Solved

Windows Server 2012 R2 Certificate Authority

Posted on 2016-11-04
6
33 Views
Last Modified: 2016-11-05
I have numerous devices on my internal network that operate with self signed certificates.  Those devices include firewalls, switches, laser printers just to name a few.  We run a vulnerability scanner and it's complaining that the certs aren't issues from a trusted authority.  I found that I can't buy certs from an outside party since I would be applying to devices on a private address range.  I installed Certificate Services on my Server 2012 R2 domain controller and am having issues generating certificates.  I'm trying to apply a certificate to one of the admin interfaces on one of my hp laserjet printers.  What kind of cert should I try to request for this?  I assumed it would be a web server cert but I keep getting error messages like this below.

Request Mode:
newreq - New Request
Disposition:
(never set)
Disposition message:
(none)
Result:
No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332 ERROR_NONE_MAPPED)
COM Error Info:
CCertRequest::Submit: No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332 ERROR_NONE_MAPPED)
LastStatus:
No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332 ERROR_NONE_MAPPED)
Suggested Cause:
No suggestions.
0
Comment
Question by:bsjj2727
  • 2
  • 2
  • 2
6 Comments
 
LVL 38

Expert Comment

by:Adam Brown
Comment Utility
Can you give a little more information? Have you installed the certificate on the printer, or just initiated a request? Where do you see this message? A web server certificate would be used on the HTTPS admin interface for a printer, so you are using the correct type of certificate. However, the meaning of the message your getting needs some context.
0
 

Author Comment

by:bsjj2727
Comment Utility
I navigated to servername/certsrv and selected request a certificate, selected create and submit a request to this CA, select web server as the template and select create new key set, fill in the necessary information such as name, company, ou, etc.  Request format is CMC and hash algorthim is MD5.  I then receive the following error

Error  


Your request failed. An error occurred while the server was processing your request.

Contact your administrator for further assistance.

 

Request Mode:
newreq - New Request
Disposition:
(never set)
Disposition message:
(none)
Result:
No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332 ERROR_NONE_MAPPED)
COM Error Info:
CCertRequest::Submit: No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332 ERROR_NONE_MAPPED)
LastStatus:
No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332 ERROR_NONE_MAPPED)
Suggested Cause:
No suggestions.
0
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
Comment Utility
Okay. Go into IIS and make sure the virtual directories are configured to use NTLM authentication. You get that error if you try to perform certificate operations as an anonymous user.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Please explain, why would you care about that scanner's recommendation even? The devices like a laser printer's web server config page don't need external certificates. Who uses them? You, the admin, no one external... so definitely, the vulnerability scanner has driven you into something unneeded.
0
 

Author Comment

by:bsjj2727
Comment Utility
Adam, thanks for the help NTLM was the fix. McKnife I couldn't agree more with you, I really don't need to satisfy these vulnerabilities but I need to present a report of our vulnerabilities to our board of directors and it would be easier to remediate the vulnerabilities then try to explain certificates.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
I see :)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now