Solved

EXCHANGE

Posted on 2016-11-23
6
32 Views
Last Modified: 2016-11-23
how can I know validity of the ssl cert installed in my IIS  if it is template version 2 or higher AND AUTO ENROLLMENT IS ENABLED OR NOT.
0
Comment
Question by:pramod1
  • 3
  • 3
6 Comments
 
LVL 16

Expert Comment

by:Ivan
ID: 41899613
Hi,

what do you mean by that? If you open certificate it will show you vaild from and valid to.
Template version are of no matter when it comes to validity.

Regards,
Ivan.
0
 

Author Comment

by:pramod1
ID: 41899627
my cert on my exchange is expiring , wanted to extend for another year and cert. template is web server when issuing from my internal CA, I was told below by Microsoft following to check

"You can change the validity of the cert if it is template version 2 or higher. However, when you extend the validity you still need to request a new Cert if auto enrollment is not enabled if auto enrollment is enabled it would automatically push out a new cert when the previous cert for the original validity period expires. "
0
 

Author Comment

by:pramod1
ID: 41899636
how will I check if cert is on auto enrollment and of template version 2
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 16

Expert Comment

by:Ivan
ID: 41899656
Hi,

Open Root CA and go to certificate templates. There you will see what version you have.
Gray templates are version 1, colored are version 2.

Take a look at picture attached.

Regards,
Ivan.
figure_01.bmp
0
 

Author Comment

by:pramod1
ID: 41899660
thanks

what about auto-enrollment?
0
 
LVL 16

Accepted Solution

by:
Ivan earned 500 total points
ID: 41899692
You should check if that is enabled via GPO, and if autoenroll is enabled on certificate template as well.

So first check security properties on template, to see if autoenroll is enabled: https://technet.microsoft.com/en-us/library/Cc753452.aspx

Then look at  following link to see if GPO is configured to autoenroll certificate to copmuters: https://technet.microsoft.com/en-us/library/cc731522(v=ws.11).aspx 

I have attached a picture as well.

Regards,
Ivan.
1427227306628.bmp
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now