Search Results

Search found 18235 results on 730 pages for 'ad certificate services'.

Page 45/730 | < Previous Page | 41 42 43 44 45 46 47 48 49 50 51 52  | Next Page >

• Windows 2008 R2 CA and auto-enrollment: how to get rid of >100,000 issued certificates?

  - by HopelessN00b

  The basic problem I'm having is that I have 100,000 useless machine certificates cluttering up my CA, and I'd like to delete them, without deleting all certs, or time jumping the server ahead, and invalidating some of the useful certs on there. This came about as a result of accepting a couple defaults with our Enterprise Root CA (2008 R2) and using a GPO to auto-enroll client machines for certificates to allow 802.1x authentication to our corporate wireless network. Turns out that the default Computer (Machine) Certificate Template will happily allow machines to re-enroll instead of directing them to use the certificate they already have. This is creating a number of problems for the guy (me) who was hoping to use the Certificate Authority as more than a log of every time a workstation's been rebooted. (The scroll bar on the side is lying, if you drag it to the bottom, the screen pauses and loads the next few dozen certs.) Does anyone know how to DELETE 100,000 or so time-valid, existing certificates from a Windows Server 2008R2 CA? When I go to delete a certificate now, now, I get an error that it cannot be delete because it's still valid. So, ideally, some way to temporarily bypass that error, as Mark Henderson's provided a way to delete the certificates with a script once that hurdle is cleared. (Revoking them is not an option, as that just moves them to Revoked Certificates, which we need to be able to view, and they can't be deleted from the revoked "folder" either.) Update: I tried the site @MarkHenderson linked, which is promising, and offers much better certificate manageability, buts still doesn't quite get there. The rub in my case seems to be that the certificates are still "time-valid," (not yet expired) so the CA doesn't want to let them be deleted from existence, and this applies to revoked certs as well, so revoking them all and then deleting them won't work either. I've also found this technet blog with my Google-Fu, but unfortunately, they seemed to only have to delete a very large number of certificate requests, not actual certificates. Finally, for now, time jumping the CA forward so the certificates I want to get rid of expire, and therefore can be deleted with the tools at the site Mark linked is not a great option, as would expire a number of valid certificates we use that have to be manually issued. So it's a better option than rebuilding the CA, but not a great one.

  Read the article

• How to generate a CSR for Verisign for use with FileZilla

  - by BlackTigerX

  I need to get a certificate from VeriSign to use in FileZilla, to get the certificate, Verisign asks for a CSR file, FileZilla doesn't seem to have a way to generate those CSR files; how would I go about generating this file that VeriSign needs so they can issue a certificate that I can use in FileZilla?

  Read the article

• Can't make updates with LDAP from Linux box to Windows AD

  - by amburnside

  I have a webapp (built using Zend Framework - PHP) that runs on a Linux environment which needs to authenticate against Active Directory on a Windows server. So far my webapp can authenticate with LDAPS, but cannot perform any kind of write operation (add/update/delete). It can only read. I have configured my server as follows: I have exported the CA Certificate from my Windows AD server to /etc/opendldap/certs I have created a pem file based on this certificate using openssl I have update /etc/openldap/ldap.conf so that it knows where to look for the pem certificate: TLS_CACERT /etc/openldap/certs/xyz.internal.pem When I run my script, I get the following error: 0x35 (Server is unwilling to perform; 0000209A: SvcErr: DSID-031A1021, problem 5003 (WILL_NOT_PERFORM), data 0 ): Have I missed something with my configuration, which is causing the server to reject making updates to AD?

  Read the article

• Group policy applied to AD OU attributes

  - by Eric Smith

  I'm not well-versed in AD, so would like to resolve a question I have with regards to AD information. I understand that it is possible to apply group policy to OU's, thereby restricting access. What I'd like to know is, is it possible to do the same with OU attributes. Some context would help. There's a requirement to store address information in AD (IMO, a natural fit), but for various reasons, although obviously things like name should be globally accessible, access restrictions are desired on the address. In this case, is it possible to apply security to the address portion of the OU attributes, or does each address have to be broken into a separate OU (a solution that feels smelly given that address doesn't have identity)?

