201 questions
201 questions with Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI) tags
2 answers
Check secureboot CA 2023 certificates are installed on Windows 11
Open powershell application, type following commads one by one ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI kek).bytes) -match ‘Microsoft Corporation KEK 2K CA 2023’) ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes)…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-11T16:43:41.01+00:00
VARADHARAJAN K
9,591
Reputation points
Volunteer Moderator
answered 2026-03-12T19:19:09.1033333+00:00
VARADHARAJAN K
9,591
Reputation points
Volunteer Moderator
8 answers
One of the answers was accepted by the question author.
Problem with this website's security certificate.
Dear; We are receiving the following message. This is a website that is hosted on an IIS server!!!. The Bindings; And indeed, we see the certificate!!!. Now, if we obtain a new certificate, where should we place the new certificate? Only in…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-07T22:48:23.8133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 21%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELP%3C/text%3E%3C/svg%3E)
Lucas Peñaloza
421
Reputation points
commented 2026-03-12T01:39:02.2466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 36%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETL%3C/text%3E%3C/svg%3E)
Tracy Le
3,555
Reputation points
Independent Advisor
2 answers
One of the answers was accepted by the question author.
This certificate has expired or is not yet valid!!!!.
Dear, We have a certificate that shows: In Personal/Certificates; The certificates appear as if they are not expired. How to proceed in these cases?
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-10T17:04:48.0333333+00:00
Lucas Peñaloza
421
Reputation points
accepted 2026-03-11T14:36:45.53+00:00
Lucas Peñaloza
421
Reputation points
3 answers
Sign Code with a YubiHSM over the Network
I have a YubiHSM that is all set up an a different client. Firewall rules are all set. The YubiHSM ksp on my computer, a authorized code signing certificate from our SubCA (for testing purpose). The certificate is installed on my computer and i can…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 77%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
3 answers
How to Capture Audit Events for Certificate Template Changes in AD CS
Hello Team, We want to generate audit logs whenever a certificate template is created, modified, deleted, or published in our AD CS environment. Auditing is already enabled on the CA server. Could you please confirm the recommended configuration to…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-10T10:25:05.14+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 64%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Anant Bera
271
Reputation points
answered 2026-03-11T09:47:54.4233333+00:00
Tracy Le
3,555
Reputation points
Independent Advisor
2 answers
Request for Windows Server licence
Hi On 2022 a vendor sealed windows servers license to our site. I was requesting the soft to them but they recommend to reach Microsoft team
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-09T14:50:27.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 68%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELM%3C/text%3E%3C/svg%3E)
Lucas Marquez
0
Reputation points
answered 2026-03-09T17:33:40.7433333+00:00
Tracy Le
3,555
Reputation points
Independent Advisor
3 answers
One of the answers was accepted by the question author.
license document
We lost the license document and the CD. What should we do? We only have the backup key windows server 2022 ROK 16core invoice Removed PII@bangkok thailand
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-12-01T07:23:05.4433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 37%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
Chiraphan Thapthap
20
Reputation points
edited the question 2026-03-05T13:20:49.4833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 61%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Ana M
0
Reputation points
Moderator
2 answers
Strong Name Mapping, Event ID 39 (Denied Login), Despite Previously Working Explicit Mapping
After recently updating one of our DCs with the 2026-02 Windows Server 2019 (KB5075904) Cumulative Update, that DC started to get Event ID 39 Kerberos errors in the logs, and users were denied login. We use a government smart card system, so we have a…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
1 answer
One of the answers was accepted by the question author.
Mitigation of RSA 1024-bit Certificate on Domain Controllers
Hi, We have four Domain Controllers, and during the recent penetration test we identified the vulnerability “SSL Certificate Chain Contains RSA Keys Less Than 2048 bits” on TCP ports 636 (LDAPS) and 3269 (Global Catalog over SSL) across all DCs. Upon…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-02-19T06:39:21.31+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 89%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYB%3C/text%3E%3C/svg%3E)
Yogesh Bhatia
21
Reputation points
commented 2026-02-25T07:17:45.3366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 16%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
VPHAN
25,000
Reputation points
Independent Advisor
3 answers
Active Directory Client Certificate Authentication is missing from Features View
My company is trying to setup PKI auth for our users. We already have a CA and PKI certs for the users. We are trying to setup PKI auth on our websites running on IIS on Server 2022. We follow these instructions:…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-02-03T20:58:06.36+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 95%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECW%3C/text%3E%3C/svg%3E)
Carey Wharton
0
Reputation points
commented 2026-02-10T06:00:51.89+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 33%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDV%3C/text%3E%3C/svg%3E)
Domic Vo
17,825
Reputation points
Independent Advisor
2 answers
One of the answers was accepted by the question author.
