Upgrade Your Microsoft PKI Environment to SHA2 (SHA256)
KB ID 0001244 Problem This is pretty much PART TWO of two posts addressing the need to migrate away from SHA1 before February 2017. Back in PART ONE we looked at how to upgrade the ROOT CA. It does not matter if it’s an offline or online root CA the process is the same. In many organisations their PKI is multi tiered, they either have a RootCA <> SubCA, or a ROOTCA <> IntermediateCA <> IssuingCA. (which is...
Certificate Services – Migrate from SHA1 to SHA256
SHA1 to SHA256 KB ID 0001243 Problem It’s time to start planning! Microsoft will stop their browsers displaying the ‘lock’ icon for services that are secured with a certificate that uses SHA1. This is going to happen in February 2017 so now’s the time to start thinking about testing your PKI environment, and making sure all your applications support SHA2. Note: This includes code that has been signed using...
ADCS – Login Failure: The user has not been granted the logon type at this computer
KB ID 0001242 Problem Post By: Daniel Newton I was configuring a ADCS (Active Directory Certificate Services) on a DC (Domain Controller) for a client today and wanted to setup web-enrolment. I gave the Certificate Service User permissions to the IIS_USRS Group and everything was going well. Then, this error popped up when assigning the service account in setup. Solution This can be easily fixed, just follow these instructions and...
Error – The Computer You Are Signing Into Is Protected By An Authentication Firewall
KB ID 0001241 Problem I put a ‘net use’ command in a logon script for a client today, and the drive refused to appear. So I executed the offending line and saw the following error; System error 1935 has occurred The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate the computer. Solution This error is seen because the user, (or group the user is a...
Cisco ASA – Adding New Networks to Existing VPNs
KB ID 0001240 Problem Note: To add new subnets to an AnyConnect Remote Access VPN, see the following article instead; Cisco ASA – Adding New Networks to AnyConnect VPNs I see this get asked in forums A LOT, so I though I’d get around to getting it written up. If you have an existing VPN to a remote site and then need to add another network how do you do it? Well that depends on where the new network is, and how it’s...