vExpert 2014
October 5th, 2014
No comments
This year VMware granted me a non-technical certification vExpert. I helped out on VMWare Thinapp forum.
I’m so happy 😉
Archive
Posts Tagged ‘certification’
Problem with issuing certificate to domain controllers
June 6th, 2014
No comments
I have experienced same problem in two customers within four days. I had server with operating system Windows Server 2012 R2. I installed role Active Directory Certificate Services with default settings. Also default certificate templates were installed. One of the default certificate templates is called Domain Controller and it should be enrolled automatically to all domain controllers using autoenrollment method.
Certificates didn’t autoenroll to domain controllers so I tried to enroll certificate manually. I received following error:
Error: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)
After couple of minutes of debugging I found out that it should have something to do with security of accessing DCOM object. When I have looked on DCOM security settings I found some domain group called CERTSVC_DCOM_ACCESS. I tried to google for this and I found out that this group should contain all domain members that want to enroll certificate using DCOM. And it was missing “Domain Controllers” group:
I just inserted group “Domain Controllers” into domain group CERTSVC_DCOM_ACCESS. Rebooted domain controllers, they had to get new group membership, and everything started to work as expected.
That’s all for today,
Maximum Validity For Certificates
February 19th, 2013
No comments
You can configure expiration period for Certification Template. By default there are default maximum validation periods set to:
-
One year for Stand-alone Certification Authority
- Two years for Enterprise Certification Authority
This means you have Certification Template set its validity for example for 10 years, but you can enroll certificates with validity 1 or 2 years (Stand-alone / Enterprise Certification Authority).
This can be changed via registry keys described in KB254632.
Thank you for my colleague Róbert Švec.
Categories: Security, Windows authority, certification, maximum validity, one year, two years, Windows
Problem with enterprise certificate distribution
July 2nd, 2012
1 comment
Once upon the time I played with enterprise certification authority at one of our customers. I’ve created new certificate for certification authority. And then problem begun.
Recent Comments