Configuring and troubleshooting identity and access solutions with windows server active directory

What Is Enterprise PKI ?

Enterprise PKI:
Indicates the validity and accessibility of authority information access (AIA) locations and certificate revocation list (CRL) distribution points
Reports various status levels such as:
• OK. The CA certificate or CRL at the referenced URL is valid.
• Expiring. The CA certificate or CRL at the referenced URL is close to the expiration date.
• Expired. The CA certificate or CRL at the referenced URL is expired.
• Unable to download. The CA certificate or CRL cannot be downloaded from the referenced URL.

Common AD CS Issues

Common AD CS troubleshooting issues are:
Client autoenrollment problems
Certificate validation errors
Web enrollment errors

Troubleshooting Client Autoenrollment

Problem Solution
Clients do not enroll for certificates automatically after autoenrollment is configured.
Wait for Group Policy to complete replication.
Alternatively, use the Gpupdate command to force replication to occur.
Ensure that the user is a member of a group that has enroll permissions on the certificate template being used.

Troubleshooting Certificate Validation Errors

Problem Solution
Validation errors occur when users access resources by using certificates.
Use Enterprise PKI to verify that the AIA and CDP locations and certificates are valid.

LIRE AUSSI :  Formalisme des réseaux de Pétri (RdP)

Installation Issues of AD LDS Instances

Problem:
The installation or removal of an AD LDS instance fails to complete successfully.
Solution:
If no screen message appears and setup fails to complete successfully, view the setup log at:
%windir%\Debug\adamsetup.log
If no screen message appears and Instance removal fails to complete successfully, view the uninstall log at:
%windir%\Debug\adamuninstall.log

Application Connection Issues of AD LDS

Problem:
A directory-enabled application cannot find the AD LDS instance.
Solution:
Refer to the correct communication port number when specifying an AD LDS instance. The communication port number is 389 or 636.
Problem:
A user is not able to connect to an AD LDS instance.
Solution:
Install certificates on the computer running the AD LDS instance and on all client computers, to enable SSL connections.

Initiating Issues of Instances

Problem:
An AD LDS instance will not start.
Solution:
Ensure that the service is running. If the service account that is specified for ADAM is a workstation or a domain user account, make sure that the account
possesses the Run as a service right.

Configuring and troubleshooting identity and access solutions with windows server active directory

Télécharger aussi :

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *