Certificate Services Error – ‘The Email name is unavailable and cannot be added to the Subject or Subject Alternate name’
KB ID 0001029 Problem Server: Windows Server 2012 R2 Client: Windows 8 Enterprise I was setting auto-enrollment this morning, and the computer certificates were getting issued but not the user ones. The policies were correct, the registry keys on the clients were correct, even RSOP told me the users ‘should’ be getting certificates. However nothing was working so I decided to ‘manually enroll’ and this...
Event ID 29
KB ID 0001032 Problem Seen on a Microsoft Certificate Services server running NDES. Log Name: Application Source: Microsoft-Windows-NetworkDeviceEnrollmentService Date: 04/02/2015 11:22:26 Event ID: 29 Task Category: None Level: Error Keywords: User: PETENETLIVESVC_NDES Computer: PNLPKI00v.petenetlive.com Description: The password in the certificate request cannot be verified. It may have been used already. Obtain a new password to...
Event ID 128 – Certification Authority
KB ID 0001033 Problem Seen in the application log of a Windows Certificate Services server (Server 2012 R2) Log Name: Application Source: Microsoft-Windows-CertificationAuthority Date: 07/02/2015 15:55:26 Event ID: 128 Task Category: None Level: Warning Keywords: User: SYSTEM Computer: PNLPKI00v.petenetlive.com Description: An Authority Key Identifier was passed as part of the certificate request 29. This feature has not been...
Server 2012 – Certificate Services – ‘HTTP Error 403.14 – Forbidden’
KB ID 0001067 Problem I spun up a new Certificate Services server on my test network today, because I needed to issue some certificates for something I’m working on. It was a pretty vanilla build, just the Certificate Services role, and the Web Enrollment feature. Solution I spent a while searching this one down, as you can see (above) it was showing me the root cause of the problem. The page you normally see when you log into...
Microsoft Certificate Services Configuring OCSP
KB ID 0001084 Problem I seem to have done a lot of PKI the last 18 months. This week I needed an OCSP server deploying for the CA server on my test bench so I took the time to document it for future use. One of the most overlooked parts of a PKI deployment, is how to cope with ‘revoking’ certificates. Traditionally this has been done with a CRL, but there is a downside to CRL’s. Network devices tend to cache them,...
Using “DCPROMO /ADV” to Promote Remote Domain Controllers
KB ID 0000106 Problem For everyone that’s ever sat in a server room/cupboard and had to wait for a server to replicate active directory from a remote site, you will appreciate just how helpful the /ADV switch is when creating a domain controller. What does it do? Well Basically it lets you build a domain controller from a backed up copy of active directory, so after a reboot the new domain controller only has to replicate the...
Adprep /forestprep fails 2003 > 2008 Domain Upgrade
KB ID 0000026 Problem While attempting to upgrage a domain to Windows 2008 (schema version 44) you get an error like this.. [Status/Consequence] Error message: Error(110) while running “”C:WINDOWSsystem32LDIFde.exe” -o Obj ectGuid -d “CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,CN=Configurat ion,DC=DOMAIN,DC=local” -u -f “C:DOCUME~1ADMINI~1LOCALS~1TempTMP9791.tmp” -j...
Windows Server ‘Can’t Delete an OU’
KB ID 0000105 Problem Error “You do not have sufficient privileges to delete {OU Name}, or this object is protected from accidental deletion” Cause In Windows domains you have the option to prevent an OU from accidental deletion so that even a Domain/Enterprise admin cannot delete it. That’s fine until you need to delete one. Solution To delete a protected OU 1. On the the Server (with administrative privileges). 2. Start...
Windows Server – Stop Server Manager from Launching
KB ID 0000042 Dtd 04/08/15 Problem Server Manager on Windows Server 2008 and Server 2012, launches every time you log on, (with administrative access). After a while this can get very annoying, if you log into a lot of servers for example. So I tend to stop it auto-launching (it’s still on the taskbar if you need it!) Solution Disable Server Manager Opening on Startup 1. With Server Manager Open > Manage > Server Manager...
Set up Remote Access PPTP VPN’s in Windows Server
KB ID 0000103 Problem You want to provide access to your corporate network for your remote users. Solution Installing the Server Role 1. Start > Server Manager (or Start > run > CompMgmtLauncher.exe (Enter) > Add Roles > Select Network Policy and Access Services > Next > Next 2. Select Remote Access Service > Next > Install > The Service will take awhile to install (Coffee time!). 3. When Done > Close....