Clik here to view.
OCSP Retrieval Error
When using certutil -URL I get the following error when trying to check revocation information for a certificate. In the Enterprise PKI, all CDP and AIA/OCSP locations are OK.MCITP Exchange 2010 | MCTS...
View ArticleFIM CM fails to issue certificates every few days
I have two Windows Server 2008 R2 issuing CAs (one for computers and one for users). I'm also using FIM CM 2010 to enroll certificates. I have issued certificates for clmAgent, clmEnrollAgent and...
View ArticleSonic wall tz200 vpn tunnel and permissions
I have two tz200 sonicwalls and have created a vpn tunnel.One side sees the network resourses just fine but when I try to get to the other side it tells me "you might not have permission to use this...
View Articleexpired certs requested by a user that is no longer in AD
My CA is showing some certs in the "Issued Certiifcates" that were orginally requested by a user that is no longer here. The certs have all expired. My problem is that I am trying to roll-out FIM CM...
View ArticleChange Privs on program so all can use - presently needs admin rights -...
Greetings, I have Windows 2008 R2 server and a program that I would like some users to be able to run (monitors printing accounts).Previously on Windows 2003 it was not a problem. Now when the users...
View ArticleNPS CRL Checks Server 2008 r2
I am using cert authenticaton for wireless networkthe client have computer certs and and NPS set to: Microsoft: smartcard or other certificate.Authentication works.My problem is with cert revokation.I...
View ArticleWhat's default client frequency contacting DC via Kerberos?
Hi All,I trying to understand what happening in the router logs, it seems that a lot of windows client is contacting to DC via port 88 (kerberos)How often should these clients contact the DC actually?...
View ArticleSSL Web App on IIS
I have a Web Site that is hosted on IIS7.5The IIS is configured to require client Certificate and also set to authenticate Clients via Certificate and Active Directory.The authentication works...
View ArticleEvent ID3 KRB_AP_ERR_MODIFIED No duplicate SPN's
A customers server with Windows Server 2003 Standard Edition SP2 recieves Kerberos warnings up to twice a minute.Date: 2013-02-22 Source: KerberosTime: 08:31:26 Category: NoneType: Error...
View ArticleADCS - extensions of default profile "SmartCard Logon" and problems
Hello, In AD CS, default profile "SmartCard Logon" has : keyUsage "keyEncryption" (and not only "digitalSignature" corresponding to authentication usage)"S/MIME capabilities" (with OIDs that seem to...
View ArticleClik here to view.
CA continuously autoenrolls to the same client computers
This problem might be related to the following problem I have explained in this thread: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/da890a64-736e-4bae-b9d8-427a5cf3a0edFor...
View ArticlePKI AD CS, Exchange and Outlook
hello all !I have a problem to implement SMIME.I configured a Microsoft PKI (2008 R2) issuing certificates to users (one model for encrypt and one model to sign). Certificates are also published in AD...
View ArticleUnable install SP2 on x64 Windows Standard
hi, could you publish some package, to resolve following issue:Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Server 2008 Service Pack 2 for...
View ArticleeID login for domain
HelloI'm trying to use the Belgian eID so I can logon from a workstation to the domain. I followed several guides available at the internet, however I can't seem to get it to work. Some of those guides...
View ArticlePKI Design with FIM
I would like to implement a PKI Infrastructure in our environment. I'm a newbie to PKI and do lot of reading to build up a Test lab. The design should be flexible for all existing Services (wlan, vpn,...
View ArticleBDE drive removal
Is there any way to remove the BDEdrive partition in Server 2008 R2 after the OS is installed? (long story short: server deployed before we noticed the BDEdrive issue, now want to extend the C: drive...
View ArticleIM role holders in child domains are not GCs. Why can't they get a...
I already knew clients need to be able to contact a root domain DC/GC to get a certificate, but I did not know there would be a certificate enrollment problem with child domain Infrastructure Master...
View ArticleHow to generate single certificate to authenticate both user and mobile...
Requirement is to generate certificate from CA based on per user per device for certificate authentication. Authentication required for user and device using single certificate. Its means single...
View Articleadcs 2012 standalone + OTA enrollment with iPhone
Hi, Is it possible to use ADCS 2012 standalone to enroll a device OTA?It seems like the certificate will always stuck at the pending state - that I can't get it over automatically to be issued.I was...
View ArticleTMG 2010 changes from standard to enterprise
Hi!Our deployment is a single TMG2010 without UAG. There are no load balancers.For some reason, the TMG is listed as Enterprise, and I since we don't require any of the features, I want to downgrade to...
View Article