Server 2012 – Install Role or Feature Fails with Error 0x800f082f
KB ID 0000873 Problem Seen here on Windows server 2012, but can also happen on Windows 8. When attempting to add a server role, or feature. The process may fail and produce the above error. Note: Here I’m attempting to add .Net 3.5, but it can happen for any role, role service, or feature. The request to add or remove features on the specified server failed. Installation of one or more roles, role services, or features failed....
Windows Server – Installing IIS and PHP
KB ID 0000879 Problem What used to be a complicated task has been simplified greatly by the Microsoft Web Platform installer, the process of adding PHP is the same for Windows 8,(though to install IIS you need to enable that as a windows feature (run appwiz.cpl > Turn Windows feature on or off). Solution 1. From Server Manager (ServerManager.exe) > Manage > Add Roles and Features > Follow the wizard and in the Server Roles...
Configure Wireless Network Stings via Group Policy
KB ID 0000923 Problem If you have a corporate wireless network, you can send the settings out to your clients, rather than have them all ask you what the wireless settings are, and how do they connect. Here I’m going to use Domain group policies, but the procedure is the same for local policies (just run gpedit.msc instead). And the dialog boxes are exactly the same as if you were configuring them on the client machine. (You...
Windows Server – Secure RDP Access with Certificates
KB ID 0000944 Problem This ensures that traffic that is sent over an RDP connection to a server is protected by TLS/SSL Encryption. IT DOES NOT stop clients connecting to an RDP server if they do not have a trusted certificate. If you need that level of security, that should already be done by 802.1x. Solution Create an RDP Certificate Template 1. On the domain CA Launch the Certification Authority Management Console > Certificates...
Cisco – Automatic Re-enrollment Fails to MSCEP/NDES
KB ID 0000970 Problem I’ve covered setting up NDES at length in the past, but what happens when your issued certificates expire? If you are using them for all your VPNs what then? Well thankfully you can get your devices to automatically re-enroll and before they expire, for example to renew the cert at 80% of its lifetime you would use the following; crypto pki trustpoint PNL-TRUSTPOINT enrollment url...
Certificate Services Error – ‘The Email name is unavailable and cannot be added to the Subject or Subject Alternate name’
KB ID 0001029 Problem Server: Windows Server 2012 R2 Client: Windows 8 Enterprise I was setting auto-enrollment this morning, and the computer certificates were getting issued but not the user ones. The policies were correct, the registry keys on the clients were correct, even RSOP told me the users ‘should’ be getting certificates. However nothing was working so I decided to ‘manually enroll’ and this...
Event ID 29
KB ID 0001032 Problem Seen on a Microsoft Certificate Services server running NDES. Log Name: Application Source: Microsoft-Windows-NetworkDeviceEnrollmentService Date: 04/02/2015 11:22:26 Event ID: 29 Task Category: None Level: Error Keywords: User: PETENETLIVESVC_NDES Computer: PNLPKI00v.petenetlive.com Description: The password in the certificate request cannot be verified. It may have been used already. Obtain a new password to...
Event ID 128 – Certification Authority
KB ID 0001033 Problem Seen in the application log of a Windows Certificate Services server (Server 2012 R2) Log Name: Application Source: Microsoft-Windows-CertificationAuthority Date: 07/02/2015 15:55:26 Event ID: 128 Task Category: None Level: Warning Keywords: User: SYSTEM Computer: PNLPKI00v.petenetlive.com Description: An Authority Key Identifier was passed as part of the certificate request 29. This feature has not been...
Server 2012 – Certificate Services – ‘HTTP Error 403.14 – Forbidden’
KB ID 0001067 Problem I spun up a new Certificate Services server on my test network today, because I needed to issue some certificates for something I’m working on. It was a pretty vanilla build, just the Certificate Services role, and the Web Enrollment feature. Solution I spent a while searching this one down, as you can see (above) it was showing me the root cause of the problem. The page you normally see when you log into...
Microsoft Certificate Services Configuring OCSP
KB ID 0001084 Problem I seem to have done a lot of PKI the last 18 months. This week I needed an OCSP server deploying for the CA server on my test bench so I took the time to document it for future use. One of the most overlooked parts of a PKI deployment, is how to cope with ‘revoking’ certificates. Traditionally this has been done with a CRL, but there is a downside to CRL’s. Network devices tend to cache them,...