Duo: ADSync and Enroll Users via SMS
KB ID 0001648 Problem Before you can use Duo 2FA/MFA you need to have your users enrolled. Theres a number of ways to enrol them, you can bulk email them, or manually add them. Below I’m going to Sync Duo with my Active Directory, so that if users are members of a specific AD group, they will ‘appear’ in the Duo Admin Portal. Then I’m going to enter a users mobile phone number and send them an SMS to enrol....
Certsrv: Can Only See User and Basic EFS
KB ID 0001552 Problem When connected to the Web Enrolment portal (Certsrv) for your Certificate Services, you attempt to submit a certificate request. But you only see User and Basic EFS under Certificate Templates, like so; Solution I’ve done this myself many times, usually you are looking for the ‘Web Server’ template and it’s not there, so we will use that as an example. Go to your CA Server. Windows Server...
NDES – Fails to Issue Certificates (Signature Algorithm)
KB ID 0001021 Problem I was trying to enroll some ASA firewalls to NDES to get some certificates. Each time the process failed with the following error. % Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0 That’s a pretty generic error, and does not give me a lot to go on. So I thought I would try from another network device, (a Cisco Catalyst switch). It’s a little easier to...
Windows Server 2012 – Deploying SSTP VPNs
KB ID 0000819 Problem SSTP gives you the ability to connect to your corporate network from any location that has an internet connection, and is not filtering https. This port is usually open for normal secure web traffic. Traditional VPN connections require ports and protocols to be open for them to work, which makes a solution that runs over TCP port 443 attractive. Thoughts: While I can see why this is a good idea, Microsoft has...
Windows Server – Secure RDP Access with Certificates
KB ID 0000944 Problem This ensures that traffic that is sent over an RDP connection to a server is protected by TLS/SSL Encryption. IT DOES NOT stop clients connecting to an RDP server if they do not have a trusted certificate. If you need that level of security, that should already be done by 802.1x. Solution Create an RDP Certificate Template 1. On the domain CA Launch the Certification Authority Management Console > Certificates...