209 questions
209 questions with Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI) tags
2 answers
Can NPS authenticate non-Domain computers via EAP-TLS?
Hi Everyone! I tried to implement NPS to authenticate non-Domain joined computers by using computer certificate to access Cisco Wi-Fi, but failed. My environment: Windows 2019 DC Windows 2019 CA + NPS Cisco WL3504 + AP1832I Windows 10 + Windows 11…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 47%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAW%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 8%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
3 answers
NPS EAP-TLS machine authentication fails, but user certificate authentication works
Does anyone have any suggestions? Thank you! NPS deny reason code 16 using computer certificate(EAP-TLS) Windows 11 24H2 client Aruba AP/controller NPS on Windows Server PEAP works user cert works computer cert fails machine cert is in Local…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-04-03T22:28:01.99+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 67%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM9%3C/text%3E%3C/svg%3E)
mmuser-9331
0
Reputation points
answered 2026-04-07T08:19:41.0866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 62%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
HLBui
4,720
Reputation points
Independent Advisor
2 answers
ADCS cluster in-place upgrade from 2012r2 --> 2016 --> 2019 - Issue with the secondary node
Hi, Ref: Windows Failover Cluster running ADCS role Please advise, if anyone had attempted ADCS failover cluster "in-place upgrade from 2012r2 --> 2016 --> 2019" and had seen issue with the secondary node showing offline after the upgrade…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-04-01T08:46:52.8+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 85%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
BK
0
Reputation points
answered 2026-04-01T09:18:47.76+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 90%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQQ%3C/text%3E%3C/svg%3E)
Quinnie Quoc
10,080
Reputation points
Independent Advisor
2 answers
DisableCapiOverrideForRSA registry removal impact on windows 2022
Patch send on Oct 2025- KB5066835, does it got executed on windows 2022. Also is the new patch for removing registry value DisableCapiOverrideForRSA which is due in april 2026, will it be applied to windows 2022?
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-26T12:16:16.41+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 2%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
Mayuri Harkulkar Intertek
0
Reputation points
answered 2026-03-26T13:14:48.1233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 96%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETV%3C/text%3E%3C/svg%3E)
Tan Vu
1,705
Reputation points
Independent Advisor
2 answers
troubleshooting a Windows code-signing issue involving a Sectigo code-signing certificate and a YubiKey
We are troubleshooting a Windows code-signing issue involving a Sectigo code-signing certificate and a YubiKey. Historically, our team’s workflow involved exporting a .pfx from Windows Certificate Manager and importing it into the YubiKey, but that is no…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 97%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
2 answers
[ARTICLE] Check secureboot CA 2023 certificates are installed on Windows 11
Open powershell application, type following commads one by one ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI kek).bytes) -match ‘Microsoft Corporation KEK 2K CA 2023’) ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes)…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-11T16:43:41.01+00:00
VARADHARAJAN K
9,676
Reputation points
Volunteer Moderator
edited the question 2026-03-25T03:14:03.8633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 72%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIB%3C/text%3E%3C/svg%3E)
Ivy Bui (WICLOUD CORPORATION)
505
Reputation points Microsoft External Staff
Moderator
2 answers
ADCS Autoenrollment Not Renewing SAN Web Server Certificate
Creating a thread and asking for help cause I didn't find any information due to the specificity of this setup. Scenario Testing auto-renewal of a Web Server (for HTTPS scenarios) certificate with SANs in ADCS, using the AutoEnrollment…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-23T18:12:39.1466667+00:00
Lucas Campos
21
Reputation points
commented 2026-03-24T13:06:22.3066667+00:00
Lucas Campos
21
Reputation points
1 answer
One of the answers was accepted by the question author.
is there a way to swap domains on a certificate?
I have two domains: plaidmug.com comarket.app Because of a change in the course of our business, we need to have the wildcard domain on comarket.app, not plaidmug.com. Is there a way to swap the domains without having to pay for new…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-22T12:32:08.21+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 27%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Jeffrey McCandless
20
Reputation points
accepted 2026-03-23T13:16:51.1+00:00
Jeffrey McCandless
20
Reputation points
2 answers
Private key archival feature not working as expected
Hello, recently I have realized that my private keys are not archived at my issuing CA, even when the Recovery agent is configured, even that the clients are supposed to send the "blob" with the private key. But when i try to recover the…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-18T09:08:52.5833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 79%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
David Buřič
0
Reputation points
answered 2026-03-18T09:29:20.95+00:00
David Buřič
0
Reputation points
6 answers
One of the answers was accepted by the question author.
Sign Code with a YubiHSM over the Network
I have a YubiHSM that is all set up an a different client. Firewall rules are all set. The YubiHSM ksp on my computer, a authorized code signing certificate from our SubCA (for testing purpose). The certificate is installed on my computer and i can…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 77%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
3 answers
This site does not have a certificate!!!.
