Credential Providers simplified pt1

GINA is dead…. the main reason is the fact that having more than one GINA on a system was difficult.  Yes, chaining multiple GINA DLL’s was a possibility but it really required at least one of the GINA providers to be aware of the other and trying to chain 3 different GINAs was still cumbersome….


The 4 basic principles of PKI Troubleshooting

First of all; PKI is easy once you understand the basic principles.  Don’t give up 🙂 When troubleshooting PKI, the key point to understand what operation each of the parties involved does in order to determine where the point of failure is. Most PKI cases I’ve handled over the years boil down to one of four things: Lack…


The problem with problems…

Let’s say you’re looking at a glaring Red event in your event log that has an ominous ring to it or some monitoring program that screams loudly because some parameter it has defined isn´t being met by tests it is doing. That’s bad, right? The answer is of course, it depends on the context….everything is relative…


ISA/TMG team in Sweden is hiring

Interested and qualified parties should check out


CAPI2 Event ID 11 errors on machines that don’t have access to the Internet

See also for further details. Before you start chasing this event – check that you actually have a problem related to it.  In essence this event just means that a caller on the server failed to verify a CRL. By itself it doesn’t mean that the revocation checking failure caused a problem.Whether it does cause a…


Remote EFS decryption and Trusted for Delegation requirements

One of our customers reported the following: We have been evaluating EFS on Windows 7 as part of our upgrade from Windows XP project and have discovered that if you share a folder and encrypt a file within it locally, the same user is able to decrypt it remotely without the workstation being trusted for…


How FIM2010 CM & CLM 2007 search for users

User with FIM2010/CLM/ILM management permissions logs on to the CM website, accesses one of the search pages and clicks Search The CLM Auth Agent service account makes an LDAP query to a DC and retrieves the names of all users matching the search criteria The FIM code steps through the list that it has obtained…


Can’t find script engine "VBScript" for script after installing MS10-020

Summer is here and support volumes trickle down to a minimum as people jump into their SUV’s and drive off into the wild blue yonder.Having said that I encountered the following interesting issue:   We installed the fix from KB 981332 on a Windows 2008 R2 server and after that we’re not able to run any VBS script.   When…


Everything you wanted to know about Extended Validation but were afraid to ask

Well, maybe not quite… but hopefully it helps explain the concept better. SSL is not the trusted stamp of approval that it was maybe 10-15 years ago, business requirements and competition between CA vendors has moved it away from being a cumbersome, manual and lengthy process to the point where you can point and click your…


The importance of being up to date

One of the best tips my mentor gave me when I started at Microsoft 7 years ago was the following: My young Padawan!  Thou must seek the latest binary for the component you’re troubleshooting and check if the problem still occurs with that binary installed. Obediently ignoring the fact that I was at least 10…