Find Archived Keys for a certificate, extract them and Decrypt them

Hello folks,  This is the outline of the process I use for Key Recovery in Active Directory Certificate Services. Variables are underlined to identify them. You should replace those variables with the corresponding values.  Step #1 (optional): For a given certificate requester name, find all the certificates that have been archived and output their serial…

0

Active Directory Certificate Services takes a long time to start/stop

Here’s a small yet annoying case I worked on recently. I had two issuing CAs that seem to be healthy but took a heck of a long time for the the Active Directory Certificate Services service certsvc to start or stop. The answer turned out to be in auditing. When we configured the CAs for auditing, we configured…

0

You run the BitLocker Disk Prep tool and you get the error "The bitlocker Drive Preparation Tool could not find a target system drive. You may need to manually prepare your drive for BitLocker."

The BitLocker Hard Drive Preperation Tool BDEHDCFG.EXE is used to repartition disks to make them BitLocker friendly. I have tried this tool to partition a group of Windows 7 laptops for MBAM and for a little while it didn’t seem to work, it gave me the error “The bitlocker Drive Preparation Tool could not find a…

3

Installing ADRMS in an AD resource forest

The resource forest approach aims to centralize enterprise applications in a dedicated AD forest, providing full segregation from user forests and providing improved security. One of the enterprise applications that can be deployed in a resource forest is ADRMS. As you might expect this is not a straight forward deployment since users (from the user forest)…

1

Comparing Encryption Key Fault Tolerance Options

Users might lose access to their EFS private keys through cases, like corrupted user profiles, hard disk failure, OS reinstall etc. Now here are some important facts about EFS Keys before we start the comparison 1-      A time valid certificate and private keys needs to be available for encryption/decryption of data 2-      The client will…

0

SYSPREP Tips and Supported Server Roles

If you are trying to reproduce unique virtual machines, always check the generalize checkbox (or use SYSPREP /generalize) to make sure the machine gets a new SID, NIC GUIDs and other identifiers, if you don’t, your AD DS will have the impression that you have two of the same machine (since it identifies machines by SIDs) and…

0

The Ongoing Debate: Should internet-facing TMG/ISA be a domain member or a workgroup member?

I have recently delivered a presentation on whether to join a TMG/ISA server to the domain or make it a Workgroup member. I have shared it on SkyDrive, Download it here   Important I would like to append to this presentation, whatever you do, do not log on with high-privilege accounts (ex: domain admin) to…

5

Unstable connectivity behaviour on Hyper-V guests

Environment: Windows Server 2008 R2 with Hyper-V Role Symptopms:  VMs on a certain Hyper-V host were having bizzare connectivity patterns, when I tried to ping other machines, I would get three types of ICMP reponses for the same ICMP request. below is a snapshot   The network configuration is shown below, with the stable and…

2

Migrating ISA 2006 to TMG 2010

Before we start we have to keep one important thing in mind. ISA used to operate on 32 bit processors only. TMG operates on 64 bit processors only. So, Upgrade is not possible. What is possible though is migration. Migration involves exporting ISA’s configuration file, and importing into a TMG array/server. Below are the steps…

9

Simple TMG Perfromance Tweaks using DNS

Boosting TMG Performance through simple DNS tweaks TMG uses Its own Built-in Name resolution Cache, Then it fails back to DNS, then it fails back to Netbios Name Resolution. Accordingly below are some DNS related methods that can be used to optimize TMG Performance TMG Perfroms Forward and backward name resolution for Firewall Rules, so…

4