How do i configure web enrollment services to get a sha256 cert for a 2003...
I have just stood up a 2 tier 2012 CA environment using web enrollment services. I can request certs through enrollment services for 2008 and 2012 servers (domain joined and non-domain joined) without...
View ArticleCertificate template based on Server Authentication not showing in Web...
Hi, I have a test lab with a certificate authority and web enrollment on the same servers. I have made a certificate template with all permissions (read, enroll, etc etc) set to "authenticated users"....
View ArticleWindows update signing certificate invalid on Windows version prior to 8.1
Hi Everybody,Hopefully this is the right section for my question.On a Windows 2008 server, we have a replica WSUS installed. An update is not being installed as the certificate verification fails. When...
View ArticleCannot login to Windows 2003 Domain member server
I am experiencing problem login to a Windows 2003 Small business server which is part of a 2008 domain. All other servers are working fine.I have used an offline disc to reset the local account but it...
View Articleediting inf security template file
hi friendsi need to import a security template to change only options which exist in password policy node of local group policy in an standalone workstation. i don't want other security settings be...
View ArticleRADIUS on 2K8 R2 DC, but NPS is already on a terminal server
I have read the question of installing a RADIUS server on a DC this is what I want to do. However, there is a terminal server on the network that uses NPS for a dedicated set of users using business...
View ArticleDeviation between documentation and sniffer-traces for IPSec communication flow
1 Project descriptionIPSec secured connection between 2 Clients with IPv6 based on the extended Microsoft rewall security settings. 2 Problem descriptionBased on the following...
View Articlehow to disable password complexity via command
hello i have spent hours searching to find a command or script (powershell, cmd, VB, registry...) to disable group policy password complexity. few solutions has been delivered on the net but none of...
View ArticleDisabling SSLV3 and weak ciphers - Server 2008 R2
Hi,I have disabled SSLV3 in the registry setting using following technet article. Rebooted the servers but when i run a scan through https://www.poodlescan.com/. it says This server supports the SSL v3...
View ArticleCertificate auto-enrollment test client fails to re-enroll for a certificate
In a test environment I have a two-tier ADCS PKI hierarchy (offline root and Enterprise subordinate). I successfully configured computer auto-enrollement for a single Windows 7 client by configuring...
View ArticleCertsvc won't start, event ID 100, shows CRL as unavailable
Environment:1standalone root CA (not joined to the domain)1 subordinate CA that issues certificates (joined to the domain). It’s worked fine for months. Both running windows 2008 R2 Enterprise with...
View ArticlePKI - Add LDAP path to CDP and AIA extensions?
Another question for our new PKI design. Most of the issued certificates will be used by domain clients and users. However, we will also use certificates for DirectAccess, which means CRL and AIA...
View ArticlePKI - CDP and AIA paths, why must the URL be so complex?
I'm currently desiging a new PKI infrastructure and thinking about the CPD and AIA extensions of the root and issuing CAs.There is more than enough documention to find, but (almost) everyone is using...
View ArticleRobocopy not copying NTFS permissions
Hi All, got a 2008 64bit server, copying a 100 GB folder from one disk to another on the same server. And randomly robocopy does not apply NTFS permissions to folders at root level. It leaves them to...
View ArticlePoodle, SSL, and Domain Controllers
Security Gurus,Can someone please explain to me how I can use Microsoft Network Monitor on a Domain Controller so that I can discover what applications and clients are using SSL 3.0?I have enabled...
View ArticleCannot view owner of System Protected Files
I'm facing a problem where I (logged in as the Administrator) am unable to view file attributes. I'm not interested in taking ownership (even if I wanted to I'd to contend with the fact that"Access is...
View ArticleAre there any known issues with a 2003 server authenticating to a 2012 domain...
I am trying to get off of these 2003 domain controllers. But I still have a couple of 2003 servers that will be decommissioned by early next year. If I change my environment and get rid of the two 2003...
View ArticleHow can I give access to the redirected users folders to an AD group?
Hi,I have folder redirection configured with a GPO and allowing administrator access to the user's folders.I want to give full access to a group of users to everyone's profile folders. I don't want to...
View ArticleCertificate choices for Exchange 2013, ADFS and WAP
This question has now been 'moved' to the Exchange 2013 forum.Can you please help me with certificate choices?We currently have an Exchange 2013 server publishing OWA, EAS, etc. externally with ISA...
View ArticleExtended protection for authentication question
If I enable Extended protection for authentication, will I have to enable it from the OS level through iis, MS SQL, and on application servers as well, correct.What I'm afraid of is disabling login...
View Article