Signing a CSR that doesn't match a template
I am trying to sign a CSR generated by either OpenSSL or any other type of non-microsoft certificate. I basically get rejected when I import the request as it says it does not match the Templates...
View ArticleSubordinate CA in childomain DirectAccess 2012
At the moment we're using one enterprise ca that issues certificates for all the domains in the forest. We want to setup a subordinate enterprise CA in the childomain. This CA will be used to issue...
View ArticleSetSPN fails for all accounts with Unknown Parameter
I'm having problems setting up delegation for an account.To troubleshoot (and make sure the customer had created the account), I tried:Setspn -l svc_sapcrystalThat fails with "Unknown parameter...
View ArticleHow to prevent domain controllers from attempting authentication on 2nd NIC
I have setup a second NIC on my domain controllers and assigned a new VLAN for a backup-only network for DPM. This works but I've found that the 2nd NICs are broadcasting as available domain...
View ArticleCert enrollment problem
I've been going round in circles on this one for a while now, but still haven't resolved the problem. To summarize, we have a dedicated forest root, with multiple child domains. One of the child...
View ArticleEnforce and GPO security filtering
I have a 4 GPOs that I would like to apply to the same OU and I would like to control the access to them by adding security groups of the users I want this policy to take effect to the "security...
View ArticleGPO enforcement and security filtering
I have a 4 GPOs that I would like to apply to the same OU and I would like to control the access to them by adding security groups of the users I want this policy to take effect to the "security...
View ArticleExpired Certificate
We have software on our servers that exposes certificate requests made by our system. We have noticed that one certificate request that happens (and fails) a lot appears to be an expired Microsoft...
View ArticleIn Windows Server 2008 R2: should I rename a user account or disable it?
I have windows server 2008 r2 with Active Directory. I want to know if is a best practice to rename an user account, for example "Chris" for "Monica" or just to disable it to create another? Regards
View ArticleWindows Firewall with advanced security - IPSec bug
Hi,I think I found a problem with IPsec on server2008r2.I have a customer that has a server in a datacenter. It has a public IP on the NIC. We are changing ISP and need our own Cisco appliances so I...
View ArticleIssue certificates for mobile devices
We're trying to beef up security and implement multi-factor authentication for non-domain joined machines.Currently only domain joined machines (the users need to provided their domain credentials and...
View ArticleHow to renew expiring Data Recovery Agents in Encrypting File System
I have a Data Recovery Agent that is expiring soon in our EFS environment. I found these instructions. Are they still valid? Is there anything that I need to look out...
View ArticleRefreshing computer certificates
I configured Auto Enrollment for computer certificates with our AD CA and it worked fine. However I am now decommissioning the old CA. I've set up a new CA, disabled the old CA from issuing certs...
View ArticleHow to prevent Users in Domain Admin to create another a new user and add...
Hi ,question1:i have to share some priviliges to CM facotory local IT,so ,i create another account and add it into domain admin group,but i donot want local IT to use my Domain admin account or change...
View ArticleAdd addtional attributes while submit a certiifcate request
Hi everyoneI have a problem. In which "format" I need to add the attributes in when I want to submit a certificate on my pki? the attributes I want to add are:X509v3 Extended Key Usage:TLS Web Server...
View ArticleAccount locked out
I can no longer log in to sharepoint with my AD user account. Admin account is fine. Other user accounts are fine. Checking the event viewer -> security on the web server shows audit failures for...
View ArticleHow to Reset Administrator Password Windows Server 2003 If I Forgot It?
I am using windows server 2003 enterprise edition. i forgot the windows Administrator log in password. It is only one user in my system. how to reset the password or how to log in.other than option of...
View ArticleSSL Certificate for Internal Domain Controller
Hi, I need to install some SSL certificates on my 3 domain controllers to enable TLS.I wish to use a third party CA (Symantec/Verisign) to produce the certificates. The domain my DC's are on is not...
View ArticleCA request - Windows Server 2012 - Subject Alternate Name
Hi, On 2008 R2 SubCA I used .inf file to create certificates with SAN. I used the following extension: [Extensions] 2.5.29.17 = "{text}" _continue_ = "dns=name.domain.com$dns=othername" This does...
View Article