MBSA - WUREDIST.CAB is damaged or an invalid Catalog
Configuration (WSUS server in DMZ) (LAN is private with no internet access)All Servers are 2003 and workstations are XP (at current service pack level)I run MBSA after each patch cycle from my...
View ArticleCertutil -repairstore and HSM
Hi:We are testing the following scenario. We have 2 W2k8 boxes, using an iSCSI shared storage volume. We want to set up a CA cluster using a HSM. So far, we have followed the instructions described in...
View ArticleSC SDSET LOCKED SERVICE FOR ADMINS
I have messed up my service, locked it for admins, is there any way to restore rights.I have added - changed rights for user like this: sc \\myserver sdset myService D:(A;;RPWP;;;S-1-5-21-...non admin...
View ArticleDoes it need any feed back to client PC when changing user password remotely ?
We use Win2003AD.End user uses SSL-VPN to connect company network.I heard the problem that when end user try to change passord by ctl+alt+delete after connecting company network by SSL-VPN, client...
View ArticleClik here to view.
why i execute "certutil -setcasites" always fail?
as teh picture show, it always fail, i m runnign with root domain administrator on the AD CS server ( a DC also)I;m Charles Lee.
View ArticleEnterprise PKI "Unable to Download" from all HTTP locations
I have a two-tier PKI setup: offline root and an issuing CA joined to the AD domain.When I open Enterprise PKI everything is OK except for the HTTP CDP and AIA locations. They all say "Unable to...
View Articleconfiguring credentials cache for users with alternate security identities set
We've got a fairly new Active Directory setup here with a Server 2008R2 domain controller and a number of Windows 2008R2 client workstations. Users are created in Active Directory with a "user...
View ArticleClik here to view.
what is the difference between "certutil -adtemplate" and "certutil...
i don't know exactly what certutil -adtemplate and certutil -template differsaare they equivalent to the GUI template management?the result are below:I;m Charles Lee.
View Articlehow to filter MBSA scan for missing security updates
I need to patch many of servers and thought that I could use MBSA to identify the Critical/Important Security updates that are MISSING from each server. How can i do that?Cal Miyatake
View ArticleW2K12 R2 Role Based Admin -> How?
Hello,1) With the release of W2K12 R2 and Win8.1 RSAT, what is the MS recommended method for implementing a RBA (Role Based Administration) model for 3rd level server support staff?2) How can you limit...
View ArticleDMZ Server Firewall
Dear all,Some months ago we have deployed and lync edge server on our DMZ zone with public ip's direclty attached to this server based on microsoft recomendations(our network supports company disagreed...
View ArticleQuery regarding Smart card login on replicated servers
Bonjour All,I am using a 3rd party CA for smart card login, i have successfully smart card login in single ROOT & single CHILD scenario after publishing the domain controller certificate.I am...
View ArticleServer 2008 R2 - User passwords resets automatically
Hi All,I'm new to this forum and I hope this is posted in the right forum. And I'd like to note that I'm not an expert in Server 2008.Currently, I'm ren ting a Server 2008 R2 from a dedicated server...
View ArticleHow AIA and CRL information in certificate is used ?
We use win2003CA.And certificate that CA published have AIA and CRL information .1In the Microsoft Product or Microsoft environment , how could we use AIA and CRL information ?In IIS web application...
View ArticleEnd of support for 1024-bit RSA certificates.
I understand that at the end of 2013 all web browsers and Certificate Authorities (CAs) will no longer support 1024-bit RSA certificates. Would that impact any of our internal (in-house) web...
View ArticleIIS returning 404 to Network Device Enrollment Service PKIOperation requests
I am trying to get NDES configured on Windows 2008 Enterprise, but I have a problem. Everything appears to be installed correctly, and I can get an enrollment challenge password from the server, but...
View ArticleUnquoted Service Path Vulnerability
This problem has been documented very clearly in several places, but folks seem to be getting the run around on an actual fix. Before going any further, please read the following to understand the...
View ArticleStandalone Cert authority in a 2008 R2 domain
I have a 2008 R2 domain with a root certificate authority, there is a group policy that auto enrols certs to all servers and client PC's.We are going to be using Dynamic VPN through a Juniper SRX110...
View ArticleWhy can't everyone be an Administrator?
I know what your thinking... Is this guy for real? Everyone being an administrator would be insane!!! Regardless, the question has come up in my department. We support 2000+ users in an academic...
View ArticleDisable CRL check on domain controllers for smart card logon
Hi!We use smart card logon and our smart cards are third party smart cards - it means we cannot control the publications on CRLs. Everything works nice in usual situation. But in some situations we...
View Article