Event ID 2887, ActiveDirectory_DomainService - How to prevent the warning...
Hi, new to the forums here :)I have a problem during a server check up, when I took a look at the event viewer at my server (Windows 2012 R2) apparently everyday at 17:49 (server time) a warning...
View ArticleCertUtil: The instruction at 0x%08lx referenced memory at 0x%08lx.
Hi fellows,I am currently trying to re-sign a certificate on a Windows Server 2008 R2 (fully patched) system (ADCS CA):certutil -sign <oldfile> <newfile>Signing keys are in software...
View ArticleWS 2012 R2 - CES/CEP setup for domain joined computers
We are planning to use CES/CEP server setup for deploying certificate templates. I have installed the RootCA/Issuing CA/CES/CEP as per Microsoft technote.But, now when I trying to enroll for a...
View Articlecannot log onto the credentials verification site at Microsoft
I have a document in Office 2010 on a Windows 10 application that is protected by IRM. Until recently, (November) I could display my credentials and open it. I cant even apply...
View Articlecertutil.exe -addstore Disallowed sst
Hiduring the security scan the tool found thatHKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\e1f3591e769865c4e447acc37eafc9e2bfe4c576 is missingdue to servers don't have access to...
View ArticleRequest.inf ProviderName after upgrading CA to SHA256. Does it change?
I just completed an upgrade to my new Windows 2012 R2 CA two teir infrastructure. For many usages I manually request certificates using a INF file to start the process. Currently my INF template has...
View ArticleOffline Root CA - OCSP URL configuration under extension
Hi, Recently, in my lab, I have installed and configured Offline Root CA. Under AIA extension, I have added "http://mylab.com/ocsp" URL. When I run PKIView.msc, I could see the status as 'Error' for...
View Article2-Tier PKI (offline Root, online Sub) smart card logon: revocation Check failed
Hi everyoneive followed this setup guide to create a 2-tier PKI environment in my labs: https://technet.microsoft.com/en-us/library/hh831348.aspxFor the overview (Computername, Role): Domain: pki.local...
View ArticleRetrieve a Recovery Key certificate from the Issuing CA
The certificate for my Key Recovery agent is expiring so I:Logged in as the KRA agent and requested a new certificate from the MMC console Personal store and selected the Key Recovery Agent...
View ArticleIs it possible to give an RA (non MS RA using DCOM) the right to only revoke...
HelloWe need to add a new RA into the mix of our environment (an AirWatch RA) the default documentation states give the RA 'Issue and Manage certificate role on the CA, however this would also give the...
View ArticleWindows Server 2012 registry keys don't exist
hello all,while using ESM application to check about the security policy for Windows Server 2012, while using Registry module checks it reports these 3 keys are not exist, does this...
View Articlenetsh ipsec l2tp psk pap
Security Gurus,I need a netsh command(s) to connect/establish IPSEC/L2TP. The VPN server is linux, with radius server configured. Need to use both psk and pap with userid and password submitted in the...
View ArticleADCS templates compatibility question
Hello, I have a general question, that I hope can be answered before we start a transition to a new version of Windows. The domain controllers are Windows 2012 R2, and some of our client computers...
View ArticleCertificate Authority in the DMZ
Hi,I have some DMZ workgroup servers that require certificates installed on them. I am thinking of deploying a Windows certificate authority in the DMZ. However, I am not sure if this is a good idea?...
View Articlesecurity baseline file for windows 2003
i have a security baseline inf file created for windows 2003 servers.how can i re-used this file for newer servers like windows 2008 and 2012?the baseline file was done many years ago.how can I convert...
View ArticleSSPI: 0x80090342 error in InitializeSecurityContext
Dear all,OS platform Windows server 2012 r2 64 bitwhile using dbca to create a 11.2.0.4 oracle database I encounter the following error:ORA-12638 credential retrieval failedwhen I check the listener...
View ArticleSmart Card Logon with NLA
Hello everyone!On domain-member Windows Server 2012 R2 we configured group policy "Interactive logon: Require smart card"=Enabled. Certificates issued by our internal CA. Everything works fine. Domain...
View ArticleHow to reset Administrator password in WS 2016 TP3?
I forgot my administrator password in WS 2016 TP3, how can I reset that?I am from PMC; planetminecraft.com/member/dr__steve You should join! I changed my username to _The_Doktor
View ArticleUse RoboCopy to copy a folder structure template and retain permissions
We have a client that has a Shared Data area they are trying to configure that uses a very convoluted permission structure that requires certain subfolders to have different permissions from their...
View ArticleHow to find the OCSP logs
Dear All,I have configured a Windows Server 2012 R2 Standard server to run a Certificate Authority and a Online Responder to use OCSP to check on the validity of the issued certificates (a ClearPass...
View Article