  Read the article

• Best Timing for Windows AD Domain Name Change

  - by Cliff Racer

  A while back when I first started with my company, the domain had already been set up using a "xxx.net" DNS name for the internal AD namespace. The shortname is just fine and I feel no need to change it but I have always hated how we used an internet DNS name for our internal AD. We are planning an AD upgrade from 2003 to 2008R2 and I would like to work this DNS name change if possible. I know there are procedures for doing a full domain name change but my question is: Is a FULL domain name change neccessary if all I want to change is the internal DNS name of the domain? Would it be better to do this change after the 2008R2 domain upgrade?

  Read the article

• AD account locks out when using Outlook 2007?

  - by Down Town

  Hi, I/we have a problem with our Windows Server 2008 forest and Exchange. We are buying Exchange hosting from another firm and Exchange Server is in their Windows Server 2008 forest. So, we have two forests and there isn't any trusts between these two forests. Our own forest logon name is [email protected] and we also use the same email address to logon to the Exchange mailbox. Everything works fine if both our AD account and Exchange mailbox account have the same password, but if the passwords don't match, our AD account gets locked out. I have tried to figure out why Outlook sends false logon attemps to our AD. If someone can help, please do.

  Read the article

• Migrating LDAP user and password to SAMBA4 AD

  - by Rudy Dajoh

  As title suggests. We are migrating from OpenLDAP as user authentication to Samba 4 AD Domain. But I can't find any information on how to transfer passwords and users to Samba 4 AD. How to migrate all LDAP user base at ou=People,dc=company,dc=com to samba 4 AD domain? I don't need to assistance transferring everything, I only need to transfer user accounts. I've finished migrating them all but user/passwords. Can it be done? If so, how?

  Read the article

• IE8 complains about SSL name mistmatch

  - by Cerin

  When visiting an SSL protected website, IE8 complains about the certificate name not matching the website address, but gives no information about the certificate or what name it's looking for. Visiting the same site in IE9 (or IE9 in "IE8 mode"), Firefox, Chrome, and Safari shows no problems, and that the certificate matches the address. Certificate checkers indicate everything is installed and configured correctly. Does anyone know what might be causing this? Is this a known issue or bug in IE8? I've been Googling for similar issues, but due to the uncertainty as to what's actually going on, I'm not sure what to search for. My problem reads similar to this question. However, my server is running Apache2.

  Read the article

• SSL Certificate Stops Working after Server Reboot on IIS7, W2K8

  - by Zac

  We recently upgraded from W2K3/IIS6 to W2K8/IIS7 and have been having problems with our SSL Certificate (Thawte 123 SSL certificate) ceasing to work after rebooting. Initially, the intermediate certificates would stop working and we could repair the problem by reinstalling all of them after the reboot (annoying, but not the end of the world). Unfortunately, this is no longer working. The certificate chain has been doublechecked by several tools and people with decent knowledge but no one has been able to identify the cause of the problem. The bindings in IIS have been checked as well The cert itself is also still valid. NOTE 1: I have seen THIS question which seems to be very similar, but there is no satisfactory answer in that post and it's a year old so not likely to get one any time soon. NOTE 2: I'm asking this on behalf of a co-worker so won't be able to provide instant feedback to any questions/suggestions but I will pass it on. The url is: http://www.flirtalike.com / https://www.flirtalike.com Screenshots:

  Read the article

• Changing LDAP schema casts Confluence AD integration unoperable

  - by Maxim V. Pavlov

  I have had our instance of Atlassian Confluence configured to be integrated with our Active Directory. In AD, all the users were being created under default Users folder in Active Directory Users and Computers. We have decided to introduce cleaner separation and have created an Organizational Units structure in AD. Under root we have created Managed OU, and under it - Users OU and all user accounts were moved under Users OU. Now I though that to let the Confluence AD integration engine "know" where to look for user accounts now, I only need to adjust the BaseDN and prepand it with ou=Managed so it is aware that it is looking for cn=Users but under ou=Managed. That didn't work. How should I adjust LDAP schema root in a client application for it to be able to look for users in OU that then in a default folder.

  Read the article

• How to generate a CSR for Verisign for use with FileZilla (in Windows)

  - by BlackTigerX

  I need to get a certificate from VeriSign to use in FileZilla (FTPS, FTP over SSL), to get the certificate, Verisign asks for a CSR file, FileZilla doesn't seem to have a way to generate those CSR files; how would I go about generating this file that VeriSign needs so they can issue a certificate that I can use in FileZilla?

