CNG private key are not supported – ADFS

September 23, 2014

Hey In the last Recent days I've handle with CSP issue  in ADFS environment When i got this error message at the end of the ADFS wizard: The certificates with the CNG private key are not supported. Use a certificate based on a key pair generated by a legacy Cryptographic Service Provider The problem occurred because of  "next generation" template's CSP certificate. Creating new template (2003) and pick for : Microsoft DH SChannel Cryptographic Provider Microsoft RSA SChannel Cryptographic Provider As mentioned here: Creating new certificate  and import it to  ADFS's local machine store. Try running  ADFS's Wizard again. Enjoy!
no comments

An incorrect Certificate Template permission

September 15, 2014

In the last recent days i've handle with permissions to certificate template issue,with this message error type: The permissions on the certificate template do not allow the current user to enroll for this type of certificate. You do not have permission to request this type of certificate This issue caused by an incorrect Certificate Template permission . Solution: grant Authenticated users Enroll permission: 1.Open MMC, click File menu, choose Add/Remove Snap-in, choose Certificate Templates, click OK. 2.Double-click the certificate template you used to request certificate, go forward to Security tab, selected Authenticated users, click Enroll option. Click OK. 3.Open CA console, stop CA service and...
no comments

Understanding Proxy Settings Exceptions By GPO

September 11, 2014

To be able to add url or address , Separate multiple addresses with a semi-colon . The following scenarios would causes internet connection problem in IE Exceptions: 1. Blank space 2. Missing data with . Or * 3. Addresses beginning with    "   Client Registry get new data  from GPO Server: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride Displays on IE Proxy Settings:
one comment

Cumulative Security Update for Internet Explorer (2977629)

September 10, 2014

This security update resolves one publicly disclosed and thirty-six privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. https://technet.microsoft.com/library/security/MS14-052
no comments

Certificates Physical Store

September 9, 2014

Hey As You probably all know , certificates placed under MMC Current User/Local Machine Stores, The physical registry of the certificates point to the Thumbprint certificate itself. Registry path:  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Certificates Figure I:
no comments

Recovering an Archived Private Key

September 8, 2014

Hey, Recovering  an Archived Private Key with the following steps: 1. The Certificate Manager should: a. Identifies the certificate b. Determines the KRAs c. Extracts the PKCS #7 blob 2. The KRA: a. Recover the private key  b. Securely transports the PKCS #12 file to the user 3.The User: Imports the recovered private key 
no comments

LDAP Bind function call failed 1006

September 2, 2014

LDAP Bind function call failed 1006 The following error appears in the System event log: Event ID: 1006 Description: The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description. Source: GroupPolicy Level: Error User: USER_ACCOUNT Computer: SYSTEM Logged: DATE_AND_TIME Task Category: None Keywords: The event source is GroupPolicy, the group policy client. The description tells the processing of group policies failed, because Windows could not authenticate to the Active Directory service server side ,a explanation from the fact the LDAP Bind function call has failed with...
no comments