Smart card logon errors on domain controller
I am running a network with two domain controllers, both configured for smart card logon. Both servers were working with no errors but then they started giving users errors the first 3 or 4 times they...
View ArticleDomain controll auto enroll cert fails rpc server is unavailable
Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from intra3.xyz.com\xyz-INTRA3-CA (The RPC server is unavailable. 0x800706ba (WIN32:...
View ArticleDo I have to use an FQDN for the CRL server name?
I have several test domains. They have no network access to each other. I'm setting up certificate services for them. I'd like to share a single (standalone) Root CA and a single standalone Policy...
View ArticleMigrate the CSP of the CA certificate to another HSM
Hello,I try to migrate the HSM the Microsoft CA uses.I am running a Microsoft CA on a Windows Server 2008 (32bit) with an Eracom Protect Server External.I managed to export the certificate+privkey and...
View Articlefile locked by account that no longer exists
Hi all. I'm not sure exactly where to pose this question, but it may be security related so here goes...Over the past few months users have been randomly getting a notification that files are locked...
View ArticleHow to reset Windows Server 2008 R2 password on the dell server, please help me.
I lost my windows server 2008 password on a dell raid server and didn't create a password reset disk, is there any way to reset the password? Please help me. Thank you!
View ArticleServer 2012 - How to audit use of specific security groups?
Hey Guys,I created a set of new security groups for my organizations, I want to get rid of all the old ones but need to find out which are being used. For instance I created an "Accounting" security...
View ArticleSSTP VPN client PEAP certificate with Smart Card Logon not working on Windows...
Hello,I have come across a weird problem with client certificates on Windows 8. The clients have been issued Client Authentication and Smart Card Logon certificates. Everything works fine from Windows...
View ArticleMethods for Restricting Access to Server Data and Alerting on Security Breaches
We are about to see if it is possible to work with a Hosting Provider to outsource the support of the OS on our server estate. One key requirements is that the hosting providers staff should not be...
View ArticleTS/RDP: No warning about different certificate Win7 -> 2008 Server - bug or...
Hi,To mitigate RDP MitM vulnerability, I wanted to set up SSL for terminal services on a Win 2008 R2 Server (say, legitserver.domain.com). BUT I've imported a valid certificate* that has a different...
View ArticleParallel PKI hierarchies in Active Directory domain environment
Hi all,I have two tier PKI hierarchy in existing domain environment. There are some CA templates are being issued in the domain environment. Now, I would like to change the hash algorithm of Root CA...
View ArticleUnable to open Exchange Management Shell , Exchange 2013 CU1 due to kerbores...
Hi,I have installed Exchange 2013 CU1 and after that I am not able to open Exchange management shell, exchange server has been installed on 2008 R2 SP1 ( not in virtual m/c ).Error Message after...
View ArticleSSL certificate issue.
We are running a Windows Server 2003 R2 SP2 with exchange server 2007 installed on it.We requested a certificate from a Certifying Authority by generating a CSR from exchange management shell of our...
View ArticleNPS Error 4625 + NPS Error 6273 (Code Reason 295) Autenticating Computers for...
We have a CA Root(Offline) and a Subordinate CA (Online) which gives certificates for computers via GPO. Everything works well in our test environment (DC Active Directory,Microsoft NPS RADIUS,...
View Article2003 Server is DC and Enterprise CA - Can I remove certifcate services -...
We have a 2003 DC that we want to demote. It hosts the only CA in the domain. Can I uninstall certificate services, demote the server, then reinstall CA services so it can remain as a CA server after...
View ArticleShould a domain user who owners a folder be able to create sub-folders...
When deploying our server application, on Windows Sever 2008 R2, we create a folder in "C:\Program Files" with an local administrator user and change the owner of the folder to that of a particular...
View ArticleBDE drive removal
Is there any way to remove the BDEdrive partition in Server 2008 R2 after the OS is installed? (long story short: server deployed before we noticed the BDEdrive issue, now want to extend the C: drive...
View ArticleCannot install Certification Authority Web Enrollment
I have just moved my CA from a Windows 2003 server to a new Windows 2008 using the steps details...
View ArticleCredential Roaming - deleting certificates
In an environment where Crednetial Roaming is enabled, when a user deletes a certificate am I right in thinking that certificate should not remain visible to the user whilst the tombstone period runs...
View ArticleChange hash algorithm on CA of Windows 2008 without Hyper-V Editions
Hi All,I would like to change the hash algorithm of a CA Server. However, I check the registry[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\{CAname}\CSP]that it does not...
View Article