  Read the article

• How to prevent slow printer performance when AD is not available

  - by AKoran

  When I take a domain based computer (Windows XP) and plug it into a network that doesn't have access to the AD, the first time I select a local printer (printing directly to printer) on the current network it takes a good 20-30 seconds before I can select the printer. Doing a little investigating using wireshark I can see the computer is trying to hit AD for some reason and it just keeps timing out. I also tried the same experiment with just a plain workgroup computer and it was able to bring the printer up immediately. Does anyone know how to prevent the machine from trying to contact AD?

  Read the article

• Wildcard SSL common name - can it be called anything?

  - by Johnny Lamho

  I was just wondering if a wildcard SSL certificate necessarily needs to have a common name that contains the domain name of the sites that need the SSL certificate applied to. E.g for the following: domain name: testdomain.com subsites: www.testdomain.com mobile.testdomain.com mytestenvironment.testdomain.com Do i necessarily need my wildcard certificate to have a common name of *.testdomain.com?

  Read the article

• what NAS cellera services to be monitered?

  - by wildchild

  We have a monitoring tool called SCOM which mainly monitors different OS related services .However, we being part of storage team would also like some of our services to be monitored. We have HP NAS , and I am wondering what all services I can ask the other team to monitor for us and alert us if something goes wrong. The same goes with celerra and centera what important services can be monitored .I did search but to no avail.I ‘m not finding any of the useful services..Any help in this regard is greatly appreaciated thanks!

  Read the article

• I am not able to open gmail and some other sites.

  - by pam

  Last day my system got hanged so I restarted and recovered windows to the the date of 1 day before. Now I am not able to open gmail, orkut and some other sites. When I try to open these sites I receive this message: This Connection is Untrusted www.google.com uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for 78-159-121-94.local (Error code: sec_error_untrusted_issuer)

  Read the article

• After binding Mac to AD, first login successfully creates mobile account and logs in, after that next login locks AD account

  - by user132844

  Mac os x 10.7 and 10.8 AD Server 2008 R2 Binding using AD Plugin or dsconfigad -add mydomain -username myuser -ou "OU=Computers,OU=Sites,OU=Mysite,DC=mycompany,DC=com" Works fine. First login happens fine. Creates mobile account, no issues noticed. After I logout, the next login attempt fails, and after only shaking one time, their AD account is locked out. opendirectory.log makes a vague mention of account being expired but honestly I don't see much in the logs that pops out as useful. Any help?

  Read the article

• Safari 7 SSL error if using IP-adress

  - by K. Biermann

  I have created my own CA for internal usage and set the root certificate to trustworthy on my machines. With this CA I signed the SSL-certificates for my internal servers. I only address them with their IP and so I used the servers' IP as certificate name. If i connect to the Servers with Chrome or mobile Safari it works without problems, but if I use Safari 7 under Mavericks (on the same machine with the same keychain) i get the following error: "The certificate is not valid (host name mismatch)". I double checked that I entered the correct IP ("https://192.168.2.130"), but I always get the same error. Do I need to enter a different name for the certificate or is it just that Safari doesn't support SSL certificates for IPs? Here is a screenshot of the error message (I can only post images with at least 10 rep): Safari's error message Thanks in advantage and please excuse my bad English :D

  Read the article

• AD Local Admins without password sharing

  - by Cocoabean

  My team is building out an Active Directory environment in a small grad school with support for general computer labs, and staff/faculty machine and account management. We have a team of student consultants that are hired to do general help desk work. As of now we have a local admin account on every machine. It has the same password and all of us know it. I know it's not best practice and I want to avoid this with the new setup. We want to have local admin accounts in case there are network issues that prevent AD authentication, but we do not want this account to be generic with a shared password. Is there a way we can get each machine to cache the necessary information to authenticate a group of local admins so that if AD is somehow inaccessible, student consultants can still login with their AD admin accounts?

  Read the article

• What is the 'cacert.pem' and for what to use that?

