Where can I download security patch for MS11-025, MS11-049 etc.?
My corporate security found some vulnerabilities MS11-025 and MS11-049 etc., and I found them in security bulletin, but there is no where in the bulletin I can find download link. So, where can I find those hot fix download?
certreq -Enroll
Hello I tried to use the below command in order to renew certificate but i have an error (The request contains no certificate template information) certreq -Enroll -cert certificateSerialNumber -machine Renew How can i solve this issue?
Signing an externally generated CSR with AD CS standalone
Hi, I am currently facing a quite blocking issue regarding the signature of a CSR emitted by a non-Microsoft PKI (EJBCA Community in my case) with a Root CA on AD CS (standalone version). What we want to do is to create a Sub-CA in EJBCA (the client…
Computer administrator
I am trying to load some older programs, but when they start to set up a warning message pops up, this installation was stopped by the administrator contact your administrator. I am the administrator and this is my personal computer so what is happening…
Transitive Network Logon attack - Account lockout
Hi all, I see a transitive Network Logon attack on my AD netlogon logs, however, the computer name that attacks are coming from not pingable or searchable internally. Is there any way to find this puzzle? Thanks, Lrok
Biometrics & Facial Recognition in the domain
I would like to use both username & password. But only after the PC verifies the facial identity to the username. I hope that makes sense? This i a domain environment and it would add security to our domain. The problem I run into in my career is…
WS2016 AD DC, unlock Windows session with smartcard, '... credentials could not be verified'
Hello, Scenario: ---------- Try open a Windows session with a smartcard on computer joined to a 2016 AD domain Technology: ------------ Involves a third party CSP library for the smartcard to work. the smartcard contains the…
SHA 1 to SHA 256
Hi to all Which will be steps to change SHA 1 to SHA 256 in CA Windows 2012 r2?
Hyper-V Live Migration using Kerberos from 2012 R2 to 2019 fails with error 0x80090322
Hello! I have a Windows Server 2012 R2 Hyper-V Failover Cluster and I'm trying to Live Migrate VM's to a Windows Server 2019 Hyper-V Failover Cluster. When I try to Live Migrate a non-clustered VM from one of the Windows Server 2012 R2 Hosts to one of…
Certificates export?
Hello, I was trying to export our certificates but apparently for several of them I am limited as an export of the certificates without its key which make them useless. Anyway to get the key? The certificate request was generated on this…
Translate between Certificate Template Permissions and ActiveDirectoryRights enum
I'm trying to generate a report containing details about all certificate templates published in my forest. One of the things I want to show in the report is what principals have Read, Write and Enroll permissions on each template. In order to do…
KERBEROS refresh clients
Good morning, in our infrastructure have all clients windows 10, and 2 DC 2019 Server (FFL 2012 R2), when change (add or remove) users from groups, all client, need to reset manually kerberos token with cmd (klist purge –li 0x3e7). It's the only metod.…
ADCS Migration from Windows 2008r2 to Windows 2019
Hi experts, I would like to ask the following on the topic migrating ADCS from 2008R2 to 2019. I have run couple of articles like the one as below:- …
AD CS (Standalone version) - How to sign an externally-generated CSR as a CA?
Hi, I am currently facing a quite blocking issue regarding the signature of a CSR emitted by a non-Microsoft PKI (EJBCA Community in my case) with a Root CA on AD CS (standalone version). What we want to do is to create a Sub-CA in EJBCA. Our…
Domain Laptop Cached User Credentials randomly no longer usable
These days, thanks to the pandemic, we have many users working on their laptops from home (connecting to the domain through VPN once they login). Extremely rarely (it's happened a handful of times in the past 3-4 months) we have a user who suddenly…
Windows CA - Best Practices - Expirationdate,..
Hello all, as mentioned in many news-tickers, the most common browser (chrome, firefox, safari,..) will only accept certificates with a maximum lifetime of 1 year. This also means, that we have to replace all internally used webserver certificated…
![](https://techprofile.blob.core.windows.net/images/we3Jm2PDpEW5u_PM43pk_A.png?8D839C)
API Implementation Methods
What are the common API implementation methods?
![](https://techprofile.blob.core.windows.net/images/NzSFRY4LvUmCsZvxOuSTQA.png?8D80B7)
![](https://techprofile.blob.core.windows.net/images/NzSFRY4LvUmCsZvxOuSTQA.png?8D80B7)
Migrate NDES service to a new Server
Hi, I'm in the process of migrating certificate services from 2008R2 to 2016, one of the CA servers is also running the NDES service but I can't find any guide on how to move this to a new server (I'm planning on re-using the old server IP and name). …
Web enrollment for a Standalone CA
After installing Certification services and creating a Standalone CA on a Windows Server 2016 or Windows Server 2019 server member of Workgroup what else should I do in order to allow other servers request certificates? Should I install Certification…
request a certificate
dears, i have a local ca installed. i have a new machine, and i want to request a certificate from this machine to my local ca how is this done how can i generate a cer file and make it issued by my internal ca i am new to adcs Source…