Lightweight Directory Services binary data
Hi Everyone,I am trying to import a certificaterevocationlist into an LDS partition in binary format, I have been able to import the CRL but when I use ldifde to output the LDS partition contents the...
View ArticleWindows Server 2008 R2 bitlocker System Volume Drive letter - can it be changed?
Can I use a different drive letter (other than S:) for the System Volume when using bitlocker? I have an application that already uses S: by default but when I enable bitlocker, it forces me to use S:...
View ArticleWindows firewall: Allow inbound file and printer sharing doesn't allow ping
I have a 2008 R2 SP1 server that has a GPO applied to it with the following setting:Computer config/Admin templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows firewall: Allow...
View ArticleWebsite Connection Software
I have my own web server and I was wondering what software I can install or implement into my website to record any IP addresses and devices that connect to it? I am running Windows Server 2012.
View ArticleUser is issued Multiple User Certificates
I've been responsible for setting up a PKI using Certificate Services to be used for Wireless Authentication. I've created I guess what you'd call a "stock standard" two-tier hierarchy based on...
View ArticleCertificate authority decomission
2 things, I need to decommission a enterprise root CA. I have the kb for this already so don't think I need help there.However, Looking at the issued certificates there are only 4 still that haven't...
View ArticleClik here to view.
Autoenroll fails with: "DNS name does not exist"
"Active Directory Certificate Services denied request 7054 because DNS name does not exist. 0x800725f2 (WIN32: 9714). The request was for DOMAIN\COMPUTER$. Additional information: Denied by Policy...
View ArticleClik here to view.
CA Certificate with new keys and CrossCA Signing
HiI am just looking for some guidance for renewing Issuing Certificate Authority keys... The conversation at work at the moment is that we need to "revoke" all existing issues certificates as soon as...
View ArticleEnterprise Subordinate Root CA Request
Hello everyone, I'm attempting create a CSR for an AD CS Subordinate Root. The Root CA will be a linux openssl ran by our security department. I walk through all the steps outlined at...
View ArticleCan certutil restrict commonname field
: -view -restrictCan certutil be used to '-restrict' the commonname, or other fields using wildcards?The below command will only return the field headers:certutil -config MyServer.mycompany.com\My-CA...
View ArticlePossible Kerberos bug in Server 2003 R2 x86 SP2 - client time (ctime) is random
Hello. I'm trying to get a stand-alone Windows 2003 R2 system to authenticate users against an MIT Kerberos V5 (v1.10) server. I've set up the host principal on the KDC, used ksetup on the Windows...
View ArticleCertificate Authority Issue
I'm trying to renew an Exchange 2010 certificate but when I navigate to http://CAservername/certsrv and click "Request a certificate" then "Submit a certificate request......" to get to the renewal...
View Articlegroup membership
Hi,I have user with access to a folder.I wanted to remove the user group membership to the folder. I removed user from all AD groups which had access to that folder but still the user had RX...
View ArticleWindows 2008r2 CA
We currently are running the Enterprise CA on 2008r2 and it is issuing certs as SHA256 but the CA itself is still SHA1. Is there a way to make the CA SHA256. Our root CA was upgraded from 2003 to...
View Article2008 R2 user certificate autoenrollment notre triggered with gpupdate on XP
Hi I'm trying to deploy user certificate auto enrollment with Win7 and Xp computers. I'm using a 2008 R2 intermediate enterprise CA, have created both templates and autoenrollment GPO and all is...
View ArticleAdding EKU/Application Policy to IPSECIntermediateOffline on Standalone CA?
I have a Standalong CA installed with NDES (SCEP) to issue Certs for Firewalls, VPN, etc. It is installed on a Member server that is connected to an AD Domcin.I'd like to add some Extended Key Usage...
View ArticleInstalling Certificate Server in a child domain
Hello all,I need to install a Microsoft Certificate Server in a child domain. We have several users that will need to autehticate via PKI. I dont wish to involve the parent domain in any way as we do...
View ArticleCross Site CA redundancy for secure AD
Hi AllI have a scenario where a Windows 2008 R2 domain spans two disparate sites, over a WAN. I need my domain controllers to talk secure i.e. port 636. This involves me placing a certificate in the...
View ArticleNDES service doesnt work when linked CA is restarted
We restart the Issuing CA for maintenance purpose regularly...After CA is restarted, the NDES service that is linked to it in another server, loose the capacity to make requests to this CA...So, we...
View ArticleHow to renew the root CA and increase key length to 2048 for window 2003...
How to renew the root CA and increase key length to 2048 for window 2003 standard edition?I have checked the installation of window 2003 CA server does not using CApolicy.inf. So I am not sure the...
View Article