windows update
Hello GuysI have 17 servers at in a building near my main DC. when tryng to update (lest say) 6 servers it takes 4 hours. When I update 2 servers it takes about 2 hours.I believe that is bandwidth as...
View ArticleClik here to view.
You do not have administrative privileges on the server Failover Cluster
I am trying to setup a 3 node Failover cluster in Azure. The below is my configuration:Region: West EuropeVM Size: Standard D2s v3Storage: Premium LRS Data Disk: 2 numbers, 128 GBOS Disk: 127 GB,...
View ArticleFirefox "Secure Connection Failed" after installing KB4088879
I currently have websites running on IIS8, on Windows 2012 R2 Servers. After this months Microsoft patching we started to get reports of Firefox users not being able to connect to the website and are...
View ArticleGetting DC's to go back to using self signed certs post CA Removal?
Hi!As per title really. Our 2 DC's are configured to get their Directory Service Email Replication, KDC Authentication etc certs via our internal CA.I want to remove this but am worried this will cause...
View ArticleRE: upcoming Safari SSL validity limited to one year
Hi All,Not sure if you are aware and thought I would raise awareness about the upcoming safari ssl change which will limit ssl certificates validity to one year. pls see the url belowHow does...
View ArticleCan't enroll webserver certificate altough i'm in the domain admins group
Hi,i'm performing a migration of a CA on a Windows 2008 R2 domain controller to Windows 2016 domain member.Migration itself is not a problem. Everything is running...The funny thing is i cannot enroll...
View ArticleAlways on VPN, RAS in DMZ with NIC to LAN?
Hi Everyone, I've been tasked with building a proof of concept always on VPN system for my network. There's many guides on the internet, but I can't help think that each one is a security risk. We...
View ArticleAD CS: Offline Root CA and Subordinate CA - CRYPT_E_REVOCATION_OFFLINE
Like the title states, I have an offline, standalone Root CA Windows Server 2019 instance and I used it to issue a certificate for my subordinate CA. I have done the following:Microsoft: Configure an...
View Article(SOLVED) AD CS: Offline Root CA and Subordinate CA - CRYPT_E_REVOCATION_OFFLINE
I followed this guide: https://www.vkernel.ro/blog/how-to-publish-the-crl-and-aia-on-a-separate-web-server to properly configure my CRL locations for IIS. Thank you guys :)----------------Like the...
View ArticleAD CS: Submit CSRs without a certificate template defined
How can I submit a CSR, that's been created by an HP printer, to AD CS? Every time I try to, it says the request doesn't define a certificate template. I understand it's originating out of Active...
View ArticleAutoEnrollment Fails
Hi all, the autoenrollment group policy created using CEP/CES is timing out due to network latency. Our team has gone as far as it can to reduce this latency, but it is still not enough to stop timeout...
View ArticleConfiguring grace period for CRL cause Microsoft to ignore Base CRL validity...
Hi all,I recently noticed a very strange behavior during certificate validation check in a workstation using crl extended validity period.My goal was to check certificate validation process using...
View ArticleDiscontinued support for TLS 1.0 and 1.1
Hello.Exactly when do support for TLS 1.0 and 1.1 end?
View ArticleMicrosoft CA- certreq service account
Dear All,We have microsoft CA setup like offline root and online CA and We have certreq service account with domain admin rights, please let us know this certreq is mandatry service account or we can...
View ArticleMicrosoft CA- PKI-CDP recommendation
Hello All.I have few questions regarding the CDP and OCSP1. Shall i use the issuing CA for CDP location?2, Shall i use OCSP and CDP on same server?3, need the clustering for the CDP server for HA?
View ArticleClik here to view.
Certificate template
I can not dowload a SSL certificate for webserver, because the option is not there.I restarted the IIS admin service and exchange topology but it didnt work.How can I fix that?
View ArticleAccount Lockout
I'm having account lockout issue that's happening 2-3 times a day. User is running Windows 10 authenticating to Windows 2016 Domain and Exchange 2016 with Outlook 2016. Tried to clear credential...
View ArticlePKI 2012R2 Mail Encryption/Signature - Template Mystery
Hi All,I inherited the responsibility for certificates in my new company. In the month before I joined, a new PKI was developed and implemented. Sadly, the guy who planned and implemented it left the...
View ArticleHow to scan for malware using McAfee through AMSI
We are attempting to determine whether an uploaded file (Excel in this case, but could be anything) contains malware. The solution is developed in C#. To determine whether AMSI is available I am...
View ArticleJump Server Procedure
HiAnybody can help me if there's a procedure or step by step to build a Jump Server / Jump host ? What is software and hardware prerequisites.ThanksHomer Sibayan
View Article