– uncheck “Token Password must be changed on first logon” Run Safenet authentication client tools from any of them and then format Safenet eToken with a new password Install the Safenet Authentication Client ver 8.2 in the windows server 2012 domain controller and the domain windows 7 client.ġ. Right Click on the Certificate Templates node, Select New and then select ‘Certificate Template to Issue’, and import the ‘Enrollment Agent’ and ‘Smartcard User SEEM’ just createdĠ. After this is done, go back to the Certificate Authority MMC. Ensure that the Issuance Requirements match the following settingsĨ. On the Cryptography tab ensure that you select ‘Requests must use one of the following providers’ and then select “eToken Base Cryptographic Provider”ħ. Give the new Template an appropriate name, e.g. Change your compatibility settings accordingly, this will depend on your CA infrastructure & End User Devicesĥ. Right Click on the ‘Smartcard User’ Certificate Template and then select ‘Duplicate’Ĥ. Click on the ‘Certificate Templates’ node and select Manageģ. Launch Certification Authority MMC : Server Manager -> Tools -> Certification AuthorityĢ. > Review the installation selections on the confirmation page, as shown below, and click Install.Īfter ADCS is installed in domain1\server02, and then proceed to configure the CA :ġ. > Choose a common name for this CA, mine: “domain1-SERVER02-CA” > Take default for Cryptographic options like below: > Check “Certificate Authority” in Role Services > check “Active Directory Certificate Services” > Role-based or feature-based installation Start Server Manager in server02 which is the domain controller in a windows 2012 functional level domain “domain1” and then run “Add Roles and Features Wizard” : – HowTo: Disable UPN mapping for SmartCard logon – Smart card from external source/active directory/remote desktop/user name hints – Configure Server 2012 CA for Smartcard Authentication
– A Complete Guide on Active Directory Certificate Services in Windows Server 2008 R2
Configuration on remote desktop client (from different windows domains ) Enroll the Enrollment Agent Certificate in domain1\server02Ħ. Preparation of Safenet USB eToken for domain user authenticationĤ. Configuration of Windows Server 2012 Certificate Authority in domain1\server02ģ. Installation of AD Certificate Service in domain1\server02Ģ. For the sake for testing remote desktop, I have do Port forward for remote desktop port in domain controllers and client as below, where real-ip is the hostname for the firewall machine in the ESXi evironment : Hostnameġ. My testing environment is a windows server 2012 domain built from VMware ESXi 5.1. This Safenet USB eToken 5105 key is on loan from vendor for our testing. – Using Safenet USB eToken for Windows Server 2012 domain user remote desktop Authentication
0 kommentar(er)
