Archive

Posts Tagged ‘certification’

vExpert 2014

October 5th, 2014 No comments

This year VMware granted me a non-technical certification vExpert. I helped out on VMWare Thinapp forum.

vExpert

I’m so happy 😉

Categories: ThinApp, VMWare Tags: , ,

Problem with issuing certificate to domain controllers

June 6th, 2014 No comments

I have experienced same problem in two customers within four days. I had server with operating system Windows Server 2012 R2. I installed role Active Directory Certificate Services with default settings. Also default certificate templates were installed. One of the default certificate templates is called Domain Controller and it should be enrolled automatically to all domain controllers using autoenrollment method.

Certification Template

Certificates didn’t autoenroll to domain controllers so I tried to enroll certificate manually. I received following error:

Error: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)

CA Error

After couple of minutes of debugging I found out that it should have something to do with security of accessing DCOM object. When I have looked on DCOM security settings I found some domain group called CERTSVC_DCOM_ACCESS. I tried to google for this and I found out that this group should contain all domain members that want to enroll certificate using DCOM. And it was missing “Domain Controllers” group:

certsvc_dcom_access

I just inserted group “Domain Controllers” into domain group CERTSVC_DCOM_ACCESS. Rebooted domain controllers, they had to get new group membership, and everything started to work as expected.

More info here and here.

That’s all for today,

Maximum Validity For Certificates

February 19th, 2013 No comments

You can configure expiration period for Certification Template. By default there are default maximum validation periods set to:

  • One year for Stand-alone Certification Authority
  • Two years for Enterprise Certification Authority

This means you have Certification Template set its validity for example for 10 years, but you can enroll certificates with validity 1 or 2 years (Stand-alone / Enterprise Certification Authority).

This can be changed via registry keys described in KB254632.

Thank you for my colleague Róbert Švec.

Problem with enterprise certificate distribution

July 2nd, 2012 1 comment

Once upon the time I played with enterprise certification authority at one of our customers. I’ve created new certificate for certification authority. And then problem begun.

Read more…