Upgrade Your Microsoft PKI Environment to SHA2 (SHA256)
KB ID 0001244 Problem This is pretty much PART TWO of two posts addressing the need to migrate away from SHA1 before February 2017. Back in PART ONE we looked at how to upgrade the ROOT CA. It does not matter if it’s an offline or online root CA the process is the same. In many organisations their PKI is multi tiered, they either have a RootCA <> SubCA, or a ROOTCA <> IntermediateCA <> IssuingCA. (which is...
Certificate Services – Migrate from SHA1 to SHA256
SHA1 to SHA256 KB ID 0001243 Problem It’s time to start planning! Microsoft will stop their browsers displaying the ‘lock’ icon for services that are secured with a certificate that uses SHA1. This is going to happen in February 2017 so now’s the time to start thinking about testing your PKI environment, and making sure all your applications support SHA2. Note: This includes code that has been signed using...
ADCS – Login Failure: The user has not been granted the logon type at this computer
KB ID 0001242 Problem Post By: Daniel Newton I was configuring a ADCS (Active Directory Certificate Services) on a DC (Domain Controller) for a client today and wanted to setup web-enrolment. I gave the Certificate Service User permissions to the IIS_USRS Group and everything was going well. Then, this error popped up when assigning the service account in setup. Solution This can be easily fixed, just follow these instructions and...
Error – The Computer You Are Signing Into Is Protected By An Authentication Firewall
KB ID 0001241 Problem I put a ‘net use’ command in a logon script for a client today, and the drive refused to appear. So I executed the offending line and saw the following error; System error 1935 has occurred The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate the computer. Solution This error is seen because the user, (or group the user is a...
Robocopy – File Server Migration
KB ID 0001233 Problem I’ve done a lot of migrations, and moving a client’s files and shared data, usually makes them cringe. I’ve lost count of the amount of times I’ve heard ‘We can’t have any downtime’, which is fine, until you tell them how much its going to cost to do this on a Saturday! As I posted recently, Microsoft have made this a lot easier with the file serve migration tools,...
IIS – Cannot Download File From Website (With Extension .xyz)
KB ID 0001223 Problem I first saw this problem a few months ago, when I wasted to download some .bin and .pkg files from a web server running IIS, into a Cisco firewall. Then again this week I needed to get a large .iso file into a clients network so I put it on a publicly accessible web server running IIS, and had the problem again. Solution On the IIS server, open administrative tools > Internet Information Services (IIS)...
Group Policy To Throttle Network Speed via QoS
KB ID 0001217 Problem Why would you want to do this? Well what if you want to test slow link group policy processing, or you are testing BranchCache? Using Group policy you can ‘throttle’ traffic to and from a particular IP address. Below I will pick a domain client on 192.168.110.120, and throttle all traffic between that client, and the domain controller to be 100kbps. Solution As I sad above I’m throttling...
Remote Desktop Web – Session Timeouts (Altering)
KB ID 0001215 Problem Timeouts for the RDWeb portal are defined by the choice you made when you logged in, if you selected ‘private’ or ‘public’ on the PC options, this sets the timeout. The default is 240 mins for private, and 20 minutes for public connections. Solution To alter these values you need to make changes in the ‘Internet Information Services Management Console’ on the RDWeb server....
Hyper-V Ceate and Deploy Machine Templates (Without VMM)
KB ID 0001214 Problem Last week, myself and a few of my colleagues had to deploy a LOT of servers into Hyper-V. The client did not have System Center Virtual Machine Manager, so the process of creating and deploying a machine from a template is a little more convoluted Solution Here I’m deploying Windows Server 2012 Datacenter, but we repeated the process for Oracle Linux (Red Hat,) and, with the exception of sysprep, the...
Windows BranchCache (Hosted and Distributed)
KB ID 0001212 Problem The purpose of BranchCache is, (as the name implies) to cache files in branch sites, without the need for a local file server or DFS. There are essentially two deployment models, In Hosted Mode a server in the branch caches the files locally as they are requested by clients. This works because the main file server provides a hash of the requested file, the branch server will download it, and if another client...