Domain Controller promotion and certificate autoenrollment
Try certutil -pulse
- this should check for templates the system has permission in, and enroll them. It should have no problem grabbing the certificate, as long as there's nothing crazy going on in the permissions settings on the template.
You'll definitely want to have your DCs have a Domain Controller-style certificate (Domain Controller
is the old one; Domain Controller Authentication
then Kerberos Authentication
supersede it; if your CA is running enterprise edition, then consider switching to the newer Kerberos template) - while a lot of the functions that it satisfies will be handled by a Computer certificate, some of the DC-specific stuff like smart card authentication, the LDAP/SSL listener (I believe?), and with the newer Kerberos certificate, strong KDC validation, need the special certificate.
Related videos on Youtube
Mariska
Updated on September 18, 2022Comments
-
Mariska almost 2 years
I have the following code in Excel VBA:
Sub CreateEmailAndSend() Dim outApp As Object Dim OutMail As Object Set outApp = CreateObject("Outlook.Application") Set oMail = outApp.CreateItem(0) Dim Doc As Object oMail.Display Set Doc = outApp.ActiveInspector.WordEditor oMail.To = "" oMail.Subject = "test" ' first sentence Dim msg As String msg = "Plain Sentence" Doc.Range(0, 0) = msg ' second sentence comes after msg = "Bold and Highlight Yellow Sentence" Doc.Range(Len(Doc.Range), Len(Doc.Range)) = msg Doc.Range.Font.Bold = True Doc.Range.HighlightColorIndex = wdYellow ' paste image below it Dim imagerng As Range Set imagerng = Range(Cells(1, 1), Cells(5, 5)) imagerng.CopyPicture Appearance:=xlScreen, Format:=xlBitmap Doc.Range(Len(Doc.Range), Len(Doc.Range)).Paste End Sub
Basically what I would like to do is to create and display an email that looks like this:
Plain Sentence
Bold and Highlight Yellow Sentence (this sentence is bold and highlighted)
(bitmap image)
{my signature}However, the output I got from my code is
Plain Sentence (bold)
(bitmap image) and the second sentence all over {my signature}How should I fix my code?
-
Massimo almost 13 yearsYes, tried removing the certificate, too. Now the server doesn't have any certificate. And yet, it's still not requesting a new one.
-
Massimo almost 13 yearsTried, and also tried to update policies and reboot server. Everytime it doesn't work and I get some errors logged (after enabling autoenrollment logging); see the edit for details.
-
Massimo almost 13 yearsWell, looks like it's actually trying to request it, but fails.
-
mbrownnyc almost 13 yearsRefer to eventid.net for more info on event log entries and this: technet.microsoft.com/en-us/library/dd299884(WS.10).aspx
-
ravi yarlagadda almost 13 yearsOh, well then none of your DCs are getting a new one - they'll all expire out eventually! Someone's set the
Kerberos Authentication
orDomain Controller Authentication
template to supersede theDomain Controller
template, so no more of the old type will be issued, but there's no CA in the domain configured to issue the newer types. -
ravi yarlagadda almost 13 yearsAs far as I'm aware, superseded template configuration is not done by default - but, I don't have a domain handy with no R2 DCs that I can add one in to verify, unfortunately.
-
Massimo almost 13 yearsI migrated the CA to Windows Server 2008 R2, and now everything is working. Anyway, "certutil -pulse" was definitely the right answer, so I'm acceptinng it :-)
-
Mariska about 9 yearsSeems like the yellow highlight doesn't work on my end. Any ideas why?
-
Stef Joynson about 9 yearsIt wasn't on mine either, I had hoped it was something to do with my environment. However, I now have it working by changing wdYellow for the explicit value which is 7.