sticky
AD CS or PKI content comments or questions

    Allgemeine Diskussion

  • You can ask technical questions about AD CS, PKI, or provide feedback about a document on this Security Forum. Please, remember to search the forum for your answer or issue before creating a new post.

    If you are providing feedback about a specific document, please, begin your forum post with Content Feedback: followed by the issue or question. In your post, also place a hyperlink to the document with your question or comment. Doing so allows the multiple experts who monitor the forum the most efficient method for responding to your feedback or questions.

    Also, if you have a public key infrastructure (PKI) or Active Directory Certificate Services (AD CS) question, please, check for the answer on the TechNet Wiki FAQ list http://aka.ms/adcsfaq

    Thank you!


    Donnerstag, 20. Juni 2013 20:09
    Moderator

Alle Antworten

  • Hi,

    I plan to deploy smart card logon on windows server 2008 R2 using a USB token. I have a domain and an stand alone CA. Is there any step by step guide which explains the process from the scratch?

    Thanks

    Samstag, 21. September 2013 09:23
  • Hi,

    I plan to deploy smart card logon on windows server 2008 R2 using a USB token. I have a domain and an stand alone CA. Is there any step by step guide which explains the process from the scratch?

    Thanks

    Please create a new thread for any questions you may have.

    Thanks.

    Samstag, 21. September 2013 13:42
  • Hi Kurt, not sure if this is something I missed in the procedures? I currently have a setup deployed with a CEP/CES server using Username and Password Auth for external Non domain joined Workstations. All good can enrol and renew manually with no problem trough that service.  (Win7 Devices)

    Now I'm building another CEP/CES server specifically to achieve a auto enrolment to (Win8 devices non domain joined).

    My questions to you are the following:

    Do I need any Computer object in the domain for Auto renewal to work? I saw this in the http://social.technet.microsoft.com/wiki/contents/articles/7734.certificate-enrollment-web-services-in-active-directory-certificate-services.aspx  I think that you published under the? "Ensure that a computer account exists in the forest of which the CA is a member that has the same computer name as the computer to which the certificate is to be issued"

    Can I collocate all the above on a single box? CEP instance one and 2 CES instance 1 and 2

    Thanks for the great articles by the way.

    JP

    Kurt, never mind I got it all sorted now and the lab works perfectly

    Thanks

    • Bearbeitet miura3 Mittwoch, 19. Februar 2014 02:08 Update
    Donnerstag, 13. Februar 2014 01:38
  • FYI, Kurt passed away last year and I'm not sure how widely that was communicated outside of Microsoft.

    Kurt was a prolific writer and one that I worked with a great deal while I was at Microsoft. His reach and breadth was hands above any other writer I ever worked with at Microsoft. In fact, he was so effective that there are many blogs and articles that only his account has access to. As a result, Microsoft is still struggling to not only find a replacement writer but also to figure out how to access his TechNet account. When I was there, the number of us that could post to the PKI blog was shrinking as Kurt's account was the only one that could add new contributors.

    Dienstag, 15. April 2014 18:51
  • Hi All I would like to ask if I can install  CA enterprise from windows 2012 member server however we have old CA installed from DC 2003. Thank you

    Mittwoch, 1. Oktober 2014 03:46