Windows 2008 R2 event id 4625 status 0xc000006d
HiI have been getting these a lot in my event log.Bascially I had a person change their password, and then not be able to log into Exchange 2010.I was able to log into OWA (same box), but using NTLM or...
View ArticleAD CS or PKI content comments or questions
You can ask technical questions about AD CS, PKI, or provide feedback about a document on this Security Forum. Please, remember to search the forum for your answer or issue before creating a new...
View ArticleSafe to del recovery agent cert?
Trying to clean up a 2003 server before migrating. Need to encrypt some files in the meantime but apparently certificate is expired. Can't export the private key, but there are no encrypted files on it...
View ArticleCA enterprise
Hi All I would like to ask if I can install CA enterprise from windows 2012 member server however we have old CA installed from DC 2003. Thank you
View ArticleCertificate choices for Exchange 2013, ADFS and WAP
This question has now been 'moved' to the Exchange 2013 forum.Can you please help me with certificate choices?We currently have an Exchange 2013 server publishing OWA, EAS, etc. externally with ISA...
View ArticlePKI and security question
Hi,What is the security implication of exporting PKI certificates with their private keys? Also, what's the security implication of self-signed certs?Thanks
View ArticleCannot start ADCS - the revocation server was offline
I have a 2-tier PKI infrastructure; 1 offline stand-alone Root CA and 1 Enterprise Subordinate Issuing CA. Both are running Windows 2012 R2. The Enterprise Subordinate Issuing CA has been running for...
View ArticleHow to do CSR for Sha-2 SSL web cert?
When I do a certificate request in Server 2008 R2 IIS, I only see the option to choose RSA 1024 vs 2048. I don't see any configuration for choosing SHA1 vs SHA2, SHA256 etc..Where is SHA level...
View ArticleNTFS permissions to allow append to file but not edit.
is it possible to set NTFS permissions on file(excel): to allow adding data to file but deny changing saved data?(if user makes a mistake an saves they would no longer not be able to correct it)thanks
View ArticleSetup NPS to authenticate wireless connections with cisco WLC
Hi,Is there any documentation available that shows how to setup NPS & CA (Win2008) to authenticate domain users with a Cisco WLC? It worked a while back with a Win2003 server but that server has...
View Articlerms and ad fs 2012 integration
I am trying to follow the documentation with AD RMS and AD FS integration. The TechNet articles, videos, and blogs are all dated. For...
View ArticleOID in Certificate Information - General Tab
Where it should likely say "All issuance policies", it lists the OID of the root CA. In the general tab of the Certificate:Certificate InformationThis certificate is inteneded for the following...
View ArticleA couple of questions about X509 certifcates
Hello AllCan someone kindly help me with the following few questions :)I built and offline Windows 2012 R2 root CA and Online 2012 R2 Enterprise SUB issuing CA in a lab, all worked fine :)But a few...
View ArticleOnline Responder: Revocation provider is not working on the Array controller
I have 1 OCSP/Online Responder server with 4 array members. 2 are the old enterprise subordinates and the other 2 are the new enterprise subordinates. The Online Responder Management is reporting 1...
View ArticleImplementing a new PKI Structure that supports SHA256
My question has to do with moving away from our old PKI environment and onto a new PKI environment I am designing.A little background...So due to the fact that our existing PKI environment was not...
View ArticleMultiple Issuing CA at different Geographical Location
We are running Three-3 tear Microsoft PKI environment with one-1 Root CA, one-1 Intermediate CA and one-1 Issuing CA at our headquarters. We want to introduce redundancy in our environment with respect...
View ArticleClik here to view.
ADCS CEP/CES servers certificate enrolment command line
hello everyone,i'm having a bit of a hassle with a command line to enroll a certificate for a computer without user interaction,basically i have a pki infrastructure with a CES/CEP server proxying...
View ArticleCertificate Templates Combination to Access URL
We are running Three-3 tear Microsoft PKI environment with one-1 Root CA, one-1 Intermediate CA and one-1 Issuing CA at our headquarters.Is it possible to make users access a URL on a Web Server based...
View ArticleSubordinate Certificate renewal
Hi All,The scenario here is, We have policy of issuing the server certificates with the validity of 4 years (due to some internal restrictions). Currently the Subordinate CA certs are expiring soon by...
View ArticleSubordinate manually publish CRT/AIA to Online Responder
2 Tier PKI setup; 1 offline root, 2 online enterprise subs. Both with AIA Location #2 configured with...
View Article