CRL Revocation always failed
Hi All, I try to configure the RADIUS server NPS, somehow the certificate authentication client always failed with reason:Reason = The revocation function was unable to check revocation because the...
View ArticleSubordinate CA failed to start
Hi,i ve got a strange problem. when i m trying to start Subordinate CA, following error occurs:"The revocation function was unable to check revocation because the revocation server was offline....
View Article401 - Unauthorized: Access is denied due to invalid credentials.
Well i am posting this to help other developers.i have some mvc 3 (vb) sites hosted on a IIS7. All websites was working perfectly from the server which i was connected via RDP (remote desktop) but when...
View Articlewifi eap authentication with ias and user/comp certificate
Dear all,Facing a strange and weird problem.Everything was working since yest and today morning users are not able to connect to the wifi.AP is cisco aironet with Eap authenticatoin requiring...
View ArticleLocking down IIS APPPOOL account locks out local administrators except for...
In a nutshell,we have been locking down the IIS APPPOOL account used by an Internet facing web application. The IISAPPPOOL account by default belongs to a number of mandatory groups when the security...
View ArticleClient Certificate Mapping authentication using Active Directory across...
Hi,We currently have a setup where the on-premises environment and the cloud environment are based on two separate forests linked by a 1-way trust, i.e., the exist in the on-premises AD and the 1-way...
View ArticleUsers are not prompted to change their passwords on Windows 7 (64 Bit) PC's
We have an AD domain right now with 2003 Servers as the DC's They are 32 Bit Server OS's. We primarily have Windows 7 64 Bit Clients on most of the desktops. We can NOT permit UAC to run due to...
View ArticleCorporate Password Policy
I am challenged with a personal want in changing the password policy. The current policy is rather insecure and with being the Systems Administrator/IT Manager I feel it is my job to make the...
View ArticleCertificate Templates mismatched between web UI and MMC
I'm trying to submit requests for the "Web Server" template but if I use the mmc snap-in for my account or local computer I'm not given the option of choosing the web server as a template.The strange...
View ArticleDeploying a Two-Tier PKI Hierarchy - Please help!
I wonder if anyone can assist with a small issue I'm having. I recently created a Public Key Infrastructure following Kurt Hudson's guide herehttp://technet.microsoft.com/en-us/library/hh831348.aspx If...
View ArticleServer 2008 R2. Has increased persistently Security Access Token handle.
Hi, o/ s: Server 2008 R2sp1Has increased persistently Security Access Token handle.I resolved to create a new account.What is the cause?I have created a MFC-based program.I tried to check the process...
View ArticleSecurity software for Windows Server 2012
Hi EverybodyWhat is the best software for protect Windows Server 2012?Im a little confused because i see Forefront security, System center endpoint protection and a lot of other software.What will be...
View ArticleIPSec policty to limit LDAP access
Hi,I'm trying to block incoming LDAP requests, with IPSec,So I create a policy that blocks all incoming connection to TCP port 389, And setup a white list of IPs that allow them to connect to that...
View ArticleServer 2008 R1 Standard - Event 1025, Security-Licensing-SLC
Hi Guys,Hopefully this will be a quick one. I have looked on-line and although people have experienced the same issue, I have yet to see a response that adequately addresses exactly what impact this...
View ArticleMicrosoft Trusted Root Certificate Authorities Has More Than 200 Entries
I've been trying to find a "good" answer to how to deal with this issue and I really can't find some solid advice. Recently the Microsoft Trusted Root Certificate Updates have exceeded the...
View ArticleSmart card logon, error with signature - Server 2008
Hi, I am currently working on a PKI system which should allow users to logon to a domain using smart cards. I have implemented a CSP which communicates with my smart card. I am able to generate a RSA...
View ArticleCross Site CA redundancy for secure AD
Hi AllI have a scenario where a Windows 2008 R2 domain spans two disparate sites, over a WAN. I need my domain controllers to talk secure i.e. port 636. This involves me placing a certificate in the...
View ArticleCertificate Issue - Client accessing WEB IIS resources - certificate not trusted
Hi All, I've been working on a certificate issue for a while now and I'm struggling to make ends meet regarding where this is failing. Here is the low down on the environment: 1. Web IIS Server and...
View Article"Specified domain either does not exist or could not be contacted" when...
Hello,I'm having trouble enrolling workstation certificates from a CA in a trusted forest. My CA is in a child domain of a root, which has a transitive trust to my forest. I've followed all of the...
View ArticleSecurity Banner for RDSH servers
I have a need for 2 distinct Logon Banners: one when a user connects to the TSFarm through RDS and another when a user is sitting at the server console and logging on locally.Anyone know a way to...
View Article