Hi great video, Can you do a tutorial video on how to enable Certificate + pin login for on premises Active Directory domain joined computers and users, thanks.
Great video and walkthrough, thank you. I would question the key usage on the Lab-user certificate template and say this should not be included as the key pair will be used as part of authentication of a client/user not a server?
No problem, thank you for watching and providing your feedback. If I recall correctly I duplicated the Computer template and used for the Lab-User template and didn't modify the key usage as part of the video.
Its not something that I have explored in great detail but check out the following link, its might guide you in the right direction: docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff955842%28v%3dws.10%29 Thanks for watching.
Hi Kelvin, I was wondering is it necessary to import RootCA or SubCA certificates in domain machines trusted certificate authority store using GPO? I am having issues when I try to even manually request the computer certificate.
The CA that signs the machine or user cert will have the full chain. ISE will need to have the full certificate chain to authenticate the user/machine. Hope that helps.
Hi, Thanks for the video. I am not able to troubleshoot a problem. My domain controllers and domain administrator are sending certificate request periodically to the Internal CA. How do I stop this?
Great Video Kelvin....I am working on enable Internal Certificate autorenewal at domain level on workstations and users. This short video summarize all areas that were unclear to me.
Hi Kelvin, I see you did the Certificate Services Client Auto Enrollment in the GPO. Did you try Certificate Services Client Enrollment Policy? I have an Enrollment server in the network and I'm trying to use it for this one. But the URL validation fails with 0x803d0005 access was denied by the remote end point. Do you have any idea on that?
Hi Praveen, I haven't tried that and the error is something I am not familiar with. However, I did find some information here that might help: social.technet.microsoft.com/Forums/lync/en-US/809459c7-e090-48d2-bdff-ab42b3ba8270/certificate-web-enrollment-policy-service-access-was-denied-by-the-remote-endpoint-0x803d0005?forum=winserversecurity Thanks for watching.
@@NetworkWizkid Thanks for taking to respond, Kelvin. Yeah, I've been on this URL, tried them and that did not help. Been Googling for a couple of days with not much help. So what I'm doing is using an IIS server site enabled for Windows authentication. Then I'm using this URL in the DC GPO as an Enrollment server and the URL validation fails with that error. It definitely sounds like a permissions issue but not being an MCP, I'm unable to understand how to fix the issue.
Excellent job many thanks for doing this!
My pleasure, thank you for watching!
Hey, Kelvin thank you for the great video!!! I'm actually doing Honeypot for my final year project, any advice?
Thank you for watching. Good luck with your final year project. I've not done anything with Honeypots so wouldn't be able to advise.
@@NetworkWizkid thank You!!!
brilliant, thanks for the clarity and slow pace
You're welcome! Thank you for watching.
Hi great video, Can you do a tutorial video on how to enable Certificate + pin login for on premises Active Directory domain joined computers and users, thanks.
Thank you for watching! I will take a look if I get some time.
Great video and walkthrough, thank you. I would question the key usage on the Lab-user certificate template and say this should not be included as the key pair will be used as part of authentication of a client/user not a server?
No problem, thank you for watching and providing your feedback. If I recall correctly I duplicated the Computer template and used for the Lab-User template and didn't modify the key usage as part of the video.
Excellent..!! This video has made things so easy to understand...!! Great work mate.
Thanks Emad and thanks for watching, I'm glad it has helped.
Why do you add Server Authentication to the user template?
Not required if the certificate template is for client authentication
Great Video, we appreciate your effort here! I will subscribe for sure.
Thank you for watching and subscribing, I appreciate it.
if both my Windows collector and windows forwarder are not in the same domain, how do i create the certification for them to communicate ?
Its not something that I have explored in great detail but check out the following link, its might guide you in the right direction: docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff955842%28v%3dws.10%29
Thanks for watching.
How can i thank you for this demonstration.
Glad you found it useful, thank you for watching
A great video and very informative.
Thank you and thanks for watching.
Hi Kelvin, I was wondering is it necessary to import RootCA or SubCA certificates in domain machines trusted certificate authority store using GPO? I am having issues when I try to even manually request the computer certificate.
The CA that signs the machine or user cert will have the full chain. ISE will need to have the full certificate chain to authenticate the user/machine. Hope that helps.
Great video Mate, I will test it!
Thanks for watching Martin.
Thank you.
No problem, thanks for watching.
Hi, Thanks for the video. I am not able to troubleshoot a problem. My domain controllers and domain administrator are sending certificate request periodically to the Internal CA. How do I stop this?
Hi Sabarish, I would suggest that you reach out to Microsoft on their forums to try and get it rectified.
Great Video Kelvin....I am working on enable Internal Certificate autorenewal at domain level on workstations and users. This short video summarize all areas that were unclear to me.
Hi Rajdeep,
Thank you, I am glad that you found the video useful. Thank you for watching and subscribing.
really helpful video, thanks for sharing~
Glad it was helpful! Thank you for watching.
Hi Kelvin,
I see you did the Certificate Services Client Auto Enrollment in the GPO.
Did you try Certificate Services Client Enrollment Policy?
I have an Enrollment server in the network and I'm trying to use it for this one. But the URL validation fails with 0x803d0005 access was denied by the remote end point. Do you have any idea on that?
Hi Praveen,
I haven't tried that and the error is something I am not familiar with. However, I did find some information here that might help: social.technet.microsoft.com/Forums/lync/en-US/809459c7-e090-48d2-bdff-ab42b3ba8270/certificate-web-enrollment-policy-service-access-was-denied-by-the-remote-endpoint-0x803d0005?forum=winserversecurity
Thanks for watching.
@@NetworkWizkid Thanks for taking to respond, Kelvin. Yeah, I've been on this URL, tried them and that did not help. Been Googling for a couple of days with not much help. So what I'm doing is using an IIS server site enabled for Windows authentication. Then I'm using this URL in the DC GPO as an Enrollment server and the URL validation fails with that error. It definitely sounds like a permissions issue but not being an MCP, I'm unable to understand how to fix the issue.
@@pkoppula Any update on this?