Question about missing function when using ADCS certsrv webenrollment
Hi,We recently setup a new ADCS. When I try certsrv web enrollment for requesting my first certificate, I can't seem to be able to do so.Here is what I've seen: After I successfully authenticate with...
View ArticleDisableIPSourceRouting registry key on Server 2012 R2
Hi,We have security scanning software which is complaining that the DisableIPSourceRoutingregistry key is missing. I've found plenty of old articles about adding the key and setting it to 2 to stop...
View ArticleBitlocker recovery passwords not backed up in AD
We are looking for a way to get a list or report of computers that have bitlocker enabled but have not had their bitlocker recovery passwords backed up to Active Directory. We have the policy set to...
View ArticleServer 2012 Local Shares - Cannot access using \\IP but works via \\localhost
I've been stuck on this problem for the last couple of days and I can't find a solution on the internet that works. I have a Windows Server 2012 instance running on Amazon AWS with a public IP...
View ArticleMigrate Server 2008 Certificate Authority To New Server Different Host Name?
Our internal CA is installed on one of our Exchange servers. Exchange is being migrated from 2010 to 2013, so all current Exchange servers will decommissioned and replaced with new new Hyper-V VMs...
View ArticleInstalling NDES on Server 2012 R2 Problem
Hi,I’ve a 2012 R2 CA which is running very nicely. I’m now trying to install NDES on a separate server (also 2012 R2) but when I run the Install-AdcsNetworkDeviceEnrollmentService cmdlet I have two...
View ArticleAdded latency when using higher Eliptical Curve of HSM in a Windows PKI
Hi All,I’m experiencing some performance issues / delays while performing common ADCS tasks/processes on an Enterprise Subordinate CA that has HSM installed to handle the cryptography & key...
View ArticleSmartCard logon in a multiforest environment
How can i configure a workstation to logon to a specific domain/forest ?1) i have two forests - one user forest(U) and one resource forest(R)2) workstation are part of R forest and user objects are...
View ArticleOCSP Location #1 Error
I have setup an OCSP Responder and verified its functionality with certutil -url command. Yet, in PKIView, it reads OCSP Location #1 Errorhttp://ocsp.company.com/ocsp. Why?
View ArticleAutomatic certificate enrollment for local system failed (0x800706ba) The RPC...
I'm getting the auto-enrollment error above not because of a configuration error but for the reason that the Root CA machine was taken out of service and disposed of! So the unable to contact is a true...
View ArticleEvent ID 540 & 680 filling up on mailserver
Hello everyone,we keep receiving the event log 540 and 680 on the exchange server event log. can we stop that? The problem is when user do the send and receive under the MS outlook. it will create the...
View ArticleGrant access to modify membership of local administrator group
helloI am active directory administrator and i like to grant a certain user access to modify membership of the local administrator group for computers in a specific OU only. i tried to do that via...
View Articleis there an Active Directory Audit reporting product from microsoft ?
Is there an Active Directory change control product from microsoft ? Example, an alert generated when someone add themselves to domain admin group or modify a group policy object ?More specifically, is...
View ArticleMSCOMCTL.OCX RCE Vulnerability
I found in Windows Server 2012 machine after scanning for vulns the outdate version of this dll. Version is less 6.1.98.33.MS12-027 list the software affected by this out date dll and are not present...
View ArticleEvent 4776 Error Code: 0xC0000234 but account not actually locked out
I am coming across several instances where a user will get the error code 0xC0000234 for event 4776 and Failure Reason: Account Locked Out for event 4625 but the account never actually locks out. I...
View ArticleWSUSSERVICE.EXE Path White Space Question
Our security scanner is reporting that two services installed on our Server 2012 server is a potential security risk. The two services are:WSUSService.exe - Path: %ProfileFiles%\Update...
View ArticleDirect Access Issues and Public IP Addresses on All Interfaces - Server 2008 R2
Greetings,I have been tasked with exploring Direct Access as a VPN solution for a campus in a highly secured environment. We will not be using NAT, RFC 1918 addresses, or IPv6 addresses per the...
View ArticleThis server is vulnerable to MITM attacks because it supports insecure...
Hi Team,I am using windows server 2003 web in my office but while doing SSL test(https://www.ssllabs.com/) for https://webxpres.tdc.dk/ getting F grade. But my client wants to set it to A. How prevent...
View ArticleClik here to view.
Expired AD User Object certificate
We have an expired certificate under Active Directory User Object > Certificates.Can someone please tell me to renew or re-create this certificate?
View Article