AD FS 3.0 and CNG Certificates
Microsoft announced that they will be deprecating publically signed SHA1 (non-CNG) certificates on January 1st, 2017 yet are specifically requiring publicly signed non-CNG certificates for use with an...
View ArticleUAC Credential UI not enumerating smart cards
Running in a Server 2008 environment (not R2) and suddenly started having an issue where our smart card accounts aren't enumerating in UAC when doing a Run as Administrator. UAC is configured to...
View ArticleCertificate DN doesn't match AD DIT
I am building a PKI with the plan of becoming cross certified with an external bridge in the future. The required Distinguished Name (DN) for cross-certification is different than the internal AD OU...
View ArticleClik here to view.
ADWS certificate warning 1400 despite valid certificate on all DC's
We get on every DC (2008 R2 SP1) restart a ADWS warning with the ID 1400. We have an internal Enterprise CA (installed on one of the DC's). Have added the group "Domain Controllers" to the...
View ArticleAdding Custom OID in Certificate Template
Environment : Windows Server 2012 Root CA, 2008 R2 SubCA (One for ECC and One for RSA)How can I add a Custom OID thru CSR, I can add a Custom OID and it value by Requesting new certificate using...
View ArticleConfiguring AutoEnrollment for IME (internal Mail Encrytpion) - Outlook...
Hi there,actually I`m trying to configure AutoEnrollment for IME. After some little probes, the AutoEnrollment itself is working now.I configured the AutoEnrollment with the help of this little...
View ArticleCan't turn bitlocker on even when the 'without a compatible TPM setting' is...
I have a dell inspiron laptop n3537 with windows 8.1 installed on it (64 bit).I'm trying to implement bitlocker on the system drive C: but I get a warning message with "Your Administrator must set the...
View ArticleSMB2 Server Denial of Service
Hi,My firewall has detected the "SMB2 Server Denial of Service" on one of our domain controller servers based on windows server 2008R2. Is there any workaround or updates/patches that could help me...
View ArticleBy changing CDP do i need to reissue the CA certificate and all previously...
Hi all,Given a Windows 2003 based CA what would be the impact of changing the CRL Distribution Point?I mean if i change the CDP by adding or removing entries in the Extensions tab of the CA properties,...
View ArticleProblem publish crl to active directory for root offline ca
Hello ! Sorry for my bad english (i am french) A question on publish crl in AD ... I publish the crl of an offline ca root with : certutil -dspublish -f mycrlfile.crl srvcaroot (where srvcaroot is my...
View ArticleDeleted user Certificate enrollment requests
We have a user account, "Temp_admin " which was set up as a temporary domain admin, which was deleted a few months ago. For some reason this account is still triggering and Successfully being...
View ArticleClik here to view.
Exchange Certificate - Revocation Check Failed
Hi,the scenario is the following:Windows 2012 R2 domainExchange 2010Windows 2012 R2 PKI (1 CA Root stand alone. 1 CA Subordinate Enterprise)At Exchange, I get the following error:The certificate...
View ArticleAdministrator Password Changed by itself - please help
I have Windows Server 2008 R2, on a Dell PowerEdge T110 II. ABout 3 months ago, my Administrator Password mysteriously changed without me changing it. At the time I suspected one of the employees in...
View ArticleGet-Certificate Windows Server 2012 R2
I recently migrated Certificate Services from Windows Server 2003 to Windows Server 2012 R2. We are still utilizing the same cryptographic settings which were configured when our CAs were first...
View ArticleEnroll on behalf of no certificates available
Trying to get Smart Card Authentication setup. Using a dedicated AD account called eagent, verified security is read and enroll for certificate templates.Installed CA on Windows 2008 R2 - Domain...
View ArticleQuestions about CA type, best for my environment?
Hello, I need to bring up a CA in my customers domain. They only need it for LDAPS, nothing else. I have been reading and it appears the easiest way would be to simply install it on a DC then LDAPS...
View ArticleMigrating Internal standalone CA from SHA1 to SHA256
We have a single standalone enterprise CA running on Windows Server 2008 R2 which is still using the SHA1 hash algorithm (Micrsoft Software Key Storage Provider).Due to a requirement in our recently...
View ArticlePrivate certificate inside smartcard propagating to the "other people" store...
Dear,I have personal certificate generated on smartcard (MICROSOFT SMART CARD BASE CSP) which is somehow propagating to the "other people" store instead of "Personal" store (windows XP). Same token if...
View ArticleStandalone CA serving 2 domains
Hi,I want to setup a PKI within our environment. I wanted to deploy a standalone root CA to serve 2 domains. The two domains will have separate Enterprise CA's that will serve their domains. I wanted...
View ArticleClik here to view.
HTTP Error 401.2 - Unauthorized after click on the cancel button
hi I have Windows server 2012through Windows manager I have maked a Windows log in for a internet web site folder. It is ok when I click on the log in button with password and name. But if I instead...
View Article