Event ID 29
KB ID 0001032 Problem Seen on a Microsoft Certificate Services server running NDES. Log Name: Application Source: Microsoft-Windows-NetworkDeviceEnrollmentService Date: 04/02/2015 11:22:26 Event ID: 29 Task Category: None Level: Error Keywords: User: PETENETLIVESVC_NDES Computer: PNLPKI00v.petenetlive.com Description: The password in the certificate request cannot be verified. It may have been used already. Obtain a new password to...
Event ID 128 – Certification Authority
KB ID 0001033 Problem Seen in the application log of a Windows Certificate Services server (Server 2012 R2) Log Name: Application Source: Microsoft-Windows-CertificationAuthority Date: 07/02/2015 15:55:26 Event ID: 128 Task Category: None Level: Warning Keywords: User: SYSTEM Computer: PNLPKI00v.petenetlive.com Description: An Authority Key Identifier was passed as part of the certificate request 29. This feature has not been...
Server 2012 – Certificate Services – ‘HTTP Error 403.14 – Forbidden’
KB ID 0001067 Problem I spun up a new Certificate Services server on my test network today, because I needed to issue some certificates for something I’m working on. It was a pretty vanilla build, just the Certificate Services role, and the Web Enrollment feature. Solution I spent a while searching this one down, as you can see (above) it was showing me the root cause of the problem. The page you normally see when you log into...
Microsoft Certificate Services Configuring OCSP
KB ID 0001084 Problem I seem to have done a lot of PKI the last 18 months. This week I needed an OCSP server deploying for the CA server on my test bench so I took the time to document it for future use. One of the most overlooked parts of a PKI deployment, is how to cope with ‘revoking’ certificates. Traditionally this has been done with a CRL, but there is a downside to CRL’s. Network devices tend to cache them,...
Using “DCPROMO /ADV” to Promote Remote Domain Controllers
KB ID 0000106 Problem For everyone that’s ever sat in a server room/cupboard and had to wait for a server to replicate active directory from a remote site, you will appreciate just how helpful the /ADV switch is when creating a domain controller. What does it do? Well Basically it lets you build a domain controller from a backed up copy of active directory, so after a reboot the new domain controller only has to replicate the...
Adprep /forestprep fails 2003 > 2008 Domain Upgrade
KB ID 0000026 Problem While attempting to upgrage a domain to Windows 2008 (schema version 44) you get an error like this.. [Status/Consequence] Error message: Error(110) while running “”C:WINDOWSsystem32LDIFde.exe” -o Obj ectGuid -d “CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,CN=Configurat ion,DC=DOMAIN,DC=local” -u -f “C:DOCUME~1ADMINI~1LOCALS~1TempTMP9791.tmp” -j...
Set up Remote Access PPTP VPN’s in Windows Server
KB ID 0000103 Problem You want to provide access to your corporate network for your remote users. Solution Installing the Server Role 1. Start > Server Manager (or Start > run > CompMgmtLauncher.exe (Enter) > Add Roles > Select Network Policy and Access Services > Next > Next 2. Select Remote Access Service > Next > Install > The Service will take awhile to install (Coffee time!). 3. When Done > Close....
Remote Server Administration Tools (On Server 2008)
KB ID 0000169 Problem After 20 minutes of Googling I was scratching my head. I wanted “Active Directory Users and Computers” on a 2008 server, that wasn’t a domain controller. I thought as Vista had the same codebase, then Vista RSAT would work, (but it wont.) Solution After a bit of stumbling around, I found it, its already on the server as a “Feature” its just not turned on. Click Start > Server...
Locate your FSMO Role Servers
KB ID 0000221 Problem You would like to know which servers are holding which roles. To move your FSMO Servers CLICK HERE Solution FSMO Servers There are five FSMO (Flexible Single Master Operations) Roles that need to Exist in a Windows AD Forest. PDC Emulator (One per domain) RID Master (One per domain) Schema Master (One per forest) Domain Naming Master (One per forest) Infrastructure Master (One per domain) But I’ve Googled...
Deploying a Windows Server 2008 Domain Controller in a Windows 2003 Domain
KB ID 0000239 Problem Before you can add a Windows Server 2008 Domain Controller to a Windows Server 2003 Domain you need to carry out some preparation, this can be done during working hours, as the process only has a slight performance hit no one will notice there is work going on. Solution Before you start, have a good look round your existing domain controllers, get the latest service packs and updates installed. Have a good look...