NPS extensions RDS Gateway erweiterung. Fehermeldung

Lasse.H 1 Reputation point
2020-12-04T10:35:02.777+00:00

Hallo,

Beim Ausühren des powershell skripts zum konfigurieren der AzureMfaNps Erweiterung trat folgender Fehler auf (siehe Anhang).
Kennt wer eine Lösung für diesen Fehler ?

ps skript: AzureMfaNpsExtnConfigSetup.ps1 im Pfad C:\Program Files\Microsoft\AzureMfa\Config\

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,451 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alfredo Revilla - Senior Freelance SWE, SWA, IAM 27,016 Reputation points
    2020-12-07T22:30:28.527+00:00

    Hello @Lasse.H , Stellen Sie sicher, dass das network_service Konto Zugriff auf den privaten Zertifikatschlüssel hat. Please ensure the network_service account has access to the certificate private key.

    Dieses Powershell-Skript sollte Ihnen helfen. This Powershell script should help you: 

       $userName="NETWORK SERVICE"  
   $permission="Read"  
   $certStoreLocation="<cert store location>"  
   $certThumbprint="<cert thumbprint>"  
     
   $rule = new-object security.accesscontrol.filesystemaccessrule $userName, $permission, allow  
   $root = "c:\programdata\microsoft\crypto\rsa\machinekeys"  
   $l = ls Cert:$certStoreLocation  
   $l = $l |? {$_.thumbprint -like $certThumbprint}  
   $l |%{  
       $keyname = $_.privatekey.cspkeycontainerinfo.uniquekeycontainername  
       $p = [io.path]::combine($root, $keyname)  
        if ([io.file]::exists($p)){  
                   $acl = get-acl -path $p  
                   $acl.addaccessrule($rule)  
                   echo $p  
                   set-acl $p $acl  
       }  
   }

    Please let me know if you need more help. If the answer was helpful to you, please accept it and, optionally, provide feedback so that other members in the community can benefit from it.

    1 person found this answer helpful.