Dear All, I am trying to understand the following screenshot. We have the certificates installed!!! Look; What could be wrong? In the certificate; Subject Alternative Name DNS Name=catalogo.personal.corp DNS Name=befancatalogo.personal.corp DNS…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-13T04:01:06.57+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 21%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELP%3C/text%3E%3C/svg%3E)
Lucas Peñaloza
421
Reputation points
answered 2026-03-13T16:02:53.5+00:00
Lucas Peñaloza
421
Reputation points
8 answers
One of the answers was accepted by the question author.
Problem with this website's security certificate.
Dear; We are receiving the following message. This is a website that is hosted on an IIS server!!!. The Bindings; And indeed, we see the certificate!!!. Now, if we obtain a new certificate, where should we place the new certificate? Only in…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-07T22:48:23.8133333+00:00
Lucas Peñaloza
421
Reputation points
commented 2026-03-12T01:39:02.2466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 36%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETL%3C/text%3E%3C/svg%3E)
Tracy Le
5,445
Reputation points
Independent Advisor
2 answers
One of the answers was accepted by the question author.
This certificate has expired or is not yet valid!!!!.
Dear, We have a certificate that shows: In Personal/Certificates; The certificates appear as if they are not expired. How to proceed in these cases?
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-10T17:04:48.0333333+00:00
Lucas Peñaloza
421
Reputation points
accepted 2026-03-11T14:36:45.53+00:00
Lucas Peñaloza
421
Reputation points
3 answers
How to Capture Audit Events for Certificate Template Changes in AD CS
Hello Team, We want to generate audit logs whenever a certificate template is created, modified, deleted, or published in our AD CS environment. Auditing is already enabled on the CA server. Could you please confirm the recommended configuration to…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-10T10:25:05.14+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 64%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Anant Bera
271
Reputation points
answered 2026-03-11T09:47:54.4233333+00:00
Tracy Le
5,445
Reputation points
Independent Advisor
2 answers
Request for Windows Server licence
Hi On 2022 a vendor sealed windows servers license to our site. I was requesting the soft to them but they recommend to reach Microsoft team
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-03-09T14:50:27.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 68%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELM%3C/text%3E%3C/svg%3E)
Lucas Marquez
0
Reputation points
answered 2026-03-09T17:33:40.7433333+00:00
Tracy Le
5,445
Reputation points
Independent Advisor
3 answers
One of the answers was accepted by the question author.
license document
We lost the license document and the CD. What should we do? We only have the backup key windows server 2022 ROK 16core invoice Removed PII@bangkok thailand
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2025-12-01T07:23:05.4433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 37%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
Chiraphan Thapthap
20
Reputation points
edited the question 2026-03-05T13:20:49.4833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 61%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Ana M
0
Reputation points
Moderator
2 answers
Strong Name Mapping, Event ID 39 (Denied Login), Despite Previously Working Explicit Mapping
After recently updating one of our DCs with the 2026-02 Windows Server 2019 (KB5075904) Cumulative Update, that DC started to get Event ID 39 Kerberos errors in the logs, and users were denied login. We use a government smart card system, so we have a…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
1 answer
One of the answers was accepted by the question author.
Mitigation of RSA 1024-bit Certificate on Domain Controllers
Hi, We have four Domain Controllers, and during the recent penetration test we identified the vulnerability “SSL Certificate Chain Contains RSA Keys Less Than 2048 bits” on TCP ports 636 (LDAPS) and 3269 (Global Catalog over SSL) across all DCs. Upon…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-02-19T06:39:21.31+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 89%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYB%3C/text%3E%3C/svg%3E)
Yogesh Bhatia
21
Reputation points
commented 2026-02-25T07:17:45.3366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 16%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
VPHAN
28,590
Reputation points
Independent Advisor
3 answers
Active Directory Client Certificate Authentication is missing from Features View
My company is trying to setup PKI auth for our users. We already have a CA and PKI certs for the users. We are trying to setup PKI auth on our websites running on IIS on Server 2022. We follow these instructions:…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-02-03T20:58:06.36+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 95%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECW%3C/text%3E%3C/svg%3E)
Carey Wharton
0
Reputation points
commented 2026-02-10T06:00:51.89+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 33%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDV%3C/text%3E%3C/svg%3E)
Domic Vo
19,030
Reputation points
Independent Advisor
2 answers
One of the answers was accepted by the question author.
third-party certification authority
Hi All, I am trying to generate an INF file for an LDAP (LDAPS) certificate and I am following the below Microsoft article: https://dori-uw-1.kuma-moon.com/en-us/troubleshoot/windows-server/active-directory/enable-ldap-over-ssl-3rd-certification-authority I…
Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
asked 2026-01-24T12:04:23.6+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 72%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERF%3C/text%3E%3C/svg%3E)
Rising Flight
6,456
Reputation points
accepted 2026-02-09T11:33:13.9866667+00:00
Rising Flight
6,456
Reputation points