Local GPO setting not being applied despite Domain GPO having "Not Defined"...
Windows Server 2016 I have run RSOP, gpresult /H, and gpedit but have no explanation for why my local Security settings are not being applied even when the Domain GPOs have "Not Defined". The Local...
View ArticleEffect of CA cert renewal with/without new key pair on auto-enrolment
Hi,Can anyone confirm the expected behaviour when renewing CA certs on auto-enrolled certificates? Would renewal of a CA certificate trigger new certificate requests for certificates deployed using...
View ArticleDirectory Service access - Audit failure
Hi All,I have group policy which is linked to domain controllers container, Policy contains audit settings for directory service access and I have enabled it only for failure.I have one non-privileged...
View ArticleCertutil -installcert not working "command FAILED: 0x80070002 (WIN32: 2...
Hi,I'm installing a root PKI and 2 x subordinate PKIs in a test labI am at the stage where I'm trying to run the below command on the subordinates so they will be trusted by the root PKI.This should...
View Articlemandatory fields when submitting CSR to Windows Server CA
Hello!I have CA installed and configured. I want to enforce particular fields to be filled when submitting CSR to CA (no matter is it from mmc, cmd, bash, etc..). Is there a way I can define which...
View ArticleCA standalone root certificate is with validity of 10 years is going to...
couple of concerns:we are going to renew the root certificate with the existing public and private key. Regarding applications that have their own keystore -The LDAPS clients look to the current root...
View ArticleClik here to view.
What is "CertificateName" in AIA extensions?
I just setup a new Enterprise Issuing CA.The AIA shows the http location as http://domainname.com/pki/<CAName><CertificateName>I know what CAName is, but I don't know what "CertificateName"...
View ArticleClik here to view.
Windows Security Center
We have a terminal server running windows 2012. When our case management software tries to access outlook we get a security message to advise that something is trying to access outlook, Giving the...
View ArticleUnable to enroll SSL certificate to Smart Card - A smart card was detected...
Hello,We migrated our CA from 2003 to 2016 and now we are unable to enroll a certificate to our Smart Cards with the following errorA smart card was detected but is not the one required for the current...
View ArticleCertificate *.crt name automatically generated doesn't match name in PKIVIEW
I noticed that our new subordinate issuing enterprise CA generates a *.crt file in the name of "serverdnsname_CAName.crt" in the CertEnroll folder.However, when I look at PKI view, it's looking for a...
View ArticleIT Person Cannot Change His Own Admin Pwd in ADUC
Hello,Any tips/links/ideas for troubleshooting this scenario?We have a helpdesk person that is not a domain administrator, but is a part of the domain\administrators group. He cannot use AD Users and...
View ArticleInstall rights for a simple domain user
Hi Everyone,We have Windows Server 2016. I have a simple domain user who run/manage applications and services on this server and it works fine. I would like to give 3 kind of permissions for this...
View ArticleDisabled SMBV1 and now Workstation and Netlogon services won't start
I used a GPO to disable SMBV1 by changing the following below. Once I did that I can no longer RDP into the server, I noticed Workstation and Netlogon are not started. When I go to start Workstation I...
View ArticleRequest user certificates for end users
We are rolling out EAP-TLS wireless certificate based authentication that will need to support contractors with domain user accounts on our domain, but not using laptops from our domain (so we can't...
View ArticleWindows Server 2016 Version 1607
I couldnt download any updates for windows Server 2016 Version 1607 since June 2018. Is Microsoft stopped releasing patches for Windows server 2016 Version 1607?
View Articlei need to create a user account which has privilege to monitor the service &...
Dear team,i need to create a domain user id for our monitoring tool execute and get details for server hardware and service for monitoring console purpose .so i need to know which...
View ArticlePowerShell and AppLocker
I appologise if this is not the correct forum for this question but please point me in the right direction if not.I have a PS script that needs to run at logon on our domain. However we also have...
View ArticleDecommissioning an Old Certification Authority without affecting Previously...
Hi all,Can we use the procedure below to decommission old SUB CA server without affecting previously issued certificates from...
View ArticleCouple of quick LAPS installation questions
Active Directory (small), one forest, two domain controllers. DC1 is the master for all roles (netdom query fsmo). Should LAPS (AdmPwd.Setup.x64.msi) be installed on DC1 or DC2 or does it matter?...
View ArticlePlaning to upgrade CA from sha1 to sha256
Hi All, I have a domain hosted on single DC. On DC itself i have installed ent root CA . Now i am planning to upgrade CA from sha1 to sha256. I planing to follow the article -...
View Article