Certificate Issue - Renewing Cert for ADFS - Cryptography CNG

 Scenario: 

I am renewing a Service Coms Cert for ADFS and i got the below error message.


Also if you are trying to bind the Cert on IIS Manager, you cannot see the cert in Server Cert. But if you check on mmc > Local machine > Personal you can see that Cert and it is present in their.



Another issue is when you try to Set the server on Wap Server error apprears.


Solution:

1. Export the Certficate to pfx and save and put password in it. You can do this on a server where in you generate the cert.

2. Then Delete the cert on the machine

3. If you have the OLD Cert that you are trying replace run the below command and check the provider. See below screenshot. You need that because you need to put that on the 2nd command on the CSP.



4. Run the below commands 

        certutil -csp "Microsoft Enhanced Cryptographic Provider v1.0" -importpfx my NewPFXfileyouCreated.pfx


Then Boom the new Cert are all good now. you can export the new Cert and install on WAP as well.


PS i did not try on my Prod if by exporting the PFX and install directly without running the above commands will run. i will try it later....




Comments

Post a Comment

Popular posts from this blog

Email Source

Image
Scenario: There is this Email (a script email or a task schedule email) and you don't know where it is coming from or who is generating it. So you need to find out where it is coming from. What Server. Steps: 1. Open that email and go to File > Properties and look for Internet headers.  2. Then copy all that Internet Headers information and Paste it on this site           Email Header Analyzer, RFC822 Parser - MxToolbox 3. Click on Analyze Header. 4. Then the 1st HOP is the Server that has that script generating it.
Read more

Unable to RDP - Can't Connect to Remote Computer

Image
 Issue:   -Unable to RDP even port 3389 are open on both end to end Servers. You can Console the Server using domain/local account with no issue. But when you RDP you get this message. and on the Server itself since you can console it when you rdp inside it you get this error message. Action Done to Solve the issue: Enable > ‘Require use of specific security layer for remote (RDP) connections’  Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > SecurityOn the right-hand side, locate the ‘Require use of specific security layer for remote (RDP) connections’ and double-click it to edit it.If it is set to ‘Not configured’, select Enabled and then in front of Security Layer, choose RDP.Click Apply and then hit OK. then restart service Note: My Server is a 2016 and possible Cause of it was because of update/patch. Ref:  https://docs.microsoft.com/en-us/answers/questions/300054/r...
Read more

Domain Controller Authentication

Image
ISSUE: You want to authenticate a machine or Server to a different Domain Controller on a different SiteName. Meaning you don't want a particular machine/Server to authenticate to its default Domain Controller that has been Set up on Sites and Services. One possible purpose of this is version of DC and the patching of DC. SOLUTION: You need to run this command first to see what is its DC and DC Site. nltest /dsgetdc:<DomainName> and since you don't want the DC to authenticate to that DC Server, what you need to do is to run this command: nltest /SC_RESET:<DomainName\DCComputerName> But take note that this is Temporary once you logoff or login it will comeback to its Original DC. So to permanently authenticate to a desired Sitename you need to follow the below  HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Netlogon Parameters Create a String value called “SiteName“, and set the sitename of the DC where it is located. Then login and logoff. Then re run this - ...
Read more