  - by user65567

  I am developing a web application on localhost with domains and sub-domains and I would like to use a HTTPS connection. On my Mac OS, in order to enable SSL, I need to set Apache correctly, so I followed some guide to accomplish part of that. Now it is time to choose a certificate in order to test HTTPS requests. I seen the cacert.pem, but I don't know how to use that and for what it is used (can you explain to me some about its usage?)... So, is it possible to use the cacert.pem (see the link) for all my domains and subdomains (maybe, as a wildcard certificate) on localhost? If so, how to do that? What certificate I have to take and use? If no, what I need to do in order to use a wildcard certificate for all my domains and subdomains on localhost? Of course those certificates must be accepted by browsers and working for HTTPS connection between my domains.

  Read the article

• If a cell contains a Symbol, then paste a Description into another cell

  - by Lola

  I'm working on rolling-up a series of charts. I'd like an easy way to summarize by category. The original looks like the sample below but by week for the entire year. I want to know all of the AD 1's, etc. I will need in CA (for each state) by Publication. so the end result would be CA AD 1 PUBLICATION 1 CA AD 2 PUBLICATION 1 CA AD 3 PUBLICATION 1 PUBLICATION 2 PUBLICATION 3 A B C D E 1 PUBLICATION1 CA TX NM AZ 2 AD 1 · 3 AD 2 · · · · 4 AD 3 · · · 5 PUBLICATION2 CA TX NM AZ 6 AD 1 7 AD 2 · · · 8 AD 3 · · · 9 PUBLICATION3 CA TX NM AZ 10 AD 1 11 AD 2 · · · 12 AD 3 · · · Thanks so much!

  Read the article

• IIS 6.0 https not working "connection was reset"

  - by cad

  Application Server Windows Server 2003 SP2 with IIS 6.0 IIS has a "Default Web Site" (port 18000, ssl 443, ID=1) with a certificate created by me. I have an specific site called "scj.galaxy.Weekly" (port 80, ssl 443, ID=1272369728) that is working fine. I have an entry in windows/system32/drivers/etc/hosts that links galaxy.Weekly.scjdev.ds to the server ip in both my local machine and in the application Server. These sites works: http://scj.galaxy.weekly/test.html works http://scj.galaxy.weekly/test.aspx works But https://scj.galaxy.weekly/test.html fails Error message is: The connection was reset The connection to the server was reset while the page was loading. The certificate was working fine for months. It was created with something similar to this: Selfssl /N:CN=*.scjdev.ds /V:3650 /S:1 /P:443 I have tried several options and none of them are working: 1) Create a certificate only in "Default Web Site" and link it to SecureBindings with command prompt cscript adsutil.vbs set /w3svc/1272369728/SecureBindings ":443:galaxy.Weekly.scjdev.ds" 2) Create a certificate only in "Galaxy Site" and link it to SecureBindings 3) Create a certificate in both and link them to secureBindings. Probably I am missing an step or something, but I can't see it. Here is the relevant config of Galaxy Site: <IIsWebServer Location ="/LM/W3SVC/1272369729" AuthFlags="0" LogPluginClsid="{FF160663-DE82-11CF-BC0A-00AA006111E0}" SSLCertHash="c36a514a0be90fbc121d9c19bb052842289d5aee" SSLStoreName="MY" SecureBindings=":443:galaxy.Weekly.scjdev.ds" ServerAutoStart="TRUE" ServerBindings=":80:galaxy.Weekly.scjdev.ds" ServerComment="galaxy.Weekly.scjdev.ds" > </IIsWebServer> <IIsWebVirtualDir Location ="/LM/W3SVC/1272369729/root" AccessFlags="AccessRead | AccessScript" AppFriendlyName="Default Application" AppIsolated="2" AppRoot="/LM/W3SVC/1272369729/Root" AuthFlags="AuthAnonymous | AuthNTLM" DefaultDoc="Default.aspx" DirBrowseFlags="EnableDirBrowsing | DirBrowseShowDate | DirBrowseShowTime | DirBrowseShowSize | DirBrowseShowExtension | DirBrowseShowLongDate" Path="D:\Webs\Galaxysite" ScriptMaps="some config... " > </IIsWebVirtualDir>

  Read the article

• SSL encryption standards by browser

  - by hfidgen

  Hiya, Does anyone have a table of the default levels of encryption which the various browsers out there support? For instance I know that IE5 and lower struggle even to cope with 40 bit encryption but the latest browsers easily do 256 and beyond. The reason I ask is that I'm looking to get a wildcard certificate for my domain and the price difference is huge between a server gated certificate (where it enforces a minimum of 128bit) and a non-gated certificate (where the browser sets the encryption level). Obviously I like the idea of paying £300 less for the non-gated certificate, but only if I can be sure that the majority of my users (FF3 / Opera / Chrome / IE7+) are going to get good encryption.

