003/2008/2012).My colleagues, and I, agree that...
View Article