Revocation Server Offline on new Issuing CA
I am setting up a two tier PKI architecture. When configuring the Root CA I made a typo in the URL for for some of the repositories that went unnoticed until I finished configuration on the ICAs. I...
View ArticleRemediating Nessus Plugin IDs 57582 & 51192 on Windows 2012 R2 Servers
I have a group of Windows 2012 R2 servers that keep getting "hits" on Nessus scans via ID 57582 & 51192 both regarding self-signed certs and ports 3389& 1433 RDP and SQL respectively57582=SSL...
View ArticlePolicy CA start up error
Hi, I am tying to set up an offline Policy CA an keep running into a "The revocation function was unable to check revocation because the revocation server was offline" error.Please let me know if more...
View ArticleWindows Defender in Server 2016 slowed sequential writes to a crawl
We have an application which automates excel with data from our application reports. To speed things up when the the volume of the report is relatively high, we write a sequential csv file and then...
View ArticleClik here to view.
Get-RevokedRequest | Showing different time as compare to the original...
I am trying to get a report of revoked list of certs for last 24 hours. But when i run the output time shows in powershell windows is different compare to original revocation time in CA console....
View ArticleExport root and intermediate CA certificates in base64 format using...
Hi,I want to export the root and intermediate CA certificates in base64 format using powershell on the intermediate CA.Certutil has the switch "-ca.chain" which gives me the root and intermediate...
View ArticleOptional TPM Key Attestation failing ERROR_BAD_ARGUMENTS
We have a range of Windows 10 computers in our estate - some with no TPM chip, some with TPM 1.2, and some with TPM 2.0. I want to configure a certificate template to optionally perform TPM Key...
View ArticleUnencrypted Remote Authentication Available - RPC
Hi, I have run an vunerbelirty scan and one outcome is this. I have done some investigatin but not come up with any solution. What to do? This RPC service allows cleartext or very weak authentication...
View ArticleInsecure cipher suites
Hi all, Recently, we reviewed the security of our network and was noted that the network (mainly Windows 2012 servers) is using the following cipher suites. - RC4-MD5 - RC4-SHA - EXP-RC4-MD5 -...
View ArticleCertificate Web Enrollment Page authentication is getting by-passed, Anyone...
i'm bit new to ADCS, there was a issue raised from our client saying the certificate Web enrollment page is accessible for anyone connected to network. It works this way, 1) accessing the URL...
View ArticleGranting permissions for RPC on DCs
Hi,Could anybody give me a hint on how to grant RPC permissions for specific group / service account ondomain controllers? We are deploying lic. inventory tool and instead of installing agent in T0...
View ArticleNET::ERR_CERT_AUTHORITY_INVALID on all domain controllers
Browsing to any site from any of my domain controllers results in NET::ERR_CERT_AUTHORITY_INVALID Expanding the Certificate Information in Chrome yields: "Windows does not have enough information to...
View ArticleWS2016 - Windows Defender service won't start - 0x80070003
Hello.I have a WS2016 server where I cannot start the defender service. I found out about the issue when Windows Update couldn't install Defender updates/signatures (but other WU work fine).When i...
View ArticleUser PowerShell to get the template used to create a certificate.
I need to be able to identify the certificate template used to create a certificate in the Personal Space of LocalMachine. I can get all of the properties from the issued certificates by...
View ArticleThe server signature uses SHA-1, which is obsolete. Enable a SHA-2 signature...
I have a SHA256 ADCS infrastructure. Chrome is saying "“The server signature uses SHA-1, which is obsolete. Enable a SHA-2 signature algorithm instead. (Note this is different from the signature in...
View ArticleWindows Hello/Biometric (fingerprint) authentication - Domain
Hi,From what I've read the biometric authentication data is stored on a locally on a machine. 1. This would mean that if John (fictional scenario) logs onto 4 different machines every day he would have...
View ArticleRansomware attacked my server 2012
Ransomware attacked my server 2012 r2 how can i have backup please
View Articlehow to publish delta crl using certutil to AD store
Hi All,Can you please tell me how to publish delta crl using certutil to ADRegards,Kamal
View Article401.1 when setting up multiple Certificate Enrollment Web services servers
Hi, I've got a very strange issue. I installed Certificate Authority Web Enrollment on 2 Windows Server 2016 STD editions. I configured it in IIS so that it uses https://pki.customer.com In DNS I...
View ArticleAutoenrollment of certificates not working error of RPC Server Unavailable
Attempting autoenrollment of server certificates in my domain seeing EVENT ID's 6 and 13 RPC server is unavailable 0x800706ba. Same for domain controller autoenrollment. I checked the security on the...
View Article