Create a Root CA with Subordinate CA already existing
I have to provide a Subordinate CA in one location with a Subordinate CA already existing in another location (same Domain) but no (Offline) Root CA has been installed.I figured to have 2 Subordinate...
View ArticleAn Extended Error has occurred. Failed to save local policy database
I am trying to add a user to the Log on as a service propery in the Local Security Policy of my DC. When I do this I get this error "An Extended Error has occurred. Failed to save local policy...
View ArticleAre my system admins changing or resetting their password?
Is there a way I can tell if my system admins are changing their password or just resetting them?I want to make sure they are actively using another password and not just reusing the same one over and...
View ArticleServer 2008 R2 Enterprise SP2 issue
Hello,I am currently looking to install the SP2 patch on my Server 2008 R2 Enterprise servers. I have tried the 2 different service packs and got the same error with both. The error is that it is...
View ArticleFederal PKI - Derived Credential
Working for a federal account where they have fully implemented Federal PKI smart card based authentication and would like to gravitate towards derived credentials from these cards for mobile device...
View ArticleClik here to view.
ADCS CEP/CES servers certificate enrolment command line
hello everyone,i'm having a bit of a hassle with a command line to enroll a certificate for a computer without user interaction,basically i have a pki infrastructure with a CES/CEP server proxying...
View ArticleIssue with Multiple Enterprise Issuing CAs
My environment originally:Single Forest/Domain at 2003 functional level running on Windows 2008 x64 SP DCsOffline standalone root CA on Windows 2003Single subordinate Enterprise issuing Ca using SHA1...
View ArticleHow to generate a CSR in IIS 7.5 with SHA2 algorithm
Hello,Is it possible to generate a CSR in IIS 7.5 using SHA2 encryption algorithm.We used to create the CSR using Microsoft RSA Schannel Crytographic Provider or Microsoft DH Schannel Crytographic...
View ArticleOne PKI platform for two AD forests
Hello There,We have 2 AD domains (Forests) connected by bi-directional AD trust. These two domains have their own PKI platforms.We are planning to build single PKI platform which can service for both...
View Article401.2 Authentication Errors
I have an website hosted in IIS7 Win 2008r2.All authentication methods are disabled except for "Windows Authentication".I have allocated the site to an integrated app pool that runs under an account...
View ArticleIPSec VPN configuration in Windows 2008 R2 Server.
Hello, I am in the process of setting up a IPSec Tunnel in Windows 2008 R2 server but having lot of difficulties to make it happen. It looks like phase-1 is successful by reaching the VPN concentrator...
View ArticleEAP-TLS Wireless Failure After Root/Issuing Certificate Renewal
Hi,We had a working NPS configuration for our wireless clients, we've recently migrated our offline root/issuing certificate servers from 2008R2 to 2012R2 and migrated to SHA2, we've renewed both with...
View ArticleCRL Download via SCEP fails in CA multi tier Hierarchy (Two tier / Three...
Hi All,Operating system - Windows server 2012 R2We have set up a three tier CA Hierarchy.Root CA->SubCA->Issuing CANDES service is installed at the Issuing CA.We have a developed a client...
View ArticleLOGON32_LOGON_SERVICE for "NT SERVICE\ServiceName"
LOGON32_LOGON_SERVICE can be used to create logon for built-in service accounts Network Service, Local Service, SYSTEM:LogOnUser("SYSTEM", "NT AUTHORITY", nullptr, LOGON32_LOGON_SERVICE,...
View ArticleClik here to view.
SHA1 Deprecation Testing
W.r.t.SHA1 Deprecation Policywe started dual signing our product binaries i.e. same binary is signed with SHA1 and SHA2 algorithms.After signing the binaries we wanted to test these binaries in...
View ArticleOld CA on server 2008 Crashed no backup, Need a new CA but Exchange 2010...
Old CA crashed on server 2008. Installed a new CA it warned me that I should install a subordinate CA but my old CA is no longer accessible. So I choose to install a new root CA and exchange management...
View ArticleIP Security Policies vs. WFAS - Interaction in modern OS context
I manage servers with a group of other administrators. The established practice is to create local IP Security Policies AND utilize Windows Firewall with Advanced Security. My understanding is that the...
View ArticleCreating User Dynamically And Using DPAPI
Hello.For some project I need to:1. Dynamically create local user account (for this I'm using UserPrincipal class from .NET framework)2. Impersonate to that user (I wrote some classes that calls native...
View ArticleMissing event 4740 on Windows Server 2008 R2 Domain Controllers
hi all,struggling to understand why our DCs are not logging event 4740 (account lockout).Domain functional level: Windows Server 2008 R2Forest Functional Level: Windows Server 2008 R2Basically one of...
View ArticleBitlocker boots without key
Hi,Thanks in advance for your help.We have a 2012 R2 Standard server. Bitlocker was installed and configured and keys were generated and copied to USB drives. The server would not boot with a key...
View Article