Since the Certificate Services management tools in Windows Server 2012, you can select the desired compatibility for the certificate authority and certificate recipient when configuring a certificate template.
In the following, this function is described in more detail, as well as possible effects in practice.
Continue reading „Wie sind die Kompatibilitätseinstellungen für Zertifikatvorlagen technisch abgebildet?“Since the Certificate Services management tools in Windows Server 2012, you can select the desired compatibility for the certificate authority and certificate recipient when configuring a certificate template.
The following is an overview of which options become available in each case when the compatibility settings for the certificate authority and/or the certificate recipients are changed.
Continue reading „Übersicht über die Verfügbarkeit von Optionen bei Veränderung der Kompatibilitätseinstellungen einer Zertifikatvorlage“Assume the following scenario:
Get-Certificate : CX509EnrollmentPolicyWebService::LoadPolicy: Access was denied by the remote endpoint. 0x803d0005 (-2143485947 WS_E_ENDPOINT_ACCESS_DENIED)Continue reading „Die Beantragung eines Zertifikats über die Zertifikatregistrierungs-Webdienste mittels Windows PowerShell schlägt fehlt mit Fehlermeldung „Access was denied by the remote endpoint. 0x803d0005 (-2143485947 WS_E_ENDPOINT_ACCESS_DENIED)““
Assume the following scenario:
Get-Certificate : CertEnroll::CX509CertificateTemplates::get_ItemByName: Cannot find object or property. 0x80092004Continue reading „Die Beantragung eines Zertifikats über die Zertifikatregistrierungs-Webdienste mittels Windows PowerShell schlägt fehlt mit Fehlermeldung „Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)““
(-2146885628 CRYPT_E_NOT_FOUND)
Assume the following scenario:
certutil -ping -kerberos -config "https://{Servername}/ADPolicyProvider_CEP_Kerberos/service.svc/CEP" CEP
The certutil command is incorrectly detected by Windows Defender or Windows Defenter Advanced Threat Protection as Win32/Ceprolad.A.
Continue reading „Windows Defender erkennt certutil als Schadsoftware (Win32/Ceprolad.A)“Assuming one implements Microsoft's Active Directory Administrative Tiering Model, or applies similar hardening measures to one's servers, this will have an impact on the CEP components.
Continue reading „Benötigte Windows-Sicherheitsberechtigungen für den Certificate Enrollment Policy Web Service (CEP)“A new feature of Windows Server 2016 is that the passwords for accounts that have a plain Login with smartcards be automatically renewed according to the password light lines.
If the "Smart card is required for interactive logon" option is enabled for a user account, the password of the user account is set to a random value once. However, the password never changes after that, which makes the account more vulnerable to pass-the-hash attacks.
The newly introduced feature solves this problem by generating new randomly generated passwords for corresponding accounts on a regular basis (depending on the password policy configured for the account).
Continue reading „Automatisches Ändern der Passwörter für Konten, die eine Anmeldung via Smartcard oder Windows Hello for Business erfordern“At the latest within the scope of the End of product support by the manufacturer (Microsoft) The question arises as to whether the Certification Authority should be Migration to another server to an up-to-date operating system, or performs an in-place upgrade. The latter process is described below.
At the latest within the scope of the End of product support by the manufacturer (Microsoft) The question arises as to whether the Certification Authority should be Migration to another server to an up-to-date operating system, or performs an in-place upgrade. The latter process is described below.
At the latest within the scope of the End of product support by the manufacturer (Microsoft) The question arises as to whether the Certification Authority should be Migration to another server to an up-to-date operating system, or performs an in-place upgrade. The latter process is described below.
At the latest within the scope of the End of product support by the manufacturer (Microsoft) The question arises as to whether the Certification Authority should be Migration to another server to an up-to-date operating system, or performs an in-place upgrade. The latter process is described below.
At the latest within the scope of the End of product support by the manufacturer (Microsoft) The question arises as to whether the Certification Authority should be Migration to another server to an up-to-date operating system, or performs an in-place upgrade. The latter process is described below.
Assume the following scenario:
An authentication error has occurred. The function requested is not supported. Remote Computer: 192.168.1.149 This could be due to CredSSP encryption oracle remediation. For more information, see https://go.microsoft.com/fwlink/?linkid=866660
In German:
Authentifizierungsfehler. Die angeforderte Funktion wird nicht unterstützt. Remotecomputer: 192.168.1.149 Ursache könnte eine CredSSP Encryption Oracle-Abwehr sein. Weitere Informationen finden Sie unter https://go.microsoft.com/fwlink/?linkid=866660Continue reading „Keine Remotedesktopverbindung mehr möglich nach In-Place Upgrade des Windows Server Betriebssystems“
The Network Device Enrollment Service (NDES) is Microsoft's implementation of the Simple Certificate Enrollment Protocol (SCEP) developed by Cisco in the early 2000s. The first implementation was released with Windows Server 2003.
It may come as a surprise that NDES does not use Secure Socket Layer (SSL) for the HTTP connections in the default setting to this day. This fact is explained and evaluated in more detail below.
Continue reading „Sollte HTTPS für den Registrierungsdienst für Netzwerkgeräte (NDES) verwendet werden?“Assume the following scenario
Error Parsing Request The request subject name is invalid or too long. 0x80094001 (-2146877439 CERTSRV_E_BAD_REQUESTSUBJECT)Continue reading „Die Beantragung eines Zertifikats schlägt fehl mit Fehlermeldung „Error Parsing Request The request subject name is invalid or too long. 0x80094001 (-2146877439 CERTSRV_E_BAD_REQUESTSUBJECT)““
English 
Deutsch