SMB 1.0 vulberability on PKI servers
Hello Everyone,We have situation wherein the client is stressing to disable SMB 1.0 on all the PKI W2K16 servers.My question is - Will there be any impact if we disable SMB 1.0 on Certificate Authority...
View ArticleClik here to view.
Incorrect list of certificate templates with CEP/CES clients
CA is on a domain controller with Windows Server 2019 Datacenter, with domain at highest functionality levelWindows 10 1909 clients.Following a disaster recovery, one or more components of ADCS seem to...
View ArticleQuery : NT AUTHORITY\SYSTEM
Hello team,Could you please advise what is the exact use of " NT AUTHORITY\SYSTEM " in windows server operating systems.We could see this object is a member of some local server groups and these are...
View ArticleDelegate Control of an OU
how do i Delegate control for an OU so that members of a group that has been delegated control and move computer objects from one OU to another?I can delegate control for users and groups but can't...
View ArticleMapping a share using smartcard
I'm trying to map a share , from a client , by authenticating via smartcard .Tried using the file explorer interface but when I digit the smartcard pin it keep asking for credentials .The certificate...
View ArticleStrong Authentication for group of user
This might already been asked but could not find an answer to my scenario .In an on-premise installation we'd like to enable strong authentication ( MFA ) only for a limited set of priviled users , i.e...
View ArticleClik here to view.
You do not have administrative privileges on the server Failover Cluster
I am trying to setup a 3 node Failover cluster in Azure. The below is my configuration:Region: West EuropeVM Size: Standard D2s v3Storage: Premium LRS Data Disk: 2 numbers, 128 GBOS Disk: 127 GB,...
View Articlecertificate templates not showing
Hi all I'm setting up an environment for smartcard authentication but got issue with templatesI have duplicated the usual smartcard logon template and modified it with the normal field .Even if the...
View ArticleUnable to Export certificates as Personal Information Exchange - PKCS #12...
We are using Windows 2003 Certificate Authorities, and we are unable to Export certificates as .PFX, our only options are, DER encoded binary X.509 (.CER), Base-64 encoded X.509 (.CER), or...
View ArticleUnable to Enable replication from one forest to another forest through...
HiI am trying to enable replcation of a VM from once forest to another forest . both hyper V host are in different forest and they have seperate CA server . when i am enabling a replication i am...
View ArticleNeed advise on how to get alerts on expiring certs on Certificate Authority...
Hey Community Friends, Recently we have been dealing with a slew of certificates expiring on our certificatge authority server. I am pretty new to managing certificates I feel this could have been...
View Articlehow to complete enrollment with mmc?
generally the problem and theoretical solution is answered in this thread http://social.technet.microsoft.com/forums/en-us/winserversecurity/thread/F1593BD0-1476-4772-AA5E-1C0ECA65F0A0the problem is,...
View Article[Solved] AlwaysON VPN IKEv2 setup, how to add SSTP
Fully working IKEv2 AOVPN on mobile domain joined devicesBut some users have issues with IKEv2.Can I add an additional option to connect for this affected lot, being it SSTP AOVPNSeb
View ArticleCVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability
According to the Center for Internet Security, CVE-2020-0601 affects Windows Server 2012, 2012 R2, 2016 and 2019. However, when I checked the security update guide on the Microsoft MSRC website,...
View ArticleWindows SCEP; No mapping between account names and security IDs was done.
I have a Windows CA set up on Windows Server 2016. It's an Enterprise CA with CEWS running as a managed service account.Additionally, on the same server, SCEP is running with another managed service...
View ArticleMultiple pending certificates for the same subject
Hello,In the Pending Request pane of the Certificate Authority snap-in we're seeing multiple entries for user certificates based on the same template. In addition to the Request Submission Date...
View ArticleClik here to view.
Publish new ROOT crl
Hi,I have configured a PKI infrastructure, and I just want to create the steps I need to publish new root CRL in one year.So are these steps correct.1. Boot up the RootCa and publish new crl.2. copy...
View ArticleClik here to view.
AD CS SubCA, issued by OpenSSL Root CA, is unable to issue certificate...
I have a Root CA as OpenSSL and I signed a Windows Server AD CS instance as a subca and I installed it correctly, but I can't request certificates. Each request ends up with this error:And here's my...
View ArticleCertificate Authority deployment
Hi,I have two tier certificate authority which is running on 2012R and 2008R2.Enterprise root CA in 2008R2 Subordinate CA in 2012R2.I don't have 2012R2 Operating system license all are consumed, shall...
View ArticleReplace a self signed certificate
Hi,We have a webserver that has a self signed certificate that has been distributed through GPO so every machine on the domain now has this certificate added to the local Trusted Root Certification...
View Article