Clik here to view.
Subordinate CA Template duplicate not supported error
We have just migrated our Enterprise certificate authority servers (Subordinate and Root) from Server 2008 SP2 to 2012 R2. Right now, I'm trying to modify the default validity period for the...
View ArticleKerberos based SSO (with PKI used for initial authentication) in Windows...
I am working on enabling Kerberos based SSO (with PKI used for initial authentication) in my test lab.Domain controller is windows server 2012 R2, Access resources are few web applications hosted on...
View ArticleNDES Virtual Directories don't show up in IIS ,Windows Server 2008 R2
HiI'm trying to secure a NDES server ,but no Virtual Directories are shown in IIS.The NDES server is installed on a member server (2008 R2 Enterprise).NDES is the only CA related role installed on this...
View ArticleAuthenticating when not connected to the corporate network
I was wondering whether someone might help me with the following scenario:User A is connected to the domain and then decides to go on a business trip across the globe and is not able to logon to...
View ArticleOID in Certificate Information - General Tab
Where it should likely say "All issuance policies", it lists the OID of the root CA. In the general tab of the Certificate:Certificate InformationThis certificate is inteneded for the following...
View ArticleDo my AIA CDP Script locations formatting look ok?
In my CA policy for the root I do have the [CRLDistributionPoint] Empty=True[AuthorityInformationAccess] Empty=TrueFor the post scripts I have the following. Trying to make sure I have this correct and...
View ArticleCannot Enable Bitlocker - I believe machine has key still in Active Directory
We have a machine that had bitlocker enabled with a previous hard drive. We moved the drive to another machine and ended up having to reformat that drive and reinstall Windows. I am fairly sure that...
View Article0x8002801c error when trying to unregister scrrun.dll Win2008 R2 64bit
For the DoD STIGS, they want you to unregister the File System Component and their steps are to unregister scrrun.dllI'm on Win2008 R2, SP1, 64bit. I open a command prompt with 'run as administrator',...
View ArticleUnable to update untrusted certificates store
Hi all, I have KB2813430 installed on my company's Server 2008R2 machines and have followed the instructions in the document linked below, but still am unable to get the Untrusted Certificate store to...
View Articlecannot enroll a customize "smart card connexion" template
Hello everyone !Sorry for my bad English i am Frenchi create a new template for "enrollment agent" Only change name and security right for enrollment My ca has no enrollment agent restrictions i hadded...
View ArticleAdding a SHA-2 CS into existing SHA-1 AD CS environment
Hi, I have read some article about transition to SHA-2 certificates. One suggestion is add a new certificate service that issues SHA2 in an exisiting AD CS environment. Question is that since the...
View ArticleClik here to view.
ADCS CEP/CES servers certificate enrolment command line
hello everyone,i'm having a bit of a hassle with a command line to enroll a certificate for a computer without user interaction,basically i have a pki infrastructure with a CES/CEP server proxying...
View ArticleA question about CommonName (Subject)
HelloCan someone please help me with the following questionI understand the 'original' idea behind DN (e.g. CN=,OU,O=,C=) was the idea of have a central world word directory centrally controlled for...
View ArticleUnwanted User Accounts in Domain Controller
I have a Server 2012 R2 Data Center Domain Controller. When I go to Control Panel / Manage User Accounts I am seeing several users in the User Accounts box that should not be there. When I try to...
View ArticleSecurity of RDP Gateway Use With BYOD?
We are considering letting users use RD gateway to work remotely via their personal devices.Since only screen pixels are being transferred, it doesn't appear as if this is a possible way to transmit...
View ArticlePassword changes with MFA?
If domain user account logins require MFA, is there still a need for regularly enforced password changes?Seems like MFA with a changing second factor (such as RSA token code) would be the same as a...
View ArticleAll accounts in active directory are locked
Suddenly all account became locked and it still continue. I disconnect the server from network, restart and the problem keep on. Moreover, with the server without network i create a new account and it...
View ArticleQuestion regarding security boundary between local and domain accounts on the...
We have a consultant connecting their personal laptop to our corporate network. We have provided the consultant with a domain account that has access to several resources on our network. Because the...
View ArticleADCS issued certificate displays [not available] in the Issued By field.
Hi guysI'm having an issue with Active Directory Certificate Services, hopefully someone can give me a thread to work on as I'm on a tight deadline and initial searches aren't getting me anywhere.I'll...
View ArticleNew bug in IIS/SSL code ?
Hello Team,Windows 2012 R2 Datacenter with all patches. IIS with SSL and SCEP (NDES) service.Problem occurs only when client is proposing SSL RSA cipher suite. For DH cipher suite everything is working...
View Article