Enterprise PKI for Lab/Test
I'm looking for some advise on building a MS PKI. The query I have is - do org build a enterprise PKI for Testing, and how is it integrated with Domain controller. What are the best practices for Test PKI
How to capture audit log for the following packet filters DR-F0401-032, DR-F0401-036, DR-F0401-037 and DR-F0401-117?
How to capture audit log for the following packet filters DR-F0401-032, DR-F0401-036, DR-F0401-037 and DR-F0401-117?
Add timestamp (1.3.6.1.5.5.7.3.8) to an existing EKU of cross signing certificate template
Hi, I am new to this topic. Requesting some help here - Recently my company known as A acquired another company called B. The B company have built their own internal PKI and company A has provided a cross signing certificate from their internal PKI…
Delete an microsoft account
Hi, I was trying to enter with my university account to get a Microsoft license for teachers but was not get what I expected, so I do not like to have my phone number and email in another account. So I just want to delete forever my Microsoft account.…
how to convert ppf to pfx file
hello all, I have ppf file for my certificate with I need to convert it to pfx file and import it in windows certificate manager. this ppf file is my private certificate. I need to import it on my local computer that it can be connected to my devops…
Built-in DOMAIN\Administrator account permanent strange blocking
The infrastructure is not mine. Domain/Forest Windows 2012, 5 virtualized DCs in 4 Sites. Built-in DOMAIN\Administrator account is permanently blocked in HQ Site on one of the DC (PDC Emul.). Company personnel does not want to disable or rename…
Client Certificates and new last name
We require user certificate for pre-auth for our VPN solution. Our User certificate have UPN as SAN. When last name changes and UPN change, it seem users cannot connect back to VPN. Anyone have insight into this? How can we reissue new cert (when still…
"Certificate Policies" attribute is missing and "Issuer Statement" option is grayed out on the renewed CA cert
Hello Everyone, Recently I have renewed my Issuing CA certificate. To be specific, I have just signed the cert and yet to install on CA. While comparing the attributes of current CA cert & renewed CA cert, i found "Certificate Policies"…
Kerberos Realm Trust: Extra settings
Hi, Kerberos Realm Trust is one of the available trusts in AD Domains and Trusts. So I proceed "as usual" by adding this trust with Wizard: This can also be done from command line: netdom trust /add /realm .... . Netdom has also…
We lost our certificate autority server
Hi, our ceritificate autority server damaged and we were unable to recover. What should I do to install a new certificate autority? Thank you.
certification voucher after completion of cloud challenge
Hi Team, i have completed cloud challenge as mentioned below in ignite session ,but did not received any notification for certification, when can i except this or anything has to be additionally performed from my end. Free Microsoft Certification…
Expired certificate keeps re-appearing a few minutes after it is deleted
We have a Windows 2016 SCCM server with a local instance of SQL server 2016. The SQL server cert was expiring and a new SQL Server cert was created and applied. When we delete the old SQL Server certificate in the Certificates MMC, it re-appears a few…
Enroll on behalf of problem
Like many, we have staff working from home now using a VPN to connect back to site. This VPN is secured using credentials and user certificates. The issue is that when these user certificates expire, there's no way for the staff member to request a new…
Domain Conroller certificate key size
Hi, On my domain controllers, I have "domain controller" certificate issued by sub-ordinate CA. Domain controller certificate is having/issued with 1024 bit key size (RSA public key) whereas issuing authority certificate is with 2048 bit…
How to identify strong and weak ciphers?
Hi All, We have a doubt on how to identify the strong and weak ciphers from below: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Can anyone help me…
Active Directory Certificate Services - Certificate enrollment process is stuck in MMC
Good morning all, When I request a certificate at my enterprise CA using MMC, the enrollment process keeps getting stuck at the progress bar shown in the picture below. I checked that the service is running and event logs show no warnigs/errors…
Certificate Enrollment Web service
I need to test the installation and configuration of a web service to enroll for certificates. Where can i locate step-by-step documentation to install and configure "Certificate Enrollment Web service", "Certification Authority Web…
Deploying Microsoft Defender for Endpoint on Windows Server 2012
Is there a possibility to deploy Microsoft Defender for Endpoint (former: Microsoft Defender Advanced Threat Protection) to an Windows Server 2012? As far as i know, it's supported for the following operating systems: Windows Clients: Windows 7 …
Event ID's 5829-31 Not Visible in Domain Controller logs after August 2020 Patches
Hello, we have applied the August 2020 patches on our Domain Controllers but do not see any logs with Event ID 5829-5831 since the updates. There is at least one Server 2003 machine (i.e. out of support OS) on our domain which I assume is still using…
Orphaned Enterprise CAs....
I inherited a network with two orphaned Enterprise CAs in Active Directory. Both DCs that were running these CAs, are long gone.... I found the following article and would like to confirm that it still applies to get rid of these orphaned CAs. The…