third-party certification authority
Hi All, I am trying to generate an INF file for an LDAP (LDAPS) certificate and I am following the below Microsoft article: https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/enable-ldap-over-ssl-3rd-certification-authority I…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-01-24T12:04:23.6+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 72%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERF%3C/text%3E%3C/svg%3E)
Rising Flight
6,456
Reputation points
accepted 2026-02-09T11:33:13.9866667+00:00
Rising Flight
6,456
Reputation points
1 answer
NDES Server - works with "localhost", but fails to authenticate with FQDN
It's the first time I'm setting up a CA in combination with NDES. I am trying to set up SCEP in JAMF. I've checked the security settings on the template and made sure the template I want to use is in the MSCEP registry entry on the NDES server. I've set…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-05-13T07:59:18.3+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 69%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWV%3C/text%3E%3C/svg%3E)
Ward Verduyn
0
Reputation points
answered 2026-02-04T19:55:10.4066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 91%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENO%3C/text%3E%3C/svg%3E)
Nathan Obenhoffer
0
Reputation points
1 answer
Downgrade windows server 2025 to 2022
I need assistance activating Windows Server 2022 using downgrade rights from a legitimate Windows Server 2025 OEM license.
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-01-29T06:50:28.14+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 41%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
Liam Lin 林坤隆
0
Reputation points
commented 2026-01-30T09:19:42.7133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 81%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
Chen Tran
8,220
Reputation points
Independent Advisor
1 answer
Strong Mapping Error for One User
Our users use DoD CACs to log into their computers. We have deployed the fixes for strong mapping and haven't had issues since. However, we now have one user who is getting the Event Viewer error 39. I have confirmed that the DoD certificate…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 82%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
3 answers
One of the answers was accepted by the question author.
Certificate Template Issued from CA Server Not Showing on Client During Certificate Request
Hello, I am trying to set up ADFS from a client server that has joined the domain with an ADDS server. The ADDS server also has a CA installed. The problem is that I already created a certificate template, added "Domain Computers" in the…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-12-04T08:23:06.2266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 1%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Arya Abdul Azis
20
Reputation points
commented 2026-01-19T15:33:12.74+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 55.00000000000001%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJF%3C/text%3E%3C/svg%3E)
Jason Friesz
0
Reputation points
1 answer
Enterprise CA generates multiple CRL's
Hi! I have PKI infrastructure: Offline standalone root CA. Non Domain, windows server 2022 Online subordinate issuing enterprise CA. Domain, windows server 2022 And I see something weird: there are multiple CRLs in…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-09-16T10:24:50.1+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Евгений Котляревский
61
Reputation points
commented 2026-01-16T05:35:24.3766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 0%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Brain Storm
0
Reputation points
3 answers
One of the answers was accepted by the question author.
PKI - Certificate Templates: DACL assessment
Hi everyone, I've created a script to assess the grant on SubCA templates in the Security tab. The resulting script returns a .csv file and an .html file. Can you tell me if it's working properly for you and if it's structured and written properly? I…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-10-17T09:20:49.8066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 11%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E4%3C/text%3E%3C/svg%3E)
49885604
235
Reputation points
answered 2026-01-16T05:12:18.51+00:00
Brain Storm
0
Reputation points
1 answer
Two Identical "Computer" Templates; cannot identify which one is legacy
I'm attempting to delete a legacy "Computer" template that only has a 1024 public key. Inside certsrv.msc >> Certificate Templates this is what I see When I right-click >> Properties I get this page which is the exact same on…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-01-06T15:26:46.9633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 63%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Val3y
20
Reputation points
commented 2026-01-16T04:12:45.59+00:00
Brain Storm
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Windows Server 2025 Enterprise CA not populating User Certificate Subject DN from Active Directory
Hello. I've met a problem on my non-prod environment and cannot understand if the issue is real or I am undereducated. I've spent lot of time troubleshhoting it with Claude and still no solution. Is there a bug or my huge…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 68%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
2 answers
Windows Computers Intune joined, have intermittent disconnect to AD/ print services.
We have several windows computers joined to Intune; while communicating to a on prem DC on Server 2025. Several months before I joined, the windows computers started having issues connecting to the print servers. They will get the "unable to…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-12-15T03:09:44.5133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 37%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJA%3C/text%3E%3C/svg%3E)
Jon (Admin)
0
Reputation points
answered 2025-12-15T03:53:32.9366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 61%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Harry Phan
15,915
Reputation points
Independent Advisor