Root CA certificate added to LDAP with CN=com as its name

-

we have root certificate offline ca that's root of enterprise pki.  we're trying publish in ad.  properties in cert seem in order, when publish certutil, it's injected "cn=com".  certutil parsing out of cert (the output lines "ldap:///cn=com,cn=aia,cn=public key services,cn=services,cn=configuration,dc=[domain],dc=[ext]?cacertificate")  any idea we're doing wrong here? 

can use dscdpcontainer , dscdpcn force name?

perhaps off in registry: hklm\system\currentcontrolset\services\certsvc\configuration\

<caname>

dsconfigdn

certutil -setreg ca\dsconfigdn "cn=configuration,dc=<domaincomponent>,dc<domaincomponent>"

http://technet.microsoft.com/en-us/library/cc737740(v=ws.10).aspx



Windows Server  >  Security



Comments

Post a Comment

Popular posts from this blog

Edit Group Policy

-
i have pc has power settings pushed out default domain policy in ad environment. of course on local machine "some settings managed system adminstrator". the machine temporarily no longer in contact domain controller (it's been physically moved , not on same network now) can't updated gpo settings. i believe if edit local group policy won't make difference because of group policy processing , precedence. since it's temporary away ad network, still want use settings of ad user. is there somewhere in registry stored can edit power plan manually until can sync domain? (i need prevent sleeping while plugged in - it's set 1 hour) thanks! allen crist i found site: http://gpsearch.azurewebsites.net/#7916 i able add policy to hkey_local_machine\software\policies\microsoft\power using specs found on site. looks solved issue. i'll report if didn't. thanks! allen crist ...
Read more

ADCS Policy Web Service - Access was denied by the remote endpoint. 0x803d0005 (-2143485947)

-
 hi there fellow colleagues, facing problem adcs policy web service on windows server 2008 r2 enterprise (sp1). • hotfix installed http://support.microsoft.com/default.aspx?scid=kb;en-us;2545850 • application pool identity: applicationpoolidentity (also tested custom service account) • testing local machine , machine • ca , cep on same system • getting kerberos ticket service , can see successful logon event user. • kerberos authentication working - directly calling url 403.14 (directory listing denied) logon method negotiate the following message shown in certificate services client - certifi cate enrollment policy server the remote endpoint not process request. 0x803d000f (-2143485937) the following ws-errors in webservices analytic log •wscall api failed 0x803d0005 •error occurred: 0x0 - there error communicating endpoint @ 'https://cep.example.com/adpolicyprovider_cep_kerberos/service.svc/cep'. •error occurred: 0x0 - server returned http status ...
Read more

File Share Witness is not a valid File share path

-
i have 2 windows 2008 r2 vms (esxi) running double-take. we have health-check running on our netscaler force failover primary vm secondary vm if netscaler cannot access smb share on primary vm. this hasn't proven method of providing fault tolerance, trying cluster these 2 vms using file share witness. (i should add client engineers solution, implement according requirements). the witness share has been created on emc vnx. domain account , domain cluster computer name account both have full control permissions on share. i have installed the file services role failover clustering feature on both vms. to configure quorum, selecting node , file share majority (for clusters special configuration). i providing ip address , share name in form of \\<ipaddress>\<sharename>. the wizard returns \\<ipaddress>\<sharename> not valid share path. reading documentation microsoft, there statement saying witness share should have nothing else stored or u...
Read more