Unlock Admin accounts by normal use account
Hi All,We have a very distributed setup where in each region we have atleast one Admin account. We have a Global Service Desk which can Unlock,Reset the password for normal users. But they are unable...
View ArticleMove a certificate from current user to local computer store in 2012
Hi, How can I move a certificate from current user to local computer store in Windows 2012 when the certificate's private key is marked as not exportable ?Drag and drop is possible in Windows 2008 R2...
View ArticleClik here to view.
Wrong CA Store for Root Certificate
Helloi've setup a PKI with offline Root and online intermediate under Windows 2012.I deployed certificates to Active directory using dspublish /RootCA dspublish /NTauth and SubCA for intermediate When...
View ArticleWindows Defender trying to scan network files, failing with Security Event ID...
I have a Hyper-V host and guest both running Server 2008 R2. The host is stand-alone (not domain-joined); the guest is a domain controller. I recently changed the guest to do a Full Scan instead of...
View ArticleShould the OCSP Responder service be running HTTP (80) or HTTPS (443) ?
Hi all,I'm finishing my High Available setup of OCSP Response servers (Array). I'm at the point that I have to configure my AIA (Authority Information Access) url. I've noticed that all configurations...
View ArticleWindows Firewall - COM+ Network Access (DCOM-In)
Hi,By default the "COM+ Network Access (DCOM-In)" inbound firewall rule from Windows Firewall is enabled. This enables you to enumerate through the DCE services running on port 135. Because this could...
View ArticleChanging validity period on CA and custom certificate templates
We want to change the validity period on our CA. We have a root CA that stays turned off. We have a subordinate CA that issues all the certificates. We want to issue longer certificates. So after...
View ArticleAD Certificate Service Question
Good day AllI am trying to install the Certificate Services on one of my 2012 DC's in order to create a cert for import into my Sonicwall 3500 NSA firewall. The purpose is to connect my LDAP service to...
View ArticleKerberos not working for some AD users
We have a list of user accounts used for automated testing. These accounts will not authenticate to any web site with kerberos. Any other user account works without issue.Each set if users are in...
View ArticleClik here to view.
Request does not contain a certificate template extension or the...
Hi,Need diagnosis with the following error, please:When I perform the steps in the link below and send the text file to my internal ca (by going to submit new request and selecting the txt file), I get...
View ArticleThumbprint details
I'm having some trouble with our deployment of EFS. I thought I had finished setting this up and some prelim testing was successful. We did make some changes to our GPO to allow auto-enrollment only by...
View ArticleWindows Server 2008R2 / 2013 (Shares and Permissions)
I have Windows Server 2013 setup for File Sharing. I created & Shared the folder. I set the security and share permissions of the folder with Administrators and a group call Internal Workers. I...
View ArticleHow can I install Certificate Authority on a Windows 2003 server running...
and when it prompts to put in the Service Pack 2 CD-Rom to install the certsrv.exe which is not on the CD?
View ArticleAudit failure: Event ID 4771
One of my user keep getting locked out and when I ran the Account Lockout Status (LockoutStatus.exe), I could not find any information related to the lockout.Log Name: SecuritySource:...
View ArticleWindows 200 SMB Inbound connections on TCP port 445
Hi guys:) Have issue with SMB on Windows 7 Ultimate (x64). Someone trying to establish connection to TCP 445 port from diffrent ips. My firewall (nis) is blocking but want to stop the service. The logs...
View Articlebat file help
I'm trying to write a bat file that will enable a windows 7 home user to access files they have on the domain (without upgrading them to pro) I'd like a bat file to prompt them for username and...
View ArticleCertificate Autoenrollment Errors 17 & 13 The parameter is incorrect
Every 8 hours my Windows 2003 Domain Controllers attempt to Auto Enroll certificates and I get the below two entries in the Application Logs:Type: WarningSource: AutoEnrollmentEvent ID: 17Automatic...
View ArticleStop auditing for Filtering Platform & Detailed File Share
I have Server 2012 DC that I noticed recently as having thousands of 5145 events being logged. In my research this event is logged for any access to any file share and this audit is not important for...
View Articlecertmgr.msc not exporting all of the selected certificates
Hello-I'm experiencing a weird issue that I'm hoping someone can shed some light upon. I have need to export all of the certificates located within the "Trusted Root Authorities"...
View ArticleClik here to view.
Enterprise root ca migration 2008 Standard -> 2012 Standard
I just want to clarify a step that is listed in the AD CS Migration article. It says if you're using the Server Manager installation of the role you need to follow these steps:To import the CA...
View Article