VSS KB Articles

Redirect from HTTP to HTTPS using the IIS URL Rewrite module
2/12/2018
This is the most common requirement on most of the Exchange servers hosted on IIS. The server admins configure an http to https redirect.


Sonicwall disconnects from network every 10-15 minutes on Verizon FIOS
2/11/2018
ISP temporarily disabling port due to receiving excessive ARP requests from SonicWall. Here are the settings to resolve it.


Encrypting Connections to MS SQL Server
2/8/2018
If you want to use encryption with a failover cluster, you must install the server certificate with the fully qualified DNS name of the failover clustered instance on all nodes in the failover cluster. For example, if you have a two-node cluster...


DFS management console throws a “the value does not fall within the expected range”
1/13/2018
Windows Server DFS management console throws a “the value does not fall within the expected range”


How to change network profiles on Window 2012R2 Server
1/12/2018
After a restart of one of our servers (a Windows Server 2012 R2), all private connections become public and vice versa. Things like pinging and iSCSI stopped working, and after some investigation it turned out this was the cause.


    

1/9/2018
How to Change/Extend the Expiration Date of Certificates

Symptoms

1. Need to change/extend the subordinate CA certificate validity

2. CA certificate and the template is valid for 5 years but certificates that are issued is showing only 2 years validity.

3. Certificates issued by the CA should be valid only for  3 months irrespective of the template validity or CA validity.

Cause

The validity of a certificate is dependant on below values:
        a. Remaining lifetime of Issuing CA certificate.
        b. Validity as specified in the certificate template.
        c. Registry entries on the CA as described in
http://support.microsoft.com/kb/254632/ Jump

Issued certificate will have the least of above values as the certificate validity.

Resolution

1. Need to change/extend the subordinate CA certificate validity

   On the Root/Parent CA check the below registry entries.

              HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>

              ValidityPeriod

              ValidityPeriodUnits

   ValidityPeriod can have "Days" "Weeks" "Months" "Years" as values

   ValidityPeriodUnits can be an integer as per requirement.

   Restart the certificate services on the Root/Parent CA.

   Renew the Subordinate CA certificate.

2. CA certificate and the template is valid for 5 years but certificates that are issued is showing only 2 years validity. Need to have certificates issued based on template validity.

  Check the registry key on the Issuing CA and update the values as required.

              HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>

  ValidityPeriod can have "Days" "Weeks" "Months" "Years" as values. Set it to "Years"

  Set the ValidityPeriodUnits equivalent to the CA certificate validity.

  Restart the certificate services on the Issuing CA.

  Issue/Renew the certificate.

3. Certificates issued by the CA should be valid only for a 3 months irrespective of the template validity or CA certificate validity. 

  On the Issuing CA, open registry.

              HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>

  Set the ValidityPeriod to "Months"

  Set the ValidityPeriodUnits to 3.

  Restart the certificate services on the Issuing CA.

  Issue/Renew the certificate.