KDC Certificate Could Not Be Validated Error
I think this is the right forum for this question, but please feel free to redirect me if it is not. We are using Windows Hello for Business for users to sign into their computers with a PIN or...
View ArticleRenew Subordinate CA (Core) Certificate
I'm Back! :) Again.I have feeling it's going to be Mark Cooper who answers this one.I've been fighting with a PKI project for about a month now and it's been extremely painful for ONE major factor;...
View ArticlePlugin ID 51192 SSL Certificate Cannot be Trusted
When I got this Nessus ticket from my Cyber Security Section I said no big deal I went over to vSphere and renewed the certificate. It renewed with the date of of 20 March 20 and was good 5 years. I...
View ArticleClik here to view.
GPO configure ldapenforcechannelbiding
hello,I want to set this configure gpo in DC server:But after this setting, I don't see that it applies to the servers:And the setting resutry didn't work,I added it manually :Is this a bug just for...
View Article2020 LDAP channel binding and LDAP signing requirement for Windows
Hello, March 2020 update, I wanted to know the difference between adding value here: https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry And change...
View ArticleAlwaysON VPN IKEv2 access from Apple MAC
Anybody has any ideas how to access IKEv2 AlwaysON VPN server (Server 2019) using Apple MAC?Trying this:https://www.oxcrag.net/2018/08/24/ikev2-ipsec-vpn-with-pfsense-and-apple-devices-2/but there...
View ArticleAlwaysON VPN IKEv2 access from Apple MAC (Mojave)
Anybody has any ideas how to access IKEv2 AlwaysON VPN server (Server 2019) using Apple MAC?Trying this:https://www.oxcrag.net/2018/08/24/ikev2-ipsec-vpn-with-pfsense-and-apple-devices-2/but there...
View ArticleEnterprise Intermediate CA Not Visible to IIS or Certificates Console
Standalone Root CA with an Enterprise Intermediate/Sub CA. Issue noticed when trying to "create domain certificate" from IIS Manager. When asked to select online certificate authority, the Sub CA does...
View Article[Solved] AlwaysON VPN IKEv2 access from Apple MAC (Mojave)
Anybody has any ideas how to access IKEv2 AlwaysON VPN server (Server 2019) using Apple MAC?Trying this:https://www.oxcrag.net/2018/08/24/ikev2-ipsec-vpn-with-pfsense-and-apple-devices-2/but there...
View ArticleHow to create DocumentEncryption certificate with CS (for use with PowerShell...
Hello,we are trying to create a certificate which we can use for the PowerShell commands Protect-CmsMessage/Unprotect-CmsMessage (see https://technet.microsoft.com/en-us/library/dn807171.aspx). The...
View ArticleRestrict autoenrolled certificate to specific certificate templates via GPO ?
We had previously autoenrolled certificates to all domain-joined Windows servers using a specific certificate template (e.g. Template A). This was done by targeting the autoenroll GPO to the OU where...
View ArticleProhibit the unlocking of the account, but allow to enable it
Hi, My task was to create a user group that can create and delete users in an Active Directory domain. At the same time, you must then log in for this new user, that is, his account must be enabled....
View ArticleSubordinate CA role transition from 2008R2 to 2012R2
Hi,I have two PKI. Enterprise CA -2012R2 and SUB CA in 2008R2.I am going to transition subordinate CA role from 2008R2 to 2012R2.I have only minimal knowledge in Certificate Authority.Please assist...
View ArticleADFS 2016 + Azure
Hey all, I've finally enabled MFA for ADFS 2016 and Azure AD (hybrid), it appears to be working great on a test application. We have one complaint however.... Every login to this app requires MFA /...
View ArticleFinding artifacts related to a user added to a local group
Gentlemen,I am investigating one case, where I need to identify when an user was added to a local windows group. OS is Win Server 2012. Unfortunately the event logs were archived and no longer...
View ArticleClik here to view.
Multiple HKEY_USERS (I don't believe they belong there)
So listed below is a list of HKEY_USERS. I know about the S-1-5-18, S-1-5-19, S-1-5-20, and S-1-15-21-...-500. But I'm a little unsure of the other ones. I've done Rootkit scans (Malwarebytes and...
View ArticleAuto renewal of computer authentication certificate has been stopped post CA...
Hi Everyone,Recently we have migrated the CA service from W2k8R2 server to W2k16. Currently we are facing issue related to renewal of computer authentication certificate. By right its should renew 6...
View ArticleSMB 1.0 vulberability on PKI servers
Hello Everyone,We have situation wherein the client is stressing to disable SMB 1.0 on all the PKI W2K16 servers.My question is - Will there be any impact if we disable SMB 1.0 on Certificate Authority...
View ArticleCertificate web enrollment services doesn't work as expected
CA Web enrollment services are installed on a separate server from the CA server itself and several problems exist.When clicking on "Download a CA certificate, certificate chain, or CRL", I receive the...
View ArticleRenew Subordinate CA (Core) Certificate
I'm Back! :) Again.I have feeling it's going to be Mark Cooper who answers this one.I've been fighting with a PKI project for about a month now and it's been extremely painful for ONE major factor;...
View Article