The Web Site for the CA Must be Configured to use HTTPS

KB ID 0000838 

Problem

When attempting to contact a server running the Certification Authority Web Enrolment role, you may see the following error.

In order to complete certificate enrolment, the Web site for the CA must be configured to use HTTPS authentication

Solution

The correct fix is to set the web server (IIS) to serve the certificate website securely using https, though you can just set Internet explorer to ‘work’ from your client machine if you are in a hurry.

Make Internet Explorer Accept Your Certification Authority

Note: This would need to be done on every machine that you wanted to access the Certificate Services web portal from.

1. From within Internet Explorer > Internet Options > Security > Trusted Sites > Sites.

 

2. Untick ‘Require server verification (https:) for all sites in this zone’ > Then add in the URL of the CA > Close.

3. With Trusted sites still selected > Custom level > ‘Initialize and script ActiveX controls not marked as safe for scripting’ > Enable > OK > Yes.

4. Restart the browser and try again.

Set IIS to serve Certificate Services Securely (via https).

This assumes you have your CA and the web portal installed correctly.

1. On the Certificate Services Server > Launch IIS Manager > Expand {server-name} > Sites > Default Web Site > Right Click > Edit Bindings > https > Edit > Select the self signed server certificate [NOT the CA ONE] > OK.

Note: If https is missing simply add it!

2. Expand Default Web Site > Certsrv > SSL Settings.

 

3. Tick ‘Require SSL’ > Apply.

4. That should be all you need, if it does not take effect straight away then drop to command line and run iisreset /noforce.

Related Articles, References, Credits, or External Links

NA

Your Current Security Settings Do Not Allow This File To Be Downloaded

KB ID 0001089 

Problem

After spinning up a new Windows 2012 R2 Server this week, I needed to get some hot-fixes and updates, and I was greeted by this annoying IE ‘Security Alert’.

I appreciate that normally you would not be downloading files on a server, but a lot of us do need to download and install software and unless you have Internet access elsewhere you will be stuck.

Solution

1. Chances are you will be on a URL that is in the ‘Internet Zone’, (though that’s not always the case), right click on any area of the web page you are trying to download from and select properties > and check the Zone you are in it will say Internet, Local Intranet, Trusted or Restricted Sites. Make a note!

Note: If it says ‘Restricted Sites’ make sure you are trying to download something legitimate and not something potentially nasty!

2. From within IE > Open the tools Menu (the little cog icon) > Internet Options > Select the appropriate Zone, (you noted earlier) > Custom Level.

3. Scroll all the way down to ‘Downloads’ > File Downloads > Enable > OK.

4. Restart the browser and try again.

Related Articles, References, Credits, or External Links

NA

To use Outlook Web App, Browser Settings Must Allow Scripts To Run

KB ID 0000862 

Problem

Seen (usually on a server) when trying to connect to either Outlook Web App, or The Exchange Admin Center.

To use Microsoft Outlook Web App, browser settings must allow scripts to run. For information about how to allow scripts, consult the Help for your browser. If your browser doesn’t support scripts, you can download Microsoft Internet Explorer for access to Outlook Web App.

Solution

You have two options, the first is more sensible (and more secure) so that would be my preference.

Option 1

1. From Internet Explorer Options > Security > Trusted Sites > Add the URL of OWA or ECP > Close > Apply > OK.

Option 2

1. From Internet Explorer Options > Security > Internet > Custom Level > Allow Scriptlets > Enable > OK > Apply > OK.

 

Related Articles, References, Credits, or External Links

NA