Windows ‘Always On’ VPN Part 1 (Domain and PKI)
KB ID 0001399 Problem Always On VPN was a bit of a misnomer when it was released, as it was only really ‘on’ when a user logged on. So when comparing it with ‘Direct Access’ it didn’t have the capacity to ‘Manage Out’. With the release of Windows 10 (1709) this has been rectified with ‘Device Tunnels’, (more on that later). The solution uses RAS, NAP (NPS), and PKI (Certificate...
Replacing the vCenter 5.5 Certificate using Microsoft Certificate Services – Part 1
KB ID 0001076 This article is from long time site supporter: Daniel Newton Problem Assuming you have a Windows PKI (Certificate Services) and want to replace the self signed certificates in vCenter. Solution 1. Firstly, Open the Certification Authority on the PKI Server. 2. Then duplicate the “Web Server Template”</p? 3. Give the certificate a sensible name. 4. Now click on the “Extensions” tab and under “Application Policies” and...
Windows Server – Secure RDP Access with Certificates
KB ID 0000944 Problem This ensures that traffic that is sent over an RDP connection to a server is protected by TLS/SSL Encryption. IT DOES NOT stop clients connecting to an RDP server if they do not have a trusted certificate. If you need that level of security, that should already be done by 802.1x. Solution Create an RDP Certificate Template 1. On the domain CA Launch the Certification Authority Management Console > Certificates...
Microsoft Certificate Services Configuring OCSP
KB ID 0001084 Problem I seem to have done a lot of PKI the last 18 months. This week I needed an OCSP server deploying for the CA server on my test bench so I took the time to document it for future use. One of the most overlooked parts of a PKI deployment, is how to cope with ‘revoking’ certificates. Traditionally this has been done with a CRL, but there is a downside to CRL’s. Network devices tend to cache them,...