-
Recent Posts
Archives
- March 2018
- March 2017
- November 2016
- September 2016
- December 2015
- November 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- December 2013
- October 2013
- September 2013
- April 2013
- February 2013
- January 2013
- August 2012
- July 2012
- June 2012
- May 2012
- December 2011
- October 2011
- September 2011
Categories
Meta
Monthly Archives: September 2011
Remote Desktop Services RDS – Unable to logon from Windows 7 when certificate has expired
In Remote Desktop Services it is possible to tunnel all traffic over TLS. You can choose between a default certificate or from an external CA. If you pick a certificate that is autoenrolled from another CA there are some issues. When the … Continue reading
Posted in Windows
Tagged certificate, RDP, RDS, Remote Desktop
Comments Off on Remote Desktop Services RDS – Unable to logon from Windows 7 when certificate has expired
Write a CSR to a CA with Openssl
If you order i.e a wildcart certificate you dont want to generate the keys on a webserver because you cant just export them without special tools. Instead you can use openssl to make the CSR. 1. First we create a … Continue reading
Create users in Active Directory with powershell
New-ADUser -Name “Donald Duck” -SamAccountName DonaldDuck -DisplayName “Donald Duck” -Title “User Account” -Enabled $true -AccountPassword (ConvertTo-SecureString “Password ” -AsPlainText -force) -PassThru -path “OU=Users,DC=Domain,DC=Com” -AccountExpirationDate “2012-04-17T14:22:48.0000000”
Posted in Active Directory, Powershell
Tagged ad, create user, powershell
Comments Off on Create users in Active Directory with powershell
Add third party CA in Active Directory to enable smart card logon
If you want to be able to use a smartcard issued by a third pary CA to logon to your Active Directory there are a few steps you have to do. You have to tell Active Directory to trust the … Continue reading
Posted in Active Directory, PKI
Tagged ca, certificate, smartcard
Comments Off on Add third party CA in Active Directory to enable smart card logon
Active Directory – Disable inital sync
Before Active Directory starts it will do an inital sync with the other domain controllers. This can take several minutes if the other DC are offline. i.e in an test enviroment. Add the registry value below and reboot the DC … Continue reading
How to issue a new revocation list without the CA online
The CA certificate must be installed in the computers certificate store. Re-sign CRL InFile OutFile Validity period Days:Hours certutil -v -f -sign “PKI LAB ISSUING CA.crl” “PKI LAB ISSUING CA2.crl” 90:00
Vmware, Slow console for Win2008-R2 on ESX 4.1
By default the video RAM (Edit Settings/Video/Video Ram) is set to 8meg. With that setting VM Tools will not install the WDDM driver. You need to increase the ram to 32meg before doing VM Tools. If you don’t change the … Continue reading
Working with openssl and pkcs12 files
Extract the private key without password (encryption) from your pkcs12 file openssl >pkcs12 –in keyexport.pfx –nocerts –nodes –out keyexport.prv Enter the password used to create your pkcs12 (.pfx) file Extract the private with password (encryption) from your pkcs12 file openssl >pkcs12 –in keyexport.pfx … Continue reading
Metadata cleanup of a domain controller with ntdsutil
This can normaly be done by just deleting the domain controllers computer account. (Not prior to Windows 2008) Start ntdsutil.exe Act ins ntds metadata cleanup con connect to server [domain controller] q select op target list domains Select domain % list … Continue reading
Posted in Active Directory
Comments Off on Metadata cleanup of a domain controller with ntdsutil
Activate Netlogon debug logging
Activate Netlogon debug logging Enable: nltest /DBFlag:2080FFFF Restart the Netlogon service Disable: nltest /dbflag:0x0 Restart the Netlogon service OR Remove: HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters/DBFlag Restart the Netlogon service The log is found in %windir%\debug\netlogon.log http://support.microsoft.com/kb/109626
Posted in Active Directory
Tagged debug, netlogon, nltest
Comments Off on Activate Netlogon debug logging