Delegating AD CS Install to a non-Enterprise Admin
New TechNet article:http://technet.microsoft.com/en-us/library/dn722303.aspxPaul Adare - FIM CM MVP
View ArticleThree tier PKI - support both SHA-1 and SHA-2
Hey guys,We're about to implement a new three tier PKI - root, intermediate and Issuing CA's... is it possible to have the root and intermediate configured as SHA-1, and have multiple Issuing CA's -...
View Articlehow to configure ipsec policy on windows server 2008 r2 to permit local...
I have applied IPsec policy on local machine(ip address:10.82.138.76) with windows server 2008 ent r2 installed,only permit local machine to comunicate with itself,one other server(ip...
View ArticleShare Question
Server 2008 R2We have a shared folder \DATA$ and I want to map everyone S: to \DATA$ within data are several other folders for each department. However I only want a user to be able to see the...
View ArticleQuestion about missing function when using ADCS certsrv webenrollment
Hi,We recently setup a new ADCS. When I try certsrv web enrollment for requesting my first certificate, I can't seem to be able to do so.Here is what I've seen: After I successfully authenticate with...
View Articlegood way to consolidate directories for centralized authentiation
I wandered into a company that has a lot of data centers and servers. However, the methods of authentication are all over the place. There are several AD instances (different forests), LDAP servers and...
View ArticleFrom time to time, I can't verify the expiration of my client certificate on...
I have a IIS web server and a CA(AD CS) server built on a 2008R2 virtual machine. I require a client certificate in order to access the web server. It works very well but FROM TIME TO TIME, a 403...
View ArticleDecommissioning of CA server and Recommission of ADCS
Hi All,Recently I have to upgrade my old Windows 2003 with FSMO roles to Windows 2008 R2 while retaining the hostname and IP address of the old server. I have transferred the FSMO roles to another...
View Articlepublish Internal simple Http site to Internet and force external client to...
HiI have a http site in my internal LAN domain , recently manager ask me to publish the web site to internet for our external employee .--the web site is http and its simple site without any...
View ArticleCert based auth act as second factor authentication in Office 365?
Team, Looking for second level of auth. besides SSO by ADFS 2.0 or 3.0 as Primary auth. BING gave me option of MFA by Office 365, but we dont want to go with it. Looking at technet article :...
View ArticleCert based auth as second factor authentication?
Team, Looking for second level of auth. besides SSO by ADFS 2.0 or 3.0 as Primary auth. BING gave me option of MFA by Office 365, but we dont want to go with it. Looking at technet article :...
View ArticleHow to add a Cipher Suite using RSA 1024 algorithm to the 'SSL Cipher Suite...
Following a VA test the Default Domain GPO has been set to enable the SSL Cipher Suite Order. Following the change Symantec Endpoint Protection Manager doesn't work properly as the the Home, Monitors...
View ArticleIE8 Support ends before Server 2003 R2 support, how is this possible?
I have just been shown a warning that IE8 is out of support and vulnerable, yet Server 2003 R2 is supposed to be under support until 2015. If IE8 is the latest browser that can be installed on 2003 R2...
View ArticleNext CRL Publish Date
I have a simple scenario on my Enterprise Issuing CAs"CRL Validity = 15 days.I want the Next CRL publish to be on the 7th day rather than the 14th day which is only one day before the CRL expires to...
View Article.net patches not listed in wmic qfe list
Hello, Trying to find a way to see if the following patch KB2604092 and others are installed from DOS prompt...wmic qfe list and a query against Win32_QuickFixEngineering seem to list all but the...
View ArticleUser being removed from Domain Admins...how to find all servers his account...
We have a user that is being removed from IT (more like being forcefully demoted) and our owner still finds him valuable in other departments. My challenge is to find all servers that he may be using...
View ArticleEventID 4625 concerning IPv6
Hi, I've been seeing this event for the last few weeks and have not been able to track down the cause. This is a Server 2012 Standard VM running on hyperv. The source network IP address in the below...
View Articlehow to determine the destination port from a audit fail event
I have a bunch of audit failure events (4625) in our security log. The details only show the source address and port but no destination port info.. Is there anyway I can find out that info.? What I...
View ArticleClik here to view.
Unable to setup OCSP Configuration after Issuing CA certificate renewal
I have just completed the 2 year renewal of our Issuing CA and I went to add the new Revocation Configuration to the OCSP server however I get the following error message when selecting the CA...
View ArticleCertSvc is not starting due to database restore operation
Hi, Whenever I tried to start the certificate service I get the following error, Active Directory Certificate Services did not start: Unable to initialize the database connection for SubCA01....
View Article