Windows Certificate Services – Setup a CRL
May17

Windows Certificate Services – Setup a CRL

Setup a CRL KB ID 0000957 Problem One of the often-overlooked tasks in a Public Key Infrastructure (PKI) deployment is configuring your Certificate Services Certificate Revocation List (CRL). For smaller deployments with only one server, you don’t need to worry about complex design considerations (though a CRL doesn’t have to be hosted on a Certificate Services server). In my test environment, I have only one PKI server,...

Read More
RSA SecurID Error – ‘106: The Web server is busy. Please try again later’
Jan17

RSA SecurID Error – ‘106: The Web server is busy. Please try again later’

RSA SecurID Error KB ID 0000975  Problem Not the most descriptive of errors! In fact this has got nothing to do with the busyness of the web server at all. Solution : RSA SecurID Error What’s actually happening is the RSA agent on this machine (in this case a web server) cannot communicate with the RSA Authentication Manager. In my case the web server was in a DMZ, and the RSA Authentication Manager Appliance was in another DMZ....

Read More
Free Certificate for IIS with Let’s Encrypt
Feb11

Free Certificate for IIS with Let’s Encrypt

KB ID 0001736 Problem I’ve been aware of Let’s Encrypt for a while, they are a non profit Certification Authority, who will provide you with a free certificate, and you can use them for most things you want to secure with a digital certificate. The only reason I’ve never used them in the past is, their certificates have a short (3 month) lifespan, and I see enough things breaking when people forget to renew 12 month...

Read More
The Web Site for the CA Must be Configured to use HTTPS
Jan13

The Web Site for the CA Must be Configured to use HTTPS

KB ID 0000838  Problem When attempting to contact a server running the Certification Authority Web Enrolment role, you may see the following error. In order to complete certificate enrolment, the Web site for the CA must be configured to use HTTPS authentication Solution The correct fix is to set the web server (IIS) to serve the certificate website securely using https, though you can just set Internet explorer to ‘work’...

Read More
Load Balance IIS with Microsoft ARR
Jul05

Load Balance IIS with Microsoft ARR

KB ID 0001573 Problem If you have a lot of IIS servers, and want to load balance between them, then you can either buy a load balancer, or use Microsoft ARR (Application Request Routing). Note: ARR does a lot more than simply load balancing, e.g. it can perform caching, and complex web routing, and even SSL offloading. Here we are just looking at load balancing. I’m going to deploy TWO ARR servers in my DMZ, here I’ve got...

Read More