?
Solved

Windows Server 2012 R2 Certificate Authority

Posted on 2016-11-04
6
Medium Priority
?
370 Views
Last Modified: 2016-11-05
I have numerous devices on my internal network that operate with self signed certificates.  Those devices include firewalls, switches, laser printers just to name a few.  We run a vulnerability scanner and it's complaining that the certs aren't issues from a trusted authority.  I found that I can't buy certs from an outside party since I would be applying to devices on a private address range.  I installed Certificate Services on my Server 2012 R2 domain controller and am having issues generating certificates.  I'm trying to apply a certificate to one of the admin interfaces on one of my hp laserjet printers.  What kind of cert should I try to request for this?  I assumed it would be a web server cert but I keep getting error messages like this below.

Request Mode:
newreq - New Request
Disposition:
(never set)
Disposition message:
(none)
Result:
No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332 ERROR_NONE_MAPPED)
COM Error Info:
CCertRequest::Submit: No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332 ERROR_NONE_MAPPED)
LastStatus:
No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332 ERROR_NONE_MAPPED)
Suggested Cause:
No suggestions.
0
Comment
Question by:bsjj2727
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 42

Expert Comment

by:Adam Brown
ID: 41874833
Can you give a little more information? Have you installed the certificate on the printer, or just initiated a request? Where do you see this message? A web server certificate would be used on the HTTPS admin interface for a printer, so you are using the correct type of certificate. However, the meaning of the message your getting needs some context.
0
 

Author Comment

by:bsjj2727
ID: 41874847
I navigated to servername/certsrv and selected request a certificate, selected create and submit a request to this CA, select web server as the template and select create new key set, fill in the necessary information such as name, company, ou, etc.  Request format is CMC and hash algorthim is MD5.  I then receive the following error

Error  


Your request failed. An error occurred while the server was processing your request.

Contact your administrator for further assistance.

 

Request Mode:
newreq - New Request
Disposition:
(never set)
Disposition message:
(none)
Result:
No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332 ERROR_NONE_MAPPED)
COM Error Info:
CCertRequest::Submit: No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332 ERROR_NONE_MAPPED)
LastStatus:
No mapping between account names and security IDs was done. 0x80070534 (WIN32: 1332 ERROR_NONE_MAPPED)
Suggested Cause:
No suggestions.
0
 
LVL 42

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 41875020
Okay. Go into IIS and make sure the virtual directories are configured to use NTLM authentication. You get that error if you try to perform certificate operations as an anonymous user.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 56

Expert Comment

by:McKnife
ID: 41875314
Please explain, why would you care about that scanner's recommendation even? The devices like a laser printer's web server config page don't need external certificates. Who uses them? You, the admin, no one external... so definitely, the vulnerability scanner has driven you into something unneeded.
0
 

Author Comment

by:bsjj2727
ID: 41875373
Adam, thanks for the help NTLM was the fix. McKnife I couldn't agree more with you, I really don't need to satisfy these vulnerabilities but I need to present a report of our vulnerabilities to our board of directors and it would be easier to remediate the vulnerabilities then try to explain certificates.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41875391
I see :)
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question