Certificate Enrolment – URI This ID conflicts with an Existing ID
KB ID 0001248 Problem When attempting to connect a host to a Certificate Enrolment Policy Server I got this error; The URI Entered above had ID : “{Random-GUID}”. This ID conflict with an existing ID Solution On your certificate enrolment policy server, open the Internet Information Servers (IIS) Management console. Expand {Server-Name} > Sites > Default Web Site > ADPolicyProvider_CEP_Kerberos, (yours may not end...
Upgrade Your Microsoft PKI Environment to SHA2 (SHA256)
KB ID 0001244 Problem This is pretty much PART TWO of two posts addressing the need to migrate away from SHA1 before February 2017. Back in PART ONE we looked at how to upgrade the ROOT CA. It does not matter if it’s an offline or online root CA the process is the same. In many organisations their PKI is multi tiered, they either have a RootCA <> SubCA, or a ROOTCA <> IntermediateCA <> IssuingCA. (which is...
Certificate Services – Migrate from SHA1 to SHA256
SHA1 to SHA256 KB ID 0001243 Problem It’s time to start planning! Microsoft will stop their browsers displaying the ‘lock’ icon for services that are secured with a certificate that uses SHA1. This is going to happen in February 2017 so now’s the time to start thinking about testing your PKI environment, and making sure all your applications support SHA2. Note: This includes code that has been signed using...
ADCS – Login Failure: The user has not been granted the logon type at this computer
KB ID 0001242 Problem Post By: Daniel Newton I was configuring a ADCS (Active Directory Certificate Services) on a DC (Domain Controller) for a client today and wanted to setup web-enrolment. I gave the Certificate Service User permissions to the IIS_USRS Group and everything was going well. Then, this error popped up when assigning the service account in setup. Solution This can be easily fixed, just follow these instructions and...
Error – The Computer You Are Signing Into Is Protected By An Authentication Firewall
KB ID 0001241 Problem I put a ‘net use’ command in a logon script for a client today, and the drive refused to appear. So I executed the offending line and saw the following error; System error 1935 has occurred The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate the computer. Solution This error is seen because the user, (or group the user is a...
Changing Domain Users’ ‘User Logon Names’ and UPN’s
KB ID 0001238 Problem Changing a users UPN suffix is easy (as long as it’s been added – see below). There is some confusion about the User Login Name though. A few weeks ago I had a client that needed this done, (for an office 365 migration). But they had the added problem that some of their User Logon Names had spaces in them, they were in first-name{space}last-name format. What would happen if I changed their user...
Migrating Local Profiles to Domain Profiles
KB ID 0001235 Problem Moving a machine onto a Windows domain, is a simple task, I’ve done this for a lot of clients. The main complaint (post migration,) is that something is missing. This is because your-account-name on your PC or laptop, and your-account-name in the domain are TWO DIFFERENT ACCOUNTS, (even if they have the same name). Microsoft have produced some tools help you, but I challenge you to start reading the USMT...
Robocopy – File Server Migration
KB ID 0001233 Problem I’ve done a lot of migrations, and moving a client’s files and shared data, usually makes them cringe. I’ve lost count of the amount of times I’ve heard ‘We can’t have any downtime’, which is fine, until you tell them how much its going to cost to do this on a Saturday! As I posted recently, Microsoft have made this a lot easier with the file serve migration tools,...
Exchange – Test User Extest Isn’t Available
KB ID 0001230 Problem While troubleshooting some connectivity issues I used the Test-EcpConnectivity commandlet and got the following error; Test user ‘extest_bebc4142688e4’ isn’t accessible so this cmdlet wont be able to test Client Access Server connectivity Solution To enable the test user you need to run a script, and you will find it in the script directory in the Exchange setup media . Locate and run the...
Exchange Renaming and Moving Databases
KB ID 0001229 Problem Exchange has a habit of naming its databases as ‘Mailbox Database {Random-Number}’. This makes my OCD ‘itch’. So one of the first things I do is rename the database to something more sensible. Then I like to move the databases from the server system drive, and also relocate the log files into their own partition/drive. Solution Rename a Mailbox Database Log into Exchange Admin Center >...