IIS: How to Create a Certificate Request
KB ID 0000840 Problem If you would like to obtain a digital certificate either from your own CA, or from a public certificate vendor, you need to submit a certificate signing request (csr) first. Solution Note: I’m making the assumption you have already installed the Web Server (IIS) role on your server. 1. Windows Key+R > iis.msc {Enter} > Select the servername > Server Certificates. 2. Create Certificate Request >...
Windows Server 2012 ‘Direct Access with Windows 8’
KB ID 0000842 Problem In the following procedure I’m using Window Server 2012, and Windows 8 Enterprise, I am NOT configuring for Windows 7 so I don’t need to worry about PKI and certificates. (Other than the one the direct access server uses for https identification). I’m not adding in any Application or Infrastructure servers, this is just a basic run through on setting up Direct Access to get you up and running....
Error – Remove DirectAccess configuration settings from localhost before removing the Remote Access role.
KB ID 0000844 Problem When attempting to remove the Direct Access role from a Windows 2012 Server, you see the following; The validation process found problems on the server from which you want to remove features. The selected features cannot be removed from the selected server. Click OK to select different features. DirectAccess is configured on {host-name}. Remove DirectAccess configuration settings form {host-name} before removing...
Windows Server 2012 – Install and Configure an FTP Server
KB ID 0000847 Problem FTP might be an ages old solution for moving files around, but a lot of people swear by it. With Windows Server it’s still supported, even if it is hidden as a ‘role service’. Solution Create a Security Group For Domain FTP Access Note: For a Standalone/Workgroup server see below for setting up users and groups. 1. Launch Server Manager > Tools > Active Directory Administrative Center. 2....
Server 2012 – Install Role or Feature Fails with Error 0x800f082f
KB ID 0000873 Problem Seen here on Windows server 2012, but can also happen on Windows 8. When attempting to add a server role, or feature. The process may fail and produce the above error. Note: Here I’m attempting to add .Net 3.5, but it can happen for any role, role service, or feature. The request to add or remove features on the specified server failed. Installation of one or more roles, role services, or features failed....
Windows Server – Installing IIS and PHP
KB ID 0000879 Problem What used to be a complicated task has been simplified greatly by the Microsoft Web Platform installer, the process of adding PHP is the same for Windows 8,(though to install IIS you need to enable that as a windows feature (run appwiz.cpl > Turn Windows feature on or off). Solution 1. From Server Manager (ServerManager.exe) > Manage > Add Roles and Features > Follow the wizard and in the Server Roles...
Windows Server – Secure RDP Access with Certificates
KB ID 0000944 Problem This ensures that traffic that is sent over an RDP connection to a server is protected by TLS/SSL Encryption. IT DOES NOT stop clients connecting to an RDP server if they do not have a trusted certificate. If you need that level of security, that should already be done by 802.1x. Solution Create an RDP Certificate Template 1. On the domain CA Launch the Certification Authority Management Console > Certificates...
Cisco – Automatic Re-enrollment Fails to MSCEP/NDES
KB ID 0000970 Problem I’ve covered setting up NDES at length in the past, but what happens when your issued certificates expire? If you are using them for all your VPNs what then? Well thankfully you can get your devices to automatically re-enroll and before they expire, for example to renew the cert at 80% of its lifetime you would use the following; crypto pki trustpoint PNL-TRUSTPOINT enrollment url...
Certificate Services Error – ‘The Email name is unavailable and cannot be added to the Subject or Subject Alternate name’
KB ID 0001029 Problem Server: Windows Server 2012 R2 Client: Windows 8 Enterprise I was setting auto-enrollment this morning, and the computer certificates were getting issued but not the user ones. The policies were correct, the registry keys on the clients were correct, even RSOP told me the users ‘should’ be getting certificates. However nothing was working so I decided to ‘manually enroll’ and this...
Server 2012 – Certificate Services – ‘HTTP Error 403.14 – Forbidden’
KB ID 0001067 Problem I spun up a new Certificate Services server on my test network today, because I needed to issue some certificates for something I’m working on. It was a pretty vanilla build, just the Certificate Services role, and the Web Enrollment feature. Solution I spent a while searching this one down, as you can see (above) it was showing me the root cause of the problem. The page you normally see when you log into...