Domain Controller promotion and certificate autoenrollment

active-directory domain-controller certificate certificate-authority ad-certificate-services
227

Try certutil -pulse - this should check for templates the system has permission in, and enroll them. It should have no problem grabbing the certificate, as long as there's nothing crazy going on in the permissions settings on the template.

You'll definitely want to have your DCs have a Domain Controller-style certificate (Domain Controller is the old one; Domain Controller Authentication then Kerberos Authentication supersede it; if your CA is running enterprise edition, then consider switching to the newer Kerberos template) - while a lot of the functions that it satisfies will be handled by a Computer certificate, some of the DC-specific stuff like smart card authentication, the LDAP/SSL listener (I believe?), and with the newer Kerberos certificate, strong KDC validation, need the special certificate.

Share:
227

Related videos on Youtube

Mariska
Author by

Mariska

Updated on September 18, 2022

Comments

  • Mariska
    Mariska almost 2 years

    I have the following code in Excel VBA:

    Sub CreateEmailAndSend()

    Dim outApp As Object
    Dim OutMail As Object
    Set outApp = CreateObject("Outlook.Application")
    Set oMail = outApp.CreateItem(0)
    Dim Doc As Object

    oMail.Display
    Set Doc = outApp.ActiveInspector.WordEditor

    oMail.To = ""
    oMail.Subject = "test"

    ' first sentence
    Dim msg As String
    msg = "Plain Sentence"

    Doc.Range(0, 0) = msg

    ' second sentence comes after
    msg = "Bold and Highlight Yellow Sentence"
    Doc.Range(Len(Doc.Range), Len(Doc.Range)) = msg
    Doc.Range.Font.Bold = True
    Doc.Range.HighlightColorIndex = wdYellow

    ' paste image below it
    Dim imagerng As Range
    Set imagerng = Range(Cells(1, 1), Cells(5, 5))
    imagerng.CopyPicture Appearance:=xlScreen, Format:=xlBitmap

    Doc.Range(Len(Doc.Range), Len(Doc.Range)).Paste

End Sub

    Basically what I would like to do is to create and display an email that looks like this:

    Plain Sentence
    Bold and Highlight Yellow Sentence (this sentence is bold and highlighted)
    (bitmap image)
    {my signature}

    However, the output I got from my code is

    Plain Sentence (bold)
    (bitmap image) and the second sentence all over {my signature}

    How should I fix my code?

  • Massimo
    Massimo almost 13 years
    Yes, tried removing the certificate, too. Now the server doesn't have any certificate. And yet, it's still not requesting a new one.
  • Massimo
    Massimo almost 13 years
    Tried, and also tried to update policies and reboot server. Everytime it doesn't work and I get some errors logged (after enabling autoenrollment logging); see the edit for details.
  • Massimo
    Massimo almost 13 years
    Well, looks like it's actually trying to request it, but fails.
  • mbrownnyc
    mbrownnyc almost 13 years
    Refer to eventid.net for more info on event log entries and this: technet.microsoft.com/en-us/library/dd299884(WS.10).aspx
  • ravi yarlagadda
    ravi yarlagadda almost 13 years
    Oh, well then none of your DCs are getting a new one - they'll all expire out eventually! Someone's set the Kerberos Authentication or Domain Controller Authentication template to supersede the Domain Controller template, so no more of the old type will be issued, but there's no CA in the domain configured to issue the newer types.
  • ravi yarlagadda
    ravi yarlagadda almost 13 years
    As far as I'm aware, superseded template configuration is not done by default - but, I don't have a domain handy with no R2 DCs that I can add one in to verify, unfortunately.
  • Massimo
    Massimo almost 13 years
    I migrated the CA to Windows Server 2008 R2, and now everything is working. Anyway, "certutil -pulse" was definitely the right answer, so I'm acceptinng it :-)
  • Mariska
    Mariska about 9 years
    Seems like the yellow highlight doesn't work on my end. Any ideas why?
  • Stef Joynson
    Stef Joynson about 9 years
    It wasn't on mine either, I had hoped it was something to do with my environment. However, I now have it working by changing wdYellow for the explicit value which is 7.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Error enrolling "Kerberos Authentication" certificate in a sparse network
What does a domain controller (DC) use a certificate for?
How can I get SBS2011 to issue certificates?
Cross Forest Certificate Authority
Cannot issue Computer cert to standalone computer from my ECA
AD CS: Certificate Template not available
Microsoft CA certificate templates expires sooner than expected
Automatically create Subject Alternate Name (SAN) Certificates
Adding new root/enterprise CA without disturbing existing one?
CA and Primary Domain Controller on the same server