2008 R2 CA automatic renewal of existing certificates
Hi,the certificates on the client PCs do not renew themselves automatically. What can I do? The following was set up:Tier 2 CA Architecture, offline Root CA, Enterprise CA on 2008 R2Clients apply GPO,...
View ArticleClik here to view.
Using smart card logon to an untrusted domain that has no CA
Hello!I am trying to log on to a domain that is foreign (no trust between the domains) to the domain that is issuing the user certificate for smart card logon.The scenario is as follows:Domain "A" is...
View ArticleHow can 4 Windows 2003 web server freeze at the same time?
On Friday May 24th at 3:06, 4 separate Windows 2003 R2 SP2 web servers running IIS 6 froze up. The servers are installed on four Dell PE R300 servers. No crash dumps were generated, and there are no...
View ArticleRemoving a Certificate Template off the list of issuing templates on a 2008...
I want to prevent the LRAs from using a certain template (an older one) to issue Smart Card certificates by removing it from the list of issuing templates. Any negative impact on the alrready issued...
View ArticleShould I have more than one enterprise subordinate CA server?
HiNew to CA so bear with me please. After reading a lot of write up's. It makes perfect sense to me that you first set your Root CA server(not a domain member). Then you setup an Subordinate...
View ArticleRemove a single permission using ICACLS utility
HiI have a folder that contains two different ACL permissions on a single folder e.gmytestuser:(CI)(RX) mytestuser:(OI)(R)I want to remove only one permission from these two like the first one.I've...
View ArticleAuditing Tab Options - Apply to
Could someone please define the Advanced security settings properties page - permissions tab- auditing entries-apply to options- ? I need to apply RO access to a file within a folder. The requestor...
View ArticleAlways Access Denied when choosing Automatically Enrol and Retrieve...
I am using 2008 R2 Certificate Services to issue certs across multiple forests (although don't let that muddy the waters).I have a need to issue certificates for use with s/ldap, so I have duplicated...
View ArticleCleanup renewed CA certificates
HiI currently renewed the Issuing CA (Win 2k8) because the organisation wanted to change the validity from 10 years to 20 years. Hence I took a simpler approach renewing the Issuing CA.Now the computer...
View ArticleSBS 2011 SSL Certificate installation fails
Got my SSL certificate from Network Solutions. Tried to install it using wizard but it failed. Network Solutions included three items with certificate. One is a intermediate cert and the other is...
View ArticleCertificate Authority DCOM class could not be registered
Getting the below error occasionally when CA service starts. The CA service is set to start as local system. Any ideas why this error is being generated ?Active Directory Certificate Services did not...
View ArticleClik here to view.
访问网络共享出错,抓包发现不是通过smb而是通过http访问,何解?
今天一位用户保障说访问网络共享打印机出错,现场测试后发现用户访问网络共享打印服务器失败,但用户上网其他功能都正常。在查看了用户的网络协议配置、Workstation等服务的运行状态后发现,所有一切正常,但就是访问不了网络邻居,测试访问其他网络文件共享服务器也提示失败。迫不得已,在用户机上安装了Wireshark进行抓包,结果发现本该通过smb协议访问目标主机445端口的网络共享居然是通过http访问...
View ArticleReporting potential security hole
Hi guys,Does anybody which is the official way to report potential security risks/holes to Microsoft?Thanks in advance,Twitter
View ArticleUsing certificate OID's to authenticate WiFi users.
Hello All,I am trying to sort out some issues with certificate OID's in our PKI environment. The background is we are in production with our wifi using EAP-TLS. Everything is working great and has been...
View ArticleApply PFX Cert to certain users logging into RDS
We have pfx certificate (that includes Root and Intermediate) we want to install into a users IE when they log on if they are a member of a certain AD group. I have imported it into GPO under: User...
View ArticleOCSP Siging template issueing certificate frequently
OCSP Signing template configured with 1 year validity, still I can see many issued certificate using this certificate template. Is this default behaviour. Thanks
View ArticleTwo Tier CA hierachy - CDP?
Hi everyone, i have a question regarding a two tier ca. my szenario: offline root ca - windows srv 2012 standard version (no member srv, no ad)subca - windows srv 2012 datacenter (memberserver)...
View ArticleMSSQLSvc service not available for delegation
I am trying to give MSSQLSvc delegation to domain user account, but MSSQLSvc service is not available for delegation. We have SQL 2008 R2 installed in cluster. we tried registering SPN, but no success.
View ArticleClik here to view.
Auditing logs for a folder on network
I need a create a folder and put auditing for a user or a group, when user or group make changes within this folder I like to log it.I have tried this microsoft knowledge base article: Security...
View ArticleClik here to view.
AD cleanup after CA host name move/change
Active Directory cleanup after Certificate Authority host name move/changeHopefully I am in the right forum. I cannot find a Certificate Services forum. Move this if it is better suited somewhere...
View Article