AD FS brute force attacks
Hello - I am leveraging AD FS Proxy servers on my DMZ. However, I am still concerned that a malicious person may still try brute force attacks and cause accounts to become locked out.Is this a...
View ArticleCertificate Stays in Certificate enrollment Requests.
Hi,I've a Standalone CA and I request a certificate for client authentication via webenrollment.Once the request is done and accept the pending request. I can see my certificate at issued...
View ArticleExpired revoked certs not included in CRL
I am running a Windows 2008 SP2 Enterprise CA. Today, I've noticed that if I revoke an expired certificate, it shows up in the "Revoked Certificates" container of the CA Management snap-in, however,...
View ArticleCredential Roaming - deleting certificates
In an environment where Crednetial Roaming is enabled, when a user deletes a certificate am I right in thinking that certificate should not remain visible to the user whilst the tombstone period runs...
View ArticleServer Security Best Practice
For years I've heard to never install 3rd party applications, IE: JAVA, Adobe, flash, reader, etc, other browsers - Chrome, Firefox and the like onto servers because of the vulnerabilities that come...
View ArticleCan not connect to Radius Server Root CA issue
Please help, I had a Radius server working on my new windows server 2012 essentials box. It was set up and running for about a week. Then yesterday I followed the dashboard set up for "Anywhere...
View ArticleLDAPS from client computer getting error: The certificate received from the...
Hello All,I have AD setup detailed as below:-Parent domain - parent.comChild domain - child.parent.comMachine part of parent.com – machine1.parent.com Using ldp.exe, I can connect to port 389 (non SSL...
View ArticleHow to issue a Domain Controller Cert with a W2K8 Standard CA
Hello,I have Windows 2008 64 Bit Standard Domain ControllersOur CA is a member server running Windows 2008 64 Bit StandardI understand that I cannot use Certificate templates with this non Enterprise...
View ArticleCertificate for Non-Domain Computers
Hello,I am trying to request a device certificate for laptops that are not on my domain. I am referencing this article to set up my CA....
View ArticleCEP/CES enrollment problem
I'm trying to setup cert request/renewal though CEP/CES in a 2008 R2 domain. We have one root domain (where the CA/subordinate CA are), and two child domains. One of the child domains is in the same...
View ArticleNon-domain joined systems and certificated based communication
We are about to roll out PKI into our Windows domain. We are going to have 2 auto-enroll certificates, one for domain users and one for domain computers. We have a mixed IT environment, with various...
View ArticleIdentity Management for Unix withouth Password Synchronization
I need to create an NFS share on a Win2K8 R2 server. I've installed Services for Unix on the target server and Identify Management for Unix on a domain controller. I have no need for full password...
View ArticleFirewall causing schannel error with remote desktop and openvpn
I am using windows 2008. When I turn the firewall on, and try to connect through remote desktop client over OPENVPN I get the errors shown below. Los are all enabled, the log shows nothing being...
View ArticleRenew cert issued by sub CA after changing hash algorithm from MD5 to SHA1
I have root CA and subordinate CA in my environment. Both are running on Windows Server 2008. Both CA are currently configured with MD5 as hash algorithm. I refer to this post...
View ArticleCertificate mismatch. How to avoid using the certificate from the domain...
Problem Overview:When I attempted to connect to a virtual desktop (VD) using Window’s Remote Desktop (RD) Connection application from an external network, I encountered a certificate subject mismatch...
View ArticleWindows firewall
hiI cant find a forum for SBS 2011 standard so I am asking hereI am using Symantec endpoint protection 12.1.2 complete with firewallWindows sbs standard console gives a security warning that windows...
View ArticleServer 2012 Web enrollment not installed correctly
Hello,I installed a Standalone Root CA today, (and selected the option for Web Enrollment), but when I go to http://localhost/certsvr/ , the page isn't there ... I've checked in IIS, and the pages...
View ArticleImport intermediate certficate - .p7b format - into local computer store ---...
My objective is to import an intermediate certificate (provided by a 3rd party CA) into the local computer store of an Exchange server.This is an intermediate certificate that apparently must be...
View ArticleIE 10 Prompting for passwords - Windows Authentication
Hi everyone... My web site is using Windows Authentication, and grant everyone with an domain account access to the web site. When using IE7, IE8, or IE9, the domain user can access the web site...
View ArticleUnable to prevent access to local drives
Hi all,we run our applications on windows server 2008 r2 RDS and we have all the GPO that we know of to prevent access to local drives on the RDS servers. we have hide and prevent access enabled and...
View Article