Server 2012 – Certificate Services – ‘HTTP Error 403.14 – Forbidden’
KB ID 0001067 Problem I spun up a new Certificate Services server on my test network today, because I needed to issue some certificates for something I’m working on. It was a pretty vanilla build, just the Certificate Services role, and the Web Enrollment feature. Solution I spent a while searching this one down, as you can see (above) it was showing me the root cause of the problem. The page you normally see when you log into...
Microsoft Certificate Services Configuring OCSP
KB ID 0001084 Problem I seem to have done a lot of PKI the last 18 months. This week I needed an OCSP server deploying for the CA server on my test bench so I took the time to document it for future use. One of the most overlooked parts of a PKI deployment, is how to cope with ‘revoking’ certificates. Traditionally this has been done with a CRL, but there is a downside to CRL’s. Network devices tend to cache them,...
Windows – Cannot Manage Active Directory Certificate Services
KB ID 0001037 This article is from long time site supporter: Daniel Newton Problem On my laptop today I installed the RSAT Tools for Remote Management. I went to do some PKI Work in my Test Environment and Came with the Following Error: “Cannot Manage Active Directory Certificate Services. The specified service does not exist as an installed service. 0x424 (WIN32: 1060 ERROR_SERVICE_DOES_NOT_EXIST)” I thought it would automatically...
SBS Exchange Certificate Expired
KB ID 0000535 Problem When you setup SBS2008 (and Exchange 2007) it creates and uses a self signed certificate, which is fine. But by default it only lasts two years. The best option is to buy a proper certificate, but if you simply want to generate a new one here’s how to do it. Solution 1. Here you can see your certificate has expired. 2. Normally you need to access your certificate services web enrolment console to carry this...
PowerShell – Update All Domain Users Email Address From UPN
KB ID 0001072 Problem Update: Here is an easier Solution Earlier in the year, I had a problem with Certificate Services, every time it tried to issue a ‘user’ certificate it gave me an error because the user did not have an email address specified on their user object in AD. At the time I thought “I wish I know enough PowerShell, to just put an email address in all the users e-mail attribute”. So while...