Event ID 128 – Certification Authority
KB ID 0001033 Problem Seen in the application log of a Windows Certificate Services server (Server 2012 R2) Log Name: Application Source: Microsoft-Windows-CertificationAuthority Date: 07/02/2015 15:55:26 Event ID: 128 Task Category: None Level: Warning Keywords: User: SYSTEM Computer: PNLPKI00v.petenetlive.com Description: An Authority Key Identifier was passed as part of the certificate request 29. This feature has not been...
Server 2012 – Certificate Services – ‘HTTP Error 403.14 – Forbidden’
KB ID 0001067 Problem I spun up a new Certificate Services server on my test network today, because I needed to issue some certificates for something I’m working on. It was a pretty vanilla build, just the Certificate Services role, and the Web Enrollment feature. Solution I spent a while searching this one down, as you can see (above) it was showing me the root cause of the problem. The page you normally see when you log into...
Microsoft Certificate Services Configuring OCSP
KB ID 0001084 Problem I seem to have done a lot of PKI the last 18 months. This week I needed an OCSP server deploying for the CA server on my test bench so I took the time to document it for future use. One of the most overlooked parts of a PKI deployment, is how to cope with ‘revoking’ certificates. Traditionally this has been done with a CRL, but there is a downside to CRL’s. Network devices tend to cache them,...
Using “DCPROMO /ADV” to Promote Remote Domain Controllers
KB ID 0000106 Problem For everyone that’s ever sat in a server room/cupboard and had to wait for a server to replicate active directory from a remote site, you will appreciate just how helpful the /ADV switch is when creating a domain controller. What does it do? Well Basically it lets you build a domain controller from a backed up copy of active directory, so after a reboot the new domain controller only has to replicate the...
Adprep /forestprep fails 2003 > 2008 Domain Upgrade
KB ID 0000026 Problem While attempting to upgrage a domain to Windows 2008 (schema version 44) you get an error like this.. [Status/Consequence] Error message: Error(110) while running “”C:WINDOWSsystem32LDIFde.exe” -o Obj ectGuid -d “CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,CN=Configurat ion,DC=DOMAIN,DC=local” -u -f “C:DOCUME~1ADMINI~1LOCALS~1TempTMP9791.tmp” -j...
Windows Server ‘Can’t Delete an OU’
KB ID 0000105 Problem Error “You do not have sufficient privileges to delete {OU Name}, or this object is protected from accidental deletion” Cause In Windows domains you have the option to prevent an OU from accidental deletion so that even a Domain/Enterprise admin cannot delete it. That’s fine until you need to delete one. Solution To delete a protected OU 1. On the the Server (with administrative privileges). 2. Start...
Windows Server – Stop Server Manager from Launching
KB ID 0000042 Dtd 04/08/15 Problem Server Manager on Windows Server 2008 and Server 2012, launches every time you log on, (with administrative access). After a while this can get very annoying, if you log into a lot of servers for example. So I tend to stop it auto-launching (it’s still on the taskbar if you need it!) Solution Disable Server Manager Opening on Startup 1. With Server Manager Open > Manage > Server Manager...
Set up Remote Access PPTP VPN’s in Windows Server
KB ID 0000103 Problem You want to provide access to your corporate network for your remote users. Solution Installing the Server Role 1. Start > Server Manager (or Start > run > CompMgmtLauncher.exe (Enter) > Add Roles > Select Network Policy and Access Services > Next > Next 2. Select Remote Access Service > Next > Install > The Service will take awhile to install (Coffee time!). 3. When Done > Close....
Remote Server Administration Tools (On Server 2008)
KB ID 0000169 Problem After 20 minutes of Googling I was scratching my head. I wanted “Active Directory Users and Computers” on a 2008 server, that wasn’t a domain controller. I thought as Vista had the same codebase, then Vista RSAT would work, (but it wont.) Solution After a bit of stumbling around, I found it, its already on the server as a “Feature” its just not turned on. Click Start > Server...
Locate your FSMO Role Servers
KB ID 0000221 Problem You would like to know which servers are holding which roles. To move your FSMO Servers CLICK HERE Solution FSMO Servers There are five FSMO (Flexible Single Master Operations) Roles that need to Exist in a Windows AD Forest. PDC Emulator (One per domain) RID Master (One per domain) Schema Master (One per forest) Domain Naming Master (One per forest) Infrastructure Master (One per domain) But I’ve Googled...