The Web Site for the CA Must be Configured to use HTTPS
KB ID 0000838 Problem When attempting to contact a server running the Certification Authority Web Enrolment role, you may see the following error. In order to complete certificate enrolment, the Web site for the CA must be configured to use HTTPS authentication Solution The correct fix is to set the web server (IIS) to serve the certificate website securely using https, though you can just set Internet explorer to ‘work’...
ADCS – Login Failure: The user has not been granted the logon type at this computer
KB ID 0001242 Problem Post By: Daniel Newton I was configuring a ADCS (Active Directory Certificate Services) on a DC (Domain Controller) for a client today and wanted to setup web-enrolment. I gave the Certificate Service User permissions to the IIS_USRS Group and everything was going well. Then, this error popped up when assigning the service account in setup. Solution This can be easily fixed, just follow these instructions and...
Server 2012 – Certificate Services – ‘HTTP Error 403.14 – Forbidden’
KB ID 0001067 Problem I spun up a new Certificate Services server on my test network today, because I needed to issue some certificates for something I’m working on. It was a pretty vanilla build, just the Certificate Services role, and the Web Enrollment feature. Solution I spent a while searching this one down, as you can see (above) it was showing me the root cause of the problem. The page you normally see when you log into...
SBS Exchange Certificate Expired
KB ID 0000535 Problem When you setup SBS2008 (and Exchange 2007) it creates and uses a self signed certificate, which is fine. But by default it only lasts two years. The best option is to buy a proper certificate, but if you simply want to generate a new one here’s how to do it. Solution 1. Here you can see your certificate has expired. 2. Normally you need to access your certificate services web enrolment console to carry this...
Cisco ISE – Replace the Self Signed Certificate
KB ID 0001068 Problem Cisco ISE arms itself with a self generated certificate out of the box, (well the NFR appliance does anyway). To replace that cert with one signed by your own CA, this is the procedure. (Note: I’m using Microsoft Certificate Services on Server 2012 R2). Solution Step 1: Import the CA Certificate into ISE Note: If you have a lot issuing servers it’s a good idea the repeat this procedure for EVERY...