Top Security Solutions from Microsoft Support

Top Security Solutions from Microsoft Supporthttp://support.microsoft.com/ph/1163The latest support information about Security Solutions from Microsoft Product Support Services. Certificate Authority fails to start with Event ID 7023http://support.microsoft.com/kb/842210#phrssActive Directory Certificate ServicesBefore Certificate Services starts, it enumerates all the keys and certificates that have been issued to the certification authority (CA), even if the keys and the certificates have expired. Certificate Services will not start if any one of these certificates has been removed from the local computer Personal certificate store. Should I use a Standard orEnterprise CA?http://social.technet.microsoft.com/wiki/contents/articles/1137.aspx#phrssActive Directory Certificate ServicesLearn about the limitations and differences between running a CA on an Enteprise SKU vs a Standard SKU. "Access Denied" error when trying to complete a certificate requesthttp://support.microsoft.com/kb/278381#phrssActive Directory Certificate ServicesThe MachineKeys folder stores certificate pair keys for both the computer and users. Both Certificate services and Internet Explorer use this folder. The default permissions on the folder may be misleading when you attempt to determine the minimum permissions that are necessary for proper installation and the accessing of certificates. Certificate request template is not correctly configured for a specific application http://blogs.technet.com/b/askds/archive/2010/05/27/designing-and-implementing-a-pki-part-iii-certificate-templates.aspx#phrssActive Directory Certificate ServicesThis is a common support call. Part 3 of the Designing and Implementing a PKI series covers the correct procedure. Designing and Implementing a PKI, parts I - Vhttp://blogs.technet.com/b/askds/archive/2009/09/01/designing-and-implementing-a-pki-part-i-design-and-planning.aspx#phrssPublic Key Infrastructure (PKI)A 5-part series that covers planning, designing, and deploying a PKI. How to configure Security Auditinghttp://technet.microsoft.com/en-us/library/dd408940(WS.10).aspx#phrssAuthentication and AuthorizationThis step-by-step guide demonstrates the process of setting up an advanced Windows 7 and Windows Server 2008 R2 security auditing policy infrastructure. Expired Certficate Revocation List (CRL) causes certificate failure during SmartCard logonhttp://blogs.technet.com/b/instan/archive/2008/12/08/requiring-smart-cards-for-logon-avoiding-the-outage-caused-by-expired-crl-s.aspx#phrssAuthentication and AuthorizationYou receive a "Logon failure" message when you use a smart card on a Windows Server-based computer. How to use LDAP over SSL (LDAPS)http://social.technet.microsoft.com/wiki/contents/articles/2980.aspx#phrssPublic Key Infrastructure (PKI)By default, LDAP communications between client and server applications are not encrypted. If your organizational security policies specify that LDAP communications between client and server computers should be encrypted., this blog post provides the steps to enable LDAP over SSL. Certificate enrollment fails with error "No template could be found. There are no CAs from which you have permission to request a certificate, or an error occurred while accessing the Active Directory"http://technet.microsoft.com/en-us/library/cc731429(WS.10).aspx#BKMK_5#phrssPublic Key Infrastructure (PKI) "Recovery policy configured for this system contains invalid recovery certificate" or "ERROR_BAD_RECOVERY_POLICY" error when encrypting a filehttp://technet.microsoft.com/en-us/library/cc738530(WS.10).aspx#BKMK_2#phrssAuthentication and AuthorizationThe Encrypting File System (EFS) recovery policy that is implemented on this computer contains one or more EFS recovery agent certificates that have expired. This TechNet troubleshooting article describes the issue and solution. How To Configure Bitlocker backup in Active Directoryhttp://technet.microsoft.com/en-us/library/cc766015(WS.10).aspx#phrssBitlockerThis document describes how to configure Active Directory® to back up recovery information for Windows® BitLocker™ Drive Encryption (BitLocker) and the Trusted Platform Module (TPM). Best Practices for Certificate Authority (CA) and Public Key Infrastructure PKI implementationhttp://www.microsoft.com/downloads/en/details.aspx?familyid=6F319FFA-739E-4FE8-BAC3-92547BAEF7A9#phrssPublic Key Infrastructure (PKI)This document provides guidance for the planning and implementation of a Microsoft Windows Server 2008 and Windows Server 2008 R2 public key infrastructure (PKI) using Suite B compliant cryptographic algorithms. Events 1925, 1006, 1645, 1055, 40961 on a Windows Server 2008-based domain controller or error message: "No authority could be contacted for authentication" when you use Remote Desktop Connectionhttp://support.microsoft.com/kb/939820#phrssAuthentication and Authorization Unable to logon with Event ID 11, duplicate Service Principal Name registered for clienthttp://technet.microsoft.com/en-us/library/cc733945(WS.10).aspx#phrssAuthentication and Authorization How to Request a Certificate with a Custom Subject Alternative Namehttp://technet.microsoft.com/en-us/library/ff625722(WS.10).aspx#phrssAuthentication and AuthorizationThis guide describes security best practices for allowing custom SANs in certificates and provides procedures that can be used to request a certificate with a SAN. KDC Event ID 16 or 27 is logged if DES for Kerberos is disabledhttp://support.microsoft.com/kb/977321#phrssAuthentication and AuthorizationIn Windows 7 and in Windows Server 2008 R2, the Data Encryption Standard (DES) encryption types for Kerberos are disabled by default. This article will help you determine if you need DES encryption in your environment and, if so, how to enable it.