Autoenrollment keeps requesting new certificate every few hours
We have setup autoenrollment for a computer certificate and see client machines (servers and workstations regardless of OS - XP,2K3,2K8,W7,W8,W12) enrolling the certificate but doing so multiple times...
View Articledemote dc 2008 r2 with CA enterprise
Hi, can i demote my domain controller server 2008 r2, with Ca Enterprise role?The CA released certificate to my exchange, and i would preserve only this role, on my demoted server.It is possible? The...
View ArticleHow to exclude a user /group from auditing
Hi,I am enabling auditing on windows file system by enabling SACL on the file folder to everyone.It logs events for every user in the security log.Is there any way to exclude a user /group from auditing.
View ArticleWindows Server 2008 and Firewall Logging
Our Windows server 2008 R2 domain controller does not appear to be logging anything into the windows firewall log: c:\windows\system32\logfiles\firewall\pfirewall.log. The file is always blank. Every...
View ArticleMove private key to a different CSP
Hello,I am trying to move a web server certificate (RSA 2048, SHA1) with its private key to a different CSP (on Windows Server 2008 R2 SP1). I export and delete the original certificate with its...
View ArticleCSR submitted for certification returns error ASN1 unexpected end of data....
We implemented multiple Issuing CA's within a 3 tier CA hierarchy; namely Root, Policy & issuing CA's. We get the following error when submitting at one of the Issuing CA's: "ASN1 unexpected end...
View ArticleMS CA certificate revokation magic!
Hi!I revoked a subordinate CA certificate on Root CA, published CRL, install crl - everything correctly: when I open this certificate he has a revoked status. But subCA itself in properties don`t...
View ArticleCES/CEP in Intranet with single forest
In which scenario CES/CEP are preferred over Certificate Request Wizard (or alternatives) for requesting certificates when in Intranet with single forest?I have read article...
View ArticleI have KB2677070 and KB2813430 installed on Win Server 2008 R2 x64 SP1 (Std....
I'm working with Windows Server 2008 R2 x64 Std. Edition, w/SP1, fully patched, in a security environment.We run a security scanner (required by customer) to look for vulnerabilities on our systems....
View ArticleIPsec Policy Agent
I have got weird problem. Even though rsop.msc on win7(professional-ultimate) workstations is showing that the "manual start" policy for this service is applied, it starts automatically on reboot and...
View ArticleNo certificate templates could be found. You do not have permission to...
HiI was able to issue a cert 2 weeks ago. But now something is wrong with my CAI have the error in title everytime I click on "Submit a certificate request by using a base-64-encoded CMC or PKCS #10...
View ArticleHow can I turn off Event ID 5156 AND 5145 in the Security Event Log?
Hi,I have a high volume web service. Everytime there is a connection from the outside, it logs this in my security event log.I want to turn this off.How can I stop the logging of event id 5156 on the...
View ArticleWindows 2008r2 CA
We currently are running the Enterprise CA on 2008r2 and it is issuing certs as SHA256 but the CA itself is still SHA1. Is there a way to make the CA SHA256. Our root CA was upgraded from 2003 to...
View ArticleAutomatic make external hdds read-only
I want to reach, that every Storage-Device, which gets connected to the computer, is automatically read-only. In Windows Server 2008 there was an registry hack (StorageDevicePolicies ->...
View ArticleCertificate Template: create Custom OID
Hi,I need to create certificates with a Custom OID. The only way I found is to modify the certificate template (User) and to add it to to the Application Policies as explained here: On the Extensions...
View ArticlePKI Setup
Hi Guys,I need your help/ideas. We have single Windows Certificate Authority (CA/DC- 2008 R2 Server ) and now this CA began to see a lot more and need the high availability (redundancy). I know moving...
View ArticleMS CA certificate revocation magic!
Hi!I revoked a subordinate CA certificate on Root CA, published CRL, install crl - everything correctly: when I open this certificate he has a revoked status. But subCA itself in properties don`t...
View Articleinstalling CA (same server)
SCCM lab server hosted AD, SCCM 2012 R2 , after installing CA (same server) unable to manage template to implement PKI (HTTPS) how to implement PKI on same serversccmghost@hotmail.com
View ArticleQuestions about CA type, best for my environment?
Hello, I need to bring up a CA in my customers domain. They only need it for LDAPS, nothing else. I have been reading and it appears the easiest way would be to simply install it on a DC then LDAPS...
View ArticleAllow user to bind and filter LDAP and change password
Hi,We've set up a system where an OpenLDAP and Windows AD sync passwords, which currently works fine. However, we use a domain admin to connect to the LDAP and change passwords, which is a bit of a...
View Article