LDAP Signing
A question has come up in our environment as to if we should enable LDAP signing or not on our DC's. The issue that was brought up with that is what about the resources on the network that are using...
View ArticleNo templates available on Enterprise CA
I asked a question previously http://social.technet.microsoft.com/Forums/windowsserver/en-US/9e935915-89ec-4c82-ae4f-36a8aeb56074/various-certification-errors?forum=winserversecurity, which was marked...
View ArticleServer 2008R2 - SSL Certificate Weak Public Key Strength
Hello - I'm using a Windows 2008R2 server and am working on locking the system down. We use the BeyondTrust Retina Network Security Scanner, the scanner returns two results that I'm having trouble...
View Articlecert enrollment using mmc
I am trying to enroll a cert using mmc, this user "test123" has an AD account and has read and enroll right on the cert template. I log on to the domain on the user pc using the user account...
View ArticleDoes Windows remember PIN of the Virtual Smart Card in memory?
Does Windows remember the PIN of Virtual Smart Card (VSC) in memory?I created a Virtual Smart Card in a Windows 8.1 laptop which is in Domain environment, and I created two certificates associated with...
View ArticleSetting up 2nd NDES server
We have implemented a single tier PKI with the NDES role installed on the CA. The NDES is serving up certificates for our MDM (mobile device management) solution. The MDM template was hardcoded into...
View ArticleADCS problem with enroll certificates for computers.
Hi All,There are PKI infrastructure:1 standalone root CA (Win 2008 Std, workgroup, offline)2 enterprise issuing CA (Win 2008 Ent, DC role, NPS role)In AD all root\issue CA certs is available, crl is...
View ArticleFrom time to time, I can't verify the expiration of my client certificate on...
I have a IIS web server and a CA(AD CS) server built on a 2008R2 virtual machine. I require a client certificate in order to access the web server. It works very well but FROM TIME TO TIME, a 403...
View ArticleClik here to view.
OCSP in DMZ
I would liketo knowhow do I installIIS(Figure 1) shows theexternal addressuw.comthat I could fastentheOCSPserverin the domainuw.loc?When installingOCSP on the IIS serveris installed automatically....
View ArticleNon-domain computer request certificate
We have Enterprise CA with Certificate Enrollment Policy Web Service and Certificate Enrollment Web Service on same domain computer. When I configure Enrollment policy on non-domain computers by...
View Articlekrbtgt/"DOMAIN" Service Name Locking Out User Account on Windows 2008 R2 Server
Hello--One of my admins account is constantly being locked out...we use Splunk for log management and the locked is happening because of something happening on one of our Windows 2008 R2 servers. We...
View ArticleWindows Server 2008 Firewall Blocked 'Java (TM) Platform SE Binary'
Hi Guys,One of our Windows Server 2008 boxes randomly blocked the 'Java (TM) Platform SE Binary' last night. I have checked the Firewall logs and can only see the time the rule was blocked by 'NT...
View ArticleDST Patch
Hi All,We are having 1600 Servers for our organization, there is a DST time change on 27 April 2014 for Chilli \ LATAM region, we have already applied the DST patch in the month of March 2014, could...
View ArticleSmart card logon with third party CA combined with ADFS to Office 365
Greetings,I've been trying figure out how to implement ADFS to Office 365 in MS cloud in our environment, with little luck. I have a working 2012 domain and we are already using smart card logon on...
View ArticleGranting write access to a share on the c drive on Server 2012 R2.
I created a share on a Server 2012 R2 that shares c:\inetpub. I then created an account for the programmers to access it. The programmers can read but not write to the share. The share permissions...
View ArticleServer 2012 Error 505 on http://localhost/certsrv/mscep_admin
Ok apparently I cant get past this. Installed NDES etc on Server 2012. This server is not hosting the domain CA. I created the recommended domain user account for the service, added the user account to...
View ArticleCA pathlength
Got a couple of question about pathlengths. 1. Assume when I setup my PKI with a Root and 2 subordinates I did not use the pathlength option in any capolicy.inf fileThis means I can created...
View ArticleIssue generating a subordinate certificate - The certification authority's...
Other recipients: Hi Guys, I have a root CA and a sub CA. I want to generate another Sub CA certificate from my current sub CA however when I try to do so either via web or csr file I get the below...
View ArticleAccount with admin privilges still prompted by UAC for admin credentials
I've just added two member servers running Windows Server 2012 R2 to my domain. I don't wish to use the domain administrator account itself to log into these two servers, but they should have...
View Articlehow to give permisson AD user to login server
hi i have 2008 server i plant to give one AD user to login our company server but he do not has administrator rights i must give one user to login our server without admin rights.i try to give this...
View Article