  Read the article

• Storing SCA Metadata in the Oracle Metadata Services Repository by Nicolás Fonnegra Martinez and Markus Lohn

  - by JuergenKress

  The advantages of using the Oracle Metadata Services Repository as a central storage for the metadata. SCA has been available since the release of the Oracle SOA Suite 11g. This technology combines and orchestrates several SOA components inside an SCA composite, making design, development, deployment, and maintenance easier. SCA development is metadata-driven, meaning that metadata artifacts, such as Web Services Description Language (WSDL), XML Schema Definition (XSD), XML, others, define the composite's behavior. With the increased number of composites and the dependencies among them, it became necessary to manage all the metadata in an adequate way. This article will address the advantages of using the Oracle Metadata Services (MDS) repository as a central storage for the metadata. The MDS repository is a central part of the Oracle Fusion Middleware landscape, managing the metadata for several technologies, such as Oracle Application Development Framework (Oracle ADF), Oracle WebCenter, and the Oracle SOA Suite. This article is divided into three parts. The first part provides an overview of SCA and MDS. The second part describes some MDS tasks that help in the management of the SCA metadata files inside the repository. The third part shows how to develop SCA composites in combination with an MDS repository. Read the full article here. SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit  www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Technorati Tags: SCA Metadata. Metadata Services Repository,Nicolás Fonnegra Martinez,Markus Lohn,SOA Community,Oracle SOA,Oracle BPM,BPM,Community,OPN,Jürgen Kress

  Read the article

• Anonymous Access and Sharepoint Web Services

  - by Stacy Vicknair

  A month or so ago I was working on a feature for a project that required a level of anonymity on the Sharepoint site in order to function. At the same time I was also working on another feature that required access to the Sharepoint search.asmx web service. I found out, the hard way, that the Sharepoint Web Services do not operate in an expected way while the IIS site is under anonymous access. Even though these web services expect requests with certain permissions (in theory) they never attempt to request those credentials when the web service is contacted. As a result the services return a 401 Unauthorized response. The fix for my situation was to restrict anonymous access to the area that needed it (in this case the control in question had support for being used in an ASP.NET app that I could throw in a virtual directory). After that I removed anonymous access from IIS for the site itself and the QueryService requests were working once more. Here’s a related article with a bit more depth about a similar experience: http://chrisdomino.com/Blog/Post/401-Reasons-Why-SharePoint-Web-Services-Don-t-Work-Anonymously?Length=4 Technorati Tags: Sharepoint,QueryService,WSS,IIS,Anonymous Access

  Read the article

• SQLAuthority News – Download Whitepaper – SQL Server 2008 R2 Analysis Services Operations Guide

  - by pinaldave

  SQL Server Analysis Service (SSAS) has been always interesting subject for research. Analysis Services cubes are a very powerful tool in the hands of the business intelligence (BI) developer. They provide an easy way to expose even large data models directly to business users. Microsoft has published very informative white paper on Analysis Services Operations Guide. This white paper is authored by Thomas Kejser, John Sirmon, and Denny Lee. In this guide you will find information on how to test and run Microsoft SQL Server Analysis Services in SQL Server 2005, SQL Server 2008, and SQL Server 2008 R2 in a production environment. The focus of this guide is how you can test, monitor, diagnose, and remove production issues on even the largest scaled cubes. This paper also provides guidance on how to configure the server for best possible performance. It is the goal of this guide to make your operations processes as painless as possible, and to have you run with the best possible performance without any additional development effort to your deployed cubes. In this guide, you will learn how to get the best out of your existing data model by making changes transparent to the data model and by making configuration changes that improve the user experience of the cube. Download SQL Server 2008 R2 Analysis Services Operations Guide Note: Abstract taken white paper. Reference: Pinal Dave (http://blog.SQLAuthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Download, SQL Query, SQL Server, SQL Tips and Tricks, SQL White Papers, SQLAuthority News, T SQL, Technology

  Read the article

< Previous Page | 41 42 43 44 45 46 47 48 49 50 51 52  | Next Page >