20411B-ENU-TrainerHandbook
.pdf
L7-39
Module 7: Configuring and Troubleshooting Remote Access |
||||
Lab A: Configuring Remote Access |
|
MCT |
||
|
USE |
|||
Exercise 1: Configuring a Virtual Private Network Server |
|
|||
Task 1: Configure server and client certificates |
|
|||
1. |
|
Switch to LON-DC1. |
|
|
|
|
.ONLY |
||
2. |
Sign in as Adatum\Administrator with the password Pa$$w0rd. |
|
||
3. |
In Server Manager, click Tools, and then click Certification Authority. |
|
||
4. |
In the certsrv management console, expand Adatum-LON-DC1-CA, right-click Certificate |
|||
|
|
Templates, and then click Manage. |
|
|
5. |
In the Certificate Templates Console details pane, right-click Computer, and then click Properties. |
|||
6. |
|
|
|
|
In the Computer Properties dialog box, click the Security tab, and then click Authenticated Users. |
||||
7. |
|
In Permissions for Authenticated Users, select the Allow check box for the Enroll permission, and |
|
|
|
|
then click OK. |
|
|
8. |
|
Close the Certificate Templates Console. |
|
|
9. |
|
In certsrv – [Certification Authority (Local)], right-click Adatum-LON-DC1-CA, point to All Tasks |
||
|
|
and then click Stop Service. |
|
|
10. |
Right-click Adatum-LON-DC1-CA, point to All Tasks and then click Start Service. |
|
|
|
11. |
Close the certsrv management console. |
|
|
|
12. |
In Server Manager, click Tools, and then click Group Policy Management. |
|
|
|
13. |
In the Group Policy Management list pane, expand Forest: Adatum.com, expand Domains, and then |
|||
|
|
expand Adatum.com. |
|
STUDENT |
|
|
|
USE |
|
14. |
In the list pane, under Adatum.com, right-click Default Domain Policy, and then click Edit. |
|||
15. |
In Group Policy Management Editor, under Computer Configuration, expand Policies, expand |
|||
|
|
Windows Settings, expand Security Settings, and then expand Public Key Policies. |
|
|
16. |
In the navigation pane, right-click Automatic Certificate Request Settings, point to |
|
||
New, and then |
||||
|
|
click Automatic Certificate Request. |
|
PROHIBITED |
17. |
In the Welcome to the Automatic Certificate Request Setup Wizard, click Next. |
|
||
18. |
On the Certificate Template page, accept the default setting of Computer, and then click Next. |
|||
19. |
On the Completing the Automatic Certificate Request Setup Wizard page, click Finish. |
|||
20. |
Close the Group Policy Management Editor. |
|
||
21. |
Close Group Policy Management. |
|
||
22. |
Switch to the LON-RTR computer, and sign in as Adatum\Administrator with the password |
|||
|
|
Pa$$w0rd. |
|
|
23. |
Pause your mouse pointer in the lower left of the taskbar and then click Start. |
|
||
24. |
Type mmc.exe, and then press Enter. |
|
||
25. |
On the File menu, click Add/Remove Snap-in. |
|
||
|
|
|
|
|
L7-40 Configuring and Troubleshooting Remote Access |
MCT |
|||
|
|
|||
|
|
|
|
|
26. |
In the Add or Remove Snap-ins dialog box, click Certificates, click Add, click Computer account, |
|
|
|
|
click Next, and then click Finish. |
|
|
|
27. |
In the Add or Remove Snap-ins dialog box, click OK. |
USE |
||
28. |
In the console tree, expand Certificates, right-click Personal, point to All Tasks, and then click |
|||
|
|
|||
|
Request New Certificate. |
|
|
|
29. |
In the Certificate Enrollment dialog box, click Next. |
|
|
|
30. |
On the Select Certificate Enrollment Policy page, click Active Directory Enrollment Policy, and |
.ONLY |
||
|
then click Next. |
|||
|
|
|
||
31. |
Select the Computer check box, and then click Enroll. |
|
|
|
32. |
Verify the status of certificate installation as Succeeded, and then click Finish. |
|
|
|
33. |
Close the Console1 window. |
|
|
|
34. |
When prompted to save console settings, click No. |
|
|
|
35. |
Switch to LON-CL2, and sign in as Adatum\Administrator with the password Pa$$w0rd. |
STUDENT |
||
43. |
In the Add or Remove Snap-ins dialog box, click OK. |
|||
36. |
In Start, type cmd.exe, and then press Enter. |
|
|
|
37. |
At the command prompt, type gpupdate /force, and then press Enter. |
|
|
|
38. |
Close the command prompt. |
|
|
|
39. |
Pause your mouse pointer in the lower left of the taskbar, and then click Start. |
|
|
|
40. |
In Start, type mmc, and then press Enter. |
|
|
|
41. |
On the File menu, click Add/Remove Snap-in. |
|
|
|
42. |
In the Add or Remove Snap-ins dialog box, click Certificates, click Add, click Computer account, |
|
|
|
|
click Next, and then click Finish. |
|
|
|
44. |
In the console tree, expand Certificates, and then expand Personal. |
USE |
||
45. |
Verify that a certificate exists for LON-CL2 that has been issued by Adatum-LON-DC1-CA. |
|||
|
|
|||
46. |
Close the Console1 window. |
|
|
|
47. |
When prompted to save console settings, click No. |
|
|
|
1.Switch to LON-RTR. PROHIBITED
2.If necessary, on the taskbar, click Server Manager.
3.In the Details pane, click Add roles and features.
4.In the Add Roles and Features Wizard, click Next.
5.On the Select installation type page, click Role-based or feature based installation, and then click Next.
6.On the Select destination server page, click Next.
7.On the Select server roles page, select the Network Policy and Access Services check box.
8.Click Add Features, and then click Next twice.
9.On the Network Policy and Access Services page, click Next.
|
Administering Windows Server® 2012 |
|
MCT |
||
|
L7-41 |
||||
10. |
On the Select role services page, verify that the Network Policy Server check box is selected, and |
|
|
||
|
then click Next. |
|
|
|
|
11. |
On the Confirm installation selections page, click Install. |
|
USE |
||
12. |
Verify that the installation was successful, and then click Close. |
|
|||
|
|
|
|
||
13. |
In Server Manager, click Tools, and then click Network Policy Server. |
|
|
|
|
14. |
In Network Policy Manager, in the navigation pane, right-click NPS (Local), and then click Register |
|
|
||
|
server in Active Directory. |
|
.ONLY |
||
15. |
In the Network Policy Server message box, click OK. |
|
|||
|
|
|
|
||
16. |
In the subsequent Network Policy Server dialog box, click OK. |
|
|
|
|
17. |
Leave the Network Policy Server console window open. |
|
|
|
|
18. |
In Server Manager, click Tools, and then click Routing and Remote Access. At the Enable |
|
|
|
|
|
DirectAccess Wizard click Cancel and then click OK. |
|
|
|
|
19. |
In the Routing and Remote Access console, right-click LON-RTR (local), and then click Disable |
|
STUDENT |
||
|
Routing and Remote Access. |
|
|||
|
|
|
|
|
|
20. |
In the dialog box, click Yes. |
|
|
|
|
21. |
In the Routing and Remote Access console, right-click LON-RTR (local) and then click Configure |
|
|
|
|
|
and Enable Routing and Remote Access. |
|
|
|
|
22. |
Click Next, select Remote access (dial-up or VPN), and then click Next. |
|
|
|
|
23. |
Select the VPN check box, and then click Next. |
|
|
|
|
24. |
Click the Local Area Connection 2 network interface. Clear the Enable security on the selected |
|
|
|
|
|
interface by setting up static packet filters check box, and then click Next. |
|
|
|
|
25. |
On the IP Address Assignment page, click From a specified range of addresses, and then click |
|
|
|
|
|
Next. |
|
USE |
||
26. |
On the Address Range Assignment page, click New. In the Start IP address text box, type |
|
|||
|
|
|
|
||
|
172.16.0.100, in the End IP address text box, type 172.16.0.110, and then click OK. |
|
|
|
|
27. |
Verify that 11 IP addresses were assigned for remote clients, and then click Next. |
|
|
|
|
28. |
On the Managing Multiple Remote Access Servers page, click Next. |
|
|
|
|
29. |
Click Finish. |
|
|
|
|
30. |
In the Routing and Remote Access dialog box, click OK. |
|
|
|
|
31. |
If prompted, click OK again. |
|
|
|
|
Task 3: Create a network policy for virtual private network (VPN) clients |
|
|
PROHIBITED |
||
1. |
On LON-RTR, switch to Network Policy Server. |
|
|
||
2. |
Next. |
|
|
||
In Network Policy Server, expand Policies, and then click Network Policies. |
|
|
|
|
|
3. |
In the details pane, right-click the policy at the top of the list, and then click Disable. |
|
|
|
|
4. |
In the details pane, right-click the policy at the bottom of the list, and then click Disable. |
|
|
|
|
5. |
In the navigation pane, right-click Network Policies, and then click New. |
|
|
|
|
6. |
In the New Network Policy Wizard, in the Policy name text box, type IT Pilot VPN Policy. |
|
|
|
|
7. |
In the Type of network access server list, click Remote Access Server(VPN-Dial up), and then click |
|
|
||
L7-42 Configuring and Troubleshooting Remote Access |
|
MCT |
||||
|
|
|
|
|||
8. |
On the Specify Conditions page, click Add. |
|
||||
|
|
|
||||
9. |
In the Select condition dialog box, click Windows Groups, and then click Add. |
USE |
||||
10. |
In the Windows Groups dialog box, click Add Groups. |
|||||
11. |
In the Select Group dialog box, in the Enter the object name to select (examples) text box, |
|||||
|
|
type IT, and then click OK. |
||||
12. |
Click OK again, click Next, and on the Specify Access Permission page, click Access granted, and |
|||||
|
|
then click Next. |
||||
|
|
.ONLY |
||||
13. |
On the Configure Authentication Methods page, clear the Microsoft Encrypted Authentication |
|||||
|
|
(MS-CHAP) check box, and then click Next. |
||||
14. |
On the Configure Constraints page, click Day and time restrictions. |
|||||
15. |
Select the Allow access only on these days and at these times check box, and then click Edit. |
|||||
16. |
In the Day and time restrictions dialog box, click Sunday, and then click Denied. |
|||||
17. |
Click Saturday, click Denied, and then click OK. |
|||||
|
|
|
||||
18. |
Click Next. |
|
|
|
||
19. |
On the Configure Settings page, click Next. |
|
|
|
||
20. |
On the Completing New Network Policy page, click Finish. |
|
|
|
||
|
|
|
||||
|
Results: After this exercise, you should have successfully deployed a VPN server, and configured access for |
|
||||
|
members of the IT global security group. |
|
|
|
||
|
|
|
|
|
||
|
Exercise 2: Configuring VPN Clients |
STUDENT |
||||
|
|
|
||||
|
Task 1: Configure and distribute a Connection Manager Administration Kit profile |
USE |
||||
1. |
Switch to LON-CL2. |
|||||
2. |
Pause your mouse pointer in the lower left of the taskbar, and then click Start. |
|||||
3. |
On the Start screen, type Control, and then in the Apps list, click Control Panel. |
|||||
4. |
Click Programs, and in Programs, click Turn Windows features on or off. |
PROHIBITED |
||||
5. |
In Windows Features, select the RAS Connection Manager Administration Kit (CMAK) check box, |
|||||
|
|
and then click OK. |
||||
6. |
Click Close. |
|||||
7. |
In Control Panel, click Control Panel Home. |
|||||
8. |
In the View by list, click Large icons. |
|||||
9. |
Click Administrative Tools, and then double-click Connection Manager Administration Kit. |
|||||
10. |
In the Connection Manager Administration Kit Wizard, click Next. |
|||||
11. |
On the Select the Target Operating System page, click Windows Vista or above, and then click |
|||||
|
|
Next. |
||||
12. |
On the Create or Modify a Connection Manager profile page, click New profile, and then click |
|||||
|
|
Next. |
||||
|
|
|
||||
|
Administering Windows Server® 2012 |
|
MCT |
|
|
L7-43 |
|||
13. |
On the Specify the Service Name and the File Name page, in the Service name text box, type |
|
|
|
|
Adatum Pilot VPN, in the File name text box, type Adatum, and then click Next. |
|
|
|
14. |
On the Specify a Realm Name page, click Do not add a realm name to the user name, and then |
|||
|
click Next. |
|
USE |
|
|
|
|
|
|
15. |
On the Merge Information from Other Profiles page, click Next. |
|
|
|
16. |
On the Add Support for VPN Connections page, select the Phone book from this profile check |
|
|
|
|
box. |
|
.ONLY |
|
17. |
In the VPN server name or IP address text box, type 10.10.0.1, and then click Next. |
|
||
|
|
|
||
18. |
On the Create or Modify a VPN Entry page, click Edit. |
|
|
|
19. |
In the Edit VPN Entry dialog box, click the Security tab. |
|
|
|
20. |
In the VPN strategy list, click Only use Layer Two Tunneling Protocol (L2TP), and then click OK. |
|||
21. |
Click Next. |
|
|
|
22. |
On the Add a Custom Phone Book page, clear the Automatically download phone book updates |
|||
30. |
On the Include a Custom Help File page, click Next. |
|
STUDENT |
|
|
check box, and then click Next. |
|
|
|
23. |
On the Configure Dial-up Networking Entries page, click Next. |
|
|
|
24. |
On the Specify Routing Table Updates page, click Next. |
|
|
|
25. |
On the Configure Proxy Settings for Internet Explorer page, click Next. |
|
|
|
26. |
On the Add Custom Actions page, click Next. |
|
|
|
27. |
On the Display a Custom Logon Bitmap page, click Next. |
|
|
|
28. |
On the Display a Custom Phone Book Bitmap page, click Next. |
|
|
|
29. |
On the Display Custom Icons page, click Next. |
|
|
|
31. |
On the Display Custom Support Information page, click Next. |
|
USE |
|
32. |
On the Display a Custom License Agreement page, click Next. |
|
||
|
|
|
||
33. |
On the Install Additional Files with the Connection Manager profile page, click Next. |
|
|
|
34. |
On the Build the Connection Manager Profile and Its Installation Program page, click Next. |
|
PROHIBITED |
|
35. |
|
|
||
On the Your Connection Manager Profile is Complete and Ready to Distribute page, click Finish. |
||||
36. |
On the taskbar, click the File Explorer icon. |
|
|
|
37. |
In the Windows Explorer address box, type C:\Program Files\CMAK\Profiles\Windows Vista and |
|||
|
above\Adatum, and then press Enter. |
|
|
|
38. |
Double-click Adatum.exe. |
|
|
|
39. |
In the Adatum Pilot VPN dialog box, click Yes. |
|
|
|
40. |
In the second Adatum Pilot VPN dialog box, click All users, and then click OK. |
|
|
|
41. |
In the Adatum Pilot VPN dialog box, click Cancel. |
|
|
|
|
|
|
Administering Windows Server® 2012 |
|
MCT |
|
|
|
|
L7-45 |
|||
|
Lab B: Configuring DirectAccess |
|
|
|
||
|
Exercise 1: Configuring the DirectAccess Infrastructure |
|
USE |
|||
|
Task 1: Configure Active Directory® Domain Services (AD DS) and Domain Name |
|
||||
|
|
|
|
|||
|
System (DNS) |
|
|
|
||
|
1. Create a security group for Windows® DirectAccess client computers by performing the |
|
|
|
||
|
|
following steps: |
|
.ONLY |
||
|
|
a. |
Switch to LON-DC1. |
|
||
|
|
|
|
|
||
|
|
b. |
Sign in as Adatum\Administrator with the password Pa$$w0rd. |
|
|
|
|
|
c. |
In Server Manager, click Tools, and then click Active Directory Users and Computers. |
|
|
|
|
|
d. |
In the Active Directory Users and Computers console, right-click Adatum.com, click New, and |
|
|
|
|
|
|
then click Organizational Unit |
|
|
|
|
|
e. |
In the New Object – Organizational Unit window, in the Name text box, type DA_Clients OU, |
STUDENT |
||
|
|
|
and then click OK. |
|
||
|
|
|
|
|
|
|
|
|
f. |
In the Active Directory Users and Computers console, expand Adatum.com, right-click |
|
|
|
|
|
|
DA_Clients OU, click New, and then click Group. |
|
|
|
|
|
g. |
In the New Object - Group dialog box, under Group name, type DA_Clients. |
|
|
|
|
|
h. |
Under Group scope, click Global, under Group type, click Security, and then click OK. |
|
|
|
|
|
i. |
In the details pane, double-click DA_Clients. |
|
|
|
|
|
j. |
In the DA_Clients Properties dialog box, click the Members tab, and then click Add. |
|
|
|
|
|
k. |
In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, click |
|
|
|
|
|
|
Object Types, select the Computers check box, and then click OK. |
|
|
|
|
|
l. |
Under Enter the object names to select (examples), type LON-CL1, and then click OK. |
|
USE |
|
|
|
m. |
Verify that LON-CL1 displays below Members, and then click OK. |
|
||
|
|
|
|
|
||
|
|
n. |
Close the Active Directory Users and Computers console. |
|
|
|
2. Configure firewall rules for ICMPv6 traffic by performing the following steps: |
|
|
|
|||
|
|
|
|
|
PROHIBITED |
|
|
|
|
|
|
||
testing |
|
|
||||
|
|
|
|
|||
|
|
a. |
In Server Manager, click Tools, and then click Group Policy Management. |
|
|
|
|
|
b. |
In the Group Policy Management Console, expand Forest: Adatum.com, expand Domains, and |
|||
|
|
|
then expand Adatum.com. |
|
|
|
|
|
c. |
Under Adatum.com, right-click Default Domain Policy, and then click Edit. |
|
|
|
|
|
d. |
In the Group Policy Management Editor, navigate to Computer Configuration, expand |
|
|
|
|
|
|
Policies, expand Windows Settings, expand Security Settings, expand Windows Firewall with |
|||
|
|
|
Advanced Security, and then click Windows Firewall with Advanced Security. |
|
|
|
|
|
e. |
In Windows Firewall with Advanced Security, click Inbound Rules, right-click Inbound Rules, |
|
|
|
|
|
|
and then click New Rule. |
|
|
|
|
|
f. |
On the Rule Type page, click Custom, and then click Next. |
|
|
|
L7-46 Configuring
g. |
On the Program page, click Next. |
MCT |
|
h. |
On the Protocols and Ports page, under Protocol type, click ICMPv6, and then click |
||
|
Customize. |
USE |
|
i. |
|
||
In the Customize ICMP Settings dialog box, click Specific ICMP types, click Echo Request, and |
|||
|
then click OK. |
|
|
j. |
Click Next. |
|
|
k. |
On the Scope page, click Next. |
.ONLY |
|
l. |
New Rule. |
||
On the Action page, click Next. |
|
||
m. |
On the Profile page, click Next. |
|
|
n. |
On the Name page, in the Name text box, type Inbound ICMPv6 Echo Requests, and then |
|
|
|
click Finish. |
|
|
o. |
In the console tree, click Outbound Rules, right-click Outbound Rules, and then click |
STUDENT |
|
p. |
On the Rule Type page, click Custom, and then click Next. |
||
|
|||
q. |
On the Program page, click Next. |
|
|
r. |
On the Protocols and Ports page, under Protocol type, click ICMPv6, and then click |
|
|
|
Customize. |
|
|
s. |
In the Customize ICMP Settings dialog box, click Specific ICMP types, click Echo Request, and |
||
|
then click OK. |
|
|
t. |
Click Next. |
|
|
u. |
On the Scope page, click Next. |
|
|
v. |
On the Action page, click Allow the connection, and then click Next. |
|
|
w. |
On the Profile page, click Next. |
USE |
|
x. |
On the Name page, in the Name text box, type Outbound ICMPv6 Echo Requests, and then |
||
|
|||
|
click Finish. |
|
|
y. |
Close the Group Policy Management Editor and the Group Policy Management Console. |
|
|
3. Create required DNS records by performing the following steps: |
PROHIBITED |
||
a. |
In Server Manager, click Tools, and then click DNS. |
||
|
|||
b. |
In the DNS Manager console, expand LON-DC1, expand Forward Lookup Zones, and then click |
|
|
|
Adatum.com. |
|
|
c. |
Right-click Adatum.com, and then click New Host (A or AAAA). |
|
|
d. |
In the Name text box, type nls. In the IP address text box, type 172.16.0.21, click Add Host, |
|
|
|
and then click OK. |
|
|
e. |
In the New Host dialog box, in the Name text box, type CRL. In the IP address text box, type |
|
|
|
172.16.0.1, and then click Add Host. |
|
|
f. |
In the DNS dialog box informing you that the record was created, click OK. |
|
|
g. |
In the New Host dialog box, click Done. |
|
|
h. |
Close the DNS Manager console. |
|
|
|
Administering Windows Server® 2012 |
|
MCT |
|
|
L7-47 |
|||
4. Remove ISATAP from the DNS global query block list by performing the following steps: |
|
|
|
|
a. |
Move the mouse pointer to the lower-right corner, select search on the right menu, and then |
USE |
||
|
type cmd.exe. Press Enter. |
|
||
b. |
In the command prompt window, type the following command, and then press Enter: |
|
||
|
|
|
||
|
|
|
||
c. |
Ensure that the Command completed successfully message displays. |
|
|
|
d. |
Close the Command Prompt window. |
|
|
|
5. Configure the DNS suffix on LON-RTR by performing the following steps: |
|
|
|
|
a. |
Switch to LON-RTR. |
|
|
|
b. |
Move the mouse to the lower right corner of the screen, click Settings, click Control Panel, and |
|||
|
then click View network status and tasks. |
|
ONLY. |
|
c. |
In the Network and Sharing Center window, click Change adapter settings. |
|
||
|
|
|
||
d. |
In the Network Connection window, right-click Local Area Connection, and then click |
|
|
|
|
Properties. |
|
|
|
e. |
In the Local Area Network Properties window, double-click Internet Protocol Version 4 |
|
|
|
|
(TCP/IPv4). |
|
|
|
f. |
In the Internet Protocol Version 4 (TCP/IPv4) dialog box, click Advanced. |
|
|
|
g. |
On the DNS tab, in the DNS suffix for this connection text box, type Adatum.com, and then |
|||
|
click OK. |
|
STUDENT |
|
h. |
In the Internet Protocol Version 4 (TCP/IPv4) dialog box, click OK. |
|
||
i. |
In the Local Area Connection Properties dialog box, click OK. |
|
||
6. Configure the Local Area Connection 2 properties on LON-RTR: |
|
|||
|
USE |
|||
a. |
In the Network Connection window, right-click Local Area Connection 2, and then click |
|
||
|
Properties. |
|
||
b. |
In the Local Area Network 2 Properties window, double-click Internet Protocol Version 4 |
|
||
|
(TCP/IPv4). |
|
||
|
|
|
||
c. |
In the Internet Protocol Version 4 (TCP/IPv4) dialog box, in the IP address text box, type |
|
|
|
|
131.107.0.2 and in the Subnet mask text box, type 255.255.0.0. |
|
|
|
d. |
Click OK, and then click OK again. |
|
|
|
e. |
Close Network Connections. |
|
|
|
1. To configure the certificate revocation list (CRL) distribution settings, perform the following steps: |
|
|
||
a. |
On LON-DC1, in Server Manager, on the Tools menu, click Certification Authority. |
|
|
|
b. |
In the details pane, right-click Adatum-LON-DC1-CA, and then click Properties. |
|
|
|
c. |
In the Adatum-LON-DC1-CA Properties dialog box, click the Extensions tab. |
|
|
|
d. |
On the Extensions tab, click Add. In the Location text box, type http://crl.adatum.com/crld/. |
|||
e. |
Under Variable, click <CaName>, and then click Insert. |
|
PROHIBITED |
|
f. |
Under Variable, click <CRLNameSuffix>, and then click Insert. |
|
||
|
|
|
||
L7-48 Configuring and Troubleshooting Remote Access
|
g. Under Variable, click <DeltaCRLAllowed>, and then click Insert. |
MCT |
|
|
h. |
In the Location text box, at the end of the Location string, type .crl, and then click OK. |
|
|
i. |
Select the Include in CRLs. Clients use this to find Delta CRL locations and Include in the |
USE |
|
|
CDP extension of issued certificates check boxes, and then click Apply. in the dialog box |
|
|
|
|
|
|
|
asking you to restart Active Directory Certificate Services, click No. |
|
|
j. |
Click Add. |
|
|
k. |
In the Location text box, type \\LON-RTR\crldist$\. |
.ONLY |
|
l. |
Under Variable, click <CaName>, and then click Insert. |
|
|
|
||
|
m. Under Variable, click <CRLNameSuffix>, and then click Insert. |
|
|
|
n. Under Variable, click <DeltaCRLAllowed>, and then click Insert. |
|
|
|
o. In the Location text box, at the end of the string, type .crl, and then click OK. |
|
|
|
p. Select both the Publish CRLs to this location and Publish Delta CRLs to this location check |
|
|
|
|
boxes, and then click OK. |
STUDENT |
|
q. Click Yes to restart Active Directory Certificate Services. |
||
|
|
||
2. Duplicate the web certificate template and configure appropriate permission by performing the |
|
||
|
following steps: |
|
|
|
a. |
In the Certification Authority console, expand Adatum-LON-DC1-CA, right-click Certificate |
|
|
|
Templates, and then click Manage. |
|
|
b. |
In the Certificate Templates console, in the content pane, right-click the Web Server template, |
|
|
|
||
|
|
||
|
|
and then click Duplicate Template. |
|
|
c. |
Click the General tab, and in the Template display name text box, type Adatum Web Server |
USE |
|
|
Certificate. |
|
|
|
|
|
|
d. |
Click the Request Handling tab, and then click Allow private key to be exported. |
|
|
e. |
Click the Security tab, and then click Authenticated Users. |
|
|
f. |
In the Permissions for Authenticated Users window, under Allow, click Enroll, and then click OK. |
PROHIBITED |
|
g. Close the Certificate Templates console. |
||
|
|
||
|
h. |
In the Certification Authority console, right-click Certificate Templates, and navigate to |
|
|
|
New/Certificate Template to Issue. |
|
|
i. |
Click Adatum Web Server Certificate, and then click OK. |
|
|
j. |
In certsrv – [Certification Authority (Local)], right-click Adatum-LON-DC1-CA, