Change default key size on non Domain joined CA.

Similar Messages

• DNS working intermittently for non-domain joined machines

  I have a small single Server 2012 based network, with about 90% windows clients.  DNS is running on the Windows Server 2008 machine, but DHCP is provided via a unix based firewall machine.  Within the DNS configuration I have all of my windows
  clients (mostly Windows 8.x clients, but there are a few Windows 7 ones as well) and a few *nix ones as well.  All of the Windows clients are domain joined, except for one machine which is currently running Windows 10 preview, though it was a Windows
  7 machine originally.  In the DNS configuration I have a number of statically entered A records, used to give my *nix machines a name on the local network.
  When trying to access systems by name (via ping or by other services), there is a very consistent behavior - my domain joined machines are able to resolve all names 100% of the time without any issues.  However, the non-domain joined machines, both
  Windows and not, are consistently inconsistent.  To be more precise, when I try to resolve a name it will randomly work and randomly not.  IP setup and configuration looks correct, meaning they have  valid IP, DNS is set to my Windows Server,
  default gateway, etc. are all correct.  Pinging external machines (ie google.com, etc.) works 100% of the time, but trying to ping any internal machine is a total crap shoot.  The only exception to this is the Windows Server 2012 machine itself,
  which always works.
  From past experience I know that the moment I join a machine to the domain all of the DNS issues goes away, which is fine for the Windows boxes but not so much for the rest.  I also have visitors occasionally come by, who I cannot expect to join my
  domain just to make things work normally.
  This network originally started life out as Windows Server 2003 domain, but was upgraded to 2012 about two months ago.  I have been seeing this problem for years, but have always assumed it to be a Server 2003 issue and figured it would go away when
  I upgraded.  Nope...
  Any ideas as to the cause of this and what I can do about it?
  Thanks,
  peter

  Its really weird - I can ping an address and not have it work, then do a NSLookup of the same address against my DNS server and it resolves just fine.  Take a look at this screen copy below:
  C:\Users\Peter>ping apollo.bakonet.local
  Ping request could not find host apollo.bakonet.local. Please check the name and try again.
  C:\Users\Peter>nslookup apollo.bakonet.local 192.168.124.9
  Server:  orac.bakonet.local
  Address:  192.168.124.9
  Name:    apollo.bakonet.local
  Address:  192.168.124.27
  C:\Users\Peter>ping apollo.bakonet.local
  Ping request could not find host apollo.bakonet.local. Please check the name and try again.
  C:\Users\Peter>ipconfig /all |more
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : Win10
     Primary Dns Suffix  . . . . . . . :
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : bakonet.local
  Ethernet adapter Ethernet:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
     Physical Address. . . . . . . . . : 00-21-CC-65-1B-8F
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Wireless LAN adapter Local Area Connection* 3:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
     Physical Address. . . . . . . . . : A0-88-B4-A2-41-81
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Wireless LAN adapter Wi-Fi:
     Connection-specific DNS Suffix  . : bakonet.local
     Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205
     Physical Address. . . . . . . . . : A0-88-B4-A2-41-80
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::fc47:8a91:6b25:bd0e%2(Preferred)
     IPv4 Address. . . . . . . . . . . : 192.168.124.64(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Lease Obtained. . . . . . . . . . : Monday, January 5, 2015 7:34:47 PM
     Lease Expires . . . . . . . . . . : Tuesday, February 3, 2015 7:15:20 PM
     Default Gateway . . . . . . . . . : 192.168.124.1
     DHCP Server . . . . . . . . . . . : 192.168.124.1
     DHCPv6 IAID . . . . . . . . . . . : 60852404
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-C6-18-82-00-21-CC-65-1B-8F
     DNS Servers . . . . . . . . . . . : 192.168.124.9
                                         24.229.54.212
                                         216.144.187.199
     Primary WINS Server . . . . . . . : 192.168.124.9
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter Bluetooth Network Connection:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
     Physical Address. . . . . . . . . : EC-55-F9-F5-14-76
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Does this actually make sense?  Obviously the DNS server is online, it works and when a lookup is requested directly it works, and the DNS server is listed as first in the IP configuration.  So why would it not work?!

• Non-Domain joined clients connect to server initially but cannot connect via Launchpad

  Running SBS 2011 Essentials in a small office. Running XP/Vista/7 clients. All working fine until we swapped routers. Old router died, new router was installed. 
  Now all domain-joined PC's connect as normal, but all NON-Domain-Joined PC's cannot access the server via the launchpad. I get the "The server appears to be offline. Do you want to sign in to offline mode?" box. 
  Tried removing PC from the SBS Dashboard, uninstalling the connector from the client, restarting client, and reinstalling the connector. I can install the connector (using
  http://<server ip>/connect , but not http://<servername>/connect
  ). Connector installs but it still tells me the server is offline when trying to use dashboard or launchpad on the client.
  Note: I can add a network location or Map a network drive to ther server after inputting my network password from Windows.
  Any Services to check? Firewalls exceptions to ensure? Advice?
  EDIT: Dashboard on Server shows Client, sometimes as online, sometimes as offline. 

  Sounds like name resolution issue to me.
  Are all your clients set to use the IP of the Essentials Server for their primary DNS?
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• Non domain-joined Clients (CES/CEP)

  Hello Everyone!
  This is my first post to the security forum and it is not an overly familiar tech for me so please be gentle. :)
  I am looking at building a lab to test a web based application for a client.  The client has very stringent security requirements and as such have mandated the need for both the web server to be secured using SSL certs and requires the connecting
  users to have a certificate.  The infrastructure will be hosted in a central DC in it's own AD forest whilst the users connecting in will have their own AD as they work for different companies.  Each user will have an AD account within the hosted
  environment.  My initial thought was to provide public certs for the web servers but my problem was providing certificates to the clients.  Clearly using public certs would be very expensive.  After a bit of research I stumbled across the following:
  http://blogs.technet.com/b/askds/archive/2010/05/25/enabling-cep-and-ces-for-enrolling-non-domain-joined-computers-for-certificates.aspx
  What I am trying to understand is, will the combination of Certificate services & CES/CEP effectively do away with the need for public certs in this instance?  Can I simply use the internal authority to publish certificates to the web server and
  to the end users?

  Yes - I think this is one of the scenarios CES/CEP have been developed for.
  End users would have to trust your internal CA and validate the chain, so intermediate CAs should be found via AIA URLs. But since you need user - not computer - certificates this is simpler than described in the article as users do not need to be local
  admins to import a root. (But on principle the admin of a user's home AD could restrict this though I have never encountered that.)
  You would need to publish the CES/CEP services via a reverse proxy and external users would have to configure the enrollment HTTP URLs and enter their AD credentials in the hosted AD when connecting.
  As users have imported your CA certificate they will also trust the web server's certificate issued from the same CA.
  Elke

• Problems connecting a non-domain joined outlook to exchange

  Hello,
  i'm having issues configuring outlook (be it 2007, 2010 or 2013 all fail the same) on non-domain joined computers in the LAN to a exchange 2013 server.
  I select manual config, in server we put "mail.domain.local" and user "domain\user" and it bounces with "cannot complete action, the connection to exchange is not available, outlook must be online".
  We tried with external full email address, nothing
  tried setting the outlook anywhere proxy, same, tried using ip address, same
  it simply refuses to configure.
  any ideaS?

  Hi,
  Generally, the external non-domain joined computers can connect to Exchange 2013 by using Outlook Anywhere and the Autodiscover service to auto-setup the Exchange account.
  If the auto-setup for Exchange account fails, please check the Autodiscover service and Outlook Anywhere configuration by the following command:
  Get-OutlookAnywhere | FL
  Directly access the following URL in IE respectively, and check whether an Error 600 returns:
  Https://autodiscover.domain.com/autodiscover/autodiscover.xml
  Https://mail.domain.com/autodiscover/autodiscover.xml
  Please make sure the the ExternalHostName parameter for Outlook Anywhere is configured to your external namespace for Exchange 2013 (for example: mail.domain.com).
  In Exchange certificate, please make sure the namespace mail.domain.com is included in your trusted certificate which is assigned with IIS service.
  For manual Exchange account setup, please run the following command to get the mailbox GUID for server name configuration:
  Get-Mailbox UserA | FL Identity,ExchangeGuid
  Then go to Control Pane > Mail to configure the Outlook profile. In Server Settings, import the [email protected] into the Server box and click Check Name to have a try.
  Regards,
  Winnie Liang
  TechNet Community Support

• Problem changing default key bindings using Oracle Terminal

  Hello,
  I'm facing a problem changing default key bindings using Oracle Terminal. I changed
  some bindings, saved them in forms60/fmrusw.res, started the generation and saved again.
  I thought that's it but it wasn't. It took no effect at all in Forms (even after recompilation) although reopening the file in Terminal showed the changes. I'm using Forms in German, which means that even the key bindings displayed in Forms are translated i.e. STRG+F1 instead if CTRL+F1,
  but I can't find a german version of this resource file, so i think it's the same resource file for all supported languages. But what is needed for the changes to take effect ?
  Thanks in advance
  STD
  null

  Hi,
  is it client/server you are working?
  if so you should not be using the fmrusw.res file because I guess your NLS_LANG is German_Germany.WE8ISO8859P1 or something like that. This means the terminal that is being opened is fmrdw.res instead of fmrusw.res and this file should be edited using Oracle Terminal.
  if you are working via the web implementation than you can open the file fmrweb.res in a text editor and change the keybindings in there. If you need to have the PC like key bindings on the web just open the fmrpcweb.res and see if it contains the German texts. If so you can either copy this file over the frmweb.res file or you can specify term=fmrpcweb.res in the serverargs parameter.
  Hope this helps.
  Kind regards,
  Frank van der Borden
  Oracle Support Services
  Netherlands

• Create a certificate for non domain-joined PCs

  We have a standard AD domain wit a CA and SharePoint/Exchange servers, hosted internally and externally with TMG 2010 as our firewall. For the external hosting, we have an external certificate from one of the main certificate providers. Internally, our domain-joined
  PCs look to the CA to get their trusted certificate from.
  This is the issue I am encountering:
  Our external users (the ones whose PC is not joined to our domain) are fine when they access our SharePoint and Exchange services externally.
  However, when they are connected via VPN, they receive a certificate error and when I look in Certificate > Certification path, I can see that it says:
  "DOMAIN NAME" Issuing CA1 > "NAME OF SHAREPOINT WEBSITE".
  When such a PC connects to the same website when NOT connected via VPN to the domain, they receive:
  "DOMAIN NAME" Root CA > "DOMAIN NAME" Issuing CA1 > "NAME OF SHAREPOINT WEBSITE".
  How can I create a certificate for these non-domain joined PCs so that I can import the certificate in the Trusted Root Certification Authorities store? Thank you!

  It sounds like the question you are really asking is :
  How do I designate the internal root CA as a trusted root CA
  Run certutil -addstore root RootCert.crt (this must be run from an administrative command prompt)
  This designates the root CA as a trusted root on the client. You also may want to install the intermediate cert to the store (you are not clear on what VPN product you are using, so it may or may not do proper chain building).
  Run Certutil -addstore CA IssuingCA.crt 
  Brian

• Windows 2012 R2 ADRMS domain controller version and Non-domain-joined Mac Client with outlook 2011

  Hi,
  What is the AD version for Windows 2012R2 ADRMS?  Is it possible to have Windows 2003 R2 DC with Windows 2012R2 ADRMS?
  Any installation guide Non-domain-joined Mac Client with outlook 2011?
  What is the SQL version for Windows 2012R2 ADRMS?
  Please advise.  Thanks.
  Kelvin Teang

  Hi Kelvin -
  There is no RMS Client for Macs.  That functionality is actually provided through the Office for Mac application (this is different compared to the PC).  Domain-joined clients will autodiscover the RMS server and should be able to create and consume
  protected content.  Non-domain-joined clients cannot automatically discover their RMS server.  In this scenario, prepare a protected document or email from a domain-joined machine and send it to your non-domain-joined users.  They will open
  the document or email up and the URLs contained in the publishing license of the document will direct them to the correct RMS server. 
  I hope that helps!
  Micah LaNasa
  Synergy Advisors
  synergyadvisors.biz

• Licensing for non domain joined machines

  Good Day
  would additional licensing be required to manage non domain joined machines or would this be covered by the current EA. can someone explain how licensing for the management of non domain machines would work?
  thanks
  daniel

  Hi,
  There is no difference if you don't want to license them differently and if that is possibly in you agreement, so you should contact you MS License reseller.
  You could buy a System Center Configuration Manager CAL if you want to manage it, that will only cover ConfigMgr and not Endpoint protection for instance. So you should really contact your reseller and see what is the most optimal solution for you company/organisation.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Install AADSync on a Workgroup server (non-domain joined)

  Does anyone has experiences with installing AADSync on a non-domain joined server (workgroup). A company with multiple forests wants to have a "neutral" server for the identity synchronisation. It looks like the tool is installing fine, but can
  there be some configuration issues?

  This is supported.  See here:
  "Your computer can be stand-alone, a member server or a domain controller. "
  ref: http://msdn.microsoft.com/en-us/library/azure/dn757602.aspx
  Mike Crowley | MVP
  My Blog --
  Planet Technologies

• Change default composition size in After Effects cs6

  I am editing several different videos tommorow for a friend, each of them need to be 640x250. They are simple edits, so I'd really hate to have to change the export settings on every clip when I render and export. Is there any way to make a default export size of 640x250 at 60fps?
  Macro Photography Equipment

  No, no, no.... that isn't what Rick meant.  60 fps is a non-standard frame rate.  Almost always -- think about 99% of the time -- the frame rate you really want to use is 59.94 fps.  No kidding.
  Now, if you're just farting around with AE, use any frame rate you want.  If you actually want to use your AE work for something in a different application, you need to keep such things in mind.  Frame rate is one item on a list of items you must technically meet  known as delivery specifications.
  And speaking of delivery specifications, 640x250 is a very weird resolution.  Perhaps you can elaborate on what will happen with your AE work when you're done with it.

• How  to change default window size?

  I'm using MX 6.0 on Mac... For some reason I can't figure out
  how to change the default window size in the work windows. Every
  time I open a new file to work on it opens to a smaller size than
  the actual page is. When opening pages dozens of times a day, it
  gets annoying to have to resize each time. I'm sure it wasn't
  always like this, but I can't figure out how to change it so the
  default size that it opens to each time is larger.
  Thanks for any help,
  DD

  Window | Workspace | Save Current
  This gives you the opportunity to save a current layout look
  that you like
  You might also look under
  Edit |Preferences | Status bar - but I don't see that this
  does anything
  in DWCS3

• Change default document size in PDF

  The default document page setting in my PDF is set as 36"x24". I am not able to print the same in A4 even after making it ti fit to A4. ANy solution to change the default document size to A4

  CreatePDF, perhaps?  Try the forum at http://forums.adobe.com/community/createpdf

• How do you change default page size in pdf?

  I purchased CREATE solely to create a pdf file from a scanned document. I created the PDF but the default page size is 30.15 x 20.83 INCHES. I cannot seem to change the page size. I called support services 4 times (talking with Sakthivel, Shashank, Medhet, and one other.) Each time they indicated that they would connect me to the correct people and they disconnected. I want some answers please. This seems to be a simple question. Is Adobe CREATE merely a scam?

  CreatePDF, perhaps?  Try the forum at http://forums.adobe.com/community/createpdf

• How do you change default note size

  This must be an old question but search found me nothing. I just want to find a default to change the note size for all slides to something besides the very large one I'm now stuck with. Thanks!

  Thanks, Sam. Yes, I could easily change the individual slides, too, but there seems to be a rather large hole in the program, if you're promoting this for kiosk use or even just being able to send to possible interested parties without being present and therefore you want to narrate it. AARGH! Is there NO one at Apple who even occasionally looks at it's own forums! And it's not in the Knowledge database either.