A question about Offline Root CA and its CRL (thanks)
HelloI was reading information about setting up a Offline Root CA here although it relates to 2008 I think it is still relevant for 2012 R2Some of the information was a little confusing, for exampleit...
View ArticleIs there a more imediate OCSP than the Microsoft Version compatible with AD CS
Hello I posted a question on this forum previously regarding CRL v OCSP, Vadims kindly answered some of the questions and made the point that the MS version of OCSP is still not immediate but rather...
View ArticleBehaviour of checking Allow administrator interaction when the private key is...
Setting up a new standalone root CA what is impact of selecting 'Allow administrator interaction when the private key is accessed by the CA' ? not sure yet if we will be using a HSM module (which I...
View ArticlePKI: Certificate Request stuck in Certificate Enrollment Requests
Hi allI have from MMC - Local Computer Account - Personal - Certificates - Requested a new Certificate from my CA (Active Directory Entollment Policy)I use a template where auth users has allow on read...
View ArticleRights delegation
I'm tracking all the ways to delegate rights in AD. I want to create a custom Delegation wizard by using the delegwiz.inf. I want to provide the ability to junior admins to create an OU but with no...
View ArticleClik here to view.
ADCS CEP/CES servers certificate enrolment command line
hello everyone,i'm having a bit of a hassle with a command line to enroll a certificate for a computer without user interaction,basically i have a pki infrastructure with a CES/CEP server proxying...
View ArticleMultiple Issuing CA at different Geographical Location
We are running Three-3 tear Microsoft PKI environment with one-1 Root CA, one-1 Intermediate CA and one-1 Issuing CA at our headquarters. We want to introduce redundancy in our environment with respect...
View ArticleCertificate Templates Combination to Access URL
We are running Three-3 tear Microsoft PKI environment with one-1 Root CA, one-1 Intermediate CA and one-1 Issuing CA at our headquarters.Is it possible to make users access a URL on a Web Server based...
View ArticleCan a 2003 ADCS Enterprise Subordinate CA be started offline?
Hello,We are preparing to retire a PKI hierarchy based on Win2003 ADCS. We are being asked to be able to query the subordinate CA certificate database if, years in the future, we are challenged about...
View ArticleCDP, AIA, and OCSP locations accessible to external client, but when...
This has been frustrating to say the least.I have a little lab of VMs I'm using to test configuring SSTP VPN connections:I have: External client: A win7 clientDC: A 2008 R2 DCcert srv: A 2008 R2 srv...
View ArticleProblem with CDP Locations
Hello,I am experiencing an issue. My setup is as follows:Offline Root CAEnterprise Issuing SubCARecently I was attempting to set up EAP-TLS for a wired network test. I ran into Radius error code 259....
View ArticleError message when executing Certificate Authority Monitor script
Hi all; I have Windows Server 2008 Enterprise CA. According to this link , when I execute the script by using the following command, I see an error message:C:\>cscript camonitor.vbs /CAAlive...
View ArticleAdding keys to EFS files - "The revocation function unable to check revocation"
I am having an issue on some, not all, computers while attempting to add user keys to encrypted files using the GUI tools (File Properties-->Advanced-->Details). Encrypting the file itself works...
View ArticlePKI CRL Broken from Windows Update Patch (Microsoft Security Advisory (2862973))
It appears that http://support.microsoft.com/kb/2862966 breaks the IDP extension parsing in CAPI.Anyone else having this issue...? Applications that require hard CRL checking such as DirectAccess and...
View ArticleSCCM (CCMexec.exe) client has been disapear on VMware VM machines
Hello,I installed the SCCM client on two VM machines, it worked properly, I don't have any connection issue, but after getting patches it has been disappear (software Center - ccmexec.exe), I...
View ArticleSMB2 Server Denial of Service
Hi,My firewall has detected the "SMB2 Server Denial of Service" on one of our domain controller servers based on windows server 2008R2. Is there any workaround or updates/patches that could help me...
View ArticleNeed to change my domain administrator password
Hi all, I need to change my windows domain administrator password. The password is too old and is known by far too many. I manage two windows domain’s. If I change the domain administrator password...
View ArticleAccount lockout in Windows Server 2008 R2
Hello Experts,Please help me with my case.My domain account is getting locked frequently (every 15 mins it receives a bad password from some process).Here below you will find the event information from...
View ArticleCACert revocation server offline
I'm using CACert for certificate verification and in Outlook none of the client certificates can be verified as the server is offline. The root is in Trusted for both HCCE_LOCAL_MACHINE and...
View ArticleHow to override the certificate template specified in a CSR
From time to time, I receive a CSR from a customer which explicitly specifies the "Web Server" template to be used. We don't publish that template on our CAs since we duplicated it & made our own...
View Article