Windows Certificate Services – Setup a CRL
May17

Windows Certificate Services – Setup a CRL

Posted By on May 17, 2025

Setup a CRL KB ID 0000957 Problem One of the often-overlooked tasks in a Public Key Infrastructure (PKI) deployment is configuring your Certificate Services Certificate Revocation List (CRL). For smaller deployments with only one server, you don’t need to worry about complex design considerations (though a CRL doesn’t have to be hosted on a Certificate Services server). In my test environment, I have only one PKI server,...

Read More
Windows – Certificate Enrollment Fails
May27

Windows – Certificate Enrollment Fails

Posted By on May 27, 2022

KB ID 0000921  Problem I first saw this problem a few years ago trying to get some Windows clients to auto enrol with server 2008, then this week my colleagues could not get  new 2019 Domain Controller to enrol for a Kerberos certificate, and the this was caused by the same problem. Symtoms (RPC Error) 1. Test to make sure the client can see the CA, and is able to communicate with it, issue the following command; certutil -pulse As...

Read More
Windows Server – Install and Configure NDES
Oct21

Windows Server – Install and Configure NDES

Posted By on Oct 21, 2021

KB ID 0000947  Problem NDES, is the name for what we used to call MSCEP, which was an ‘add-on’ for the Server 2003 family of servers. In Server 2008 it was renamed to NDES. It is a role service that runs on a Certificate Services Server, and is used to create a registration authority (RA) that can issue certificates from your PKI infrastructure to network devices, i.e. Routers, Firewalls and Switches. Solution Installing...

Read More
The Web Site for the CA Must be Configured to use HTTPS
Jan13

The Web Site for the CA Must be Configured to use HTTPS

Posted By on Jan 13, 2021

KB ID 0000838  Problem When attempting to contact a server running the Certification Authority Web Enrolment role, you may see the following error. In order to complete certificate enrolment, the Web site for the CA must be configured to use HTTPS authentication Solution The correct fix is to set the web server (IIS) to serve the certificate website securely using https, though you can just set Internet explorer to ‘work’...

Read More
Windows Server 2012 – Deploying SSTP VPNs
Nov17

Windows Server 2012 – Deploying SSTP VPNs

Posted By on Nov 17, 2015

KB ID 0000819 Problem SSTP gives you the ability to connect to your corporate network from any location that has an internet connection, and is not filtering https. This port is usually open for normal secure web traffic. Traditional VPN connections require ports and protocols to be open for them to work, which makes a solution that runs over TCP port 443 attractive. Thoughts: While I can see why this is a good idea, Microsoft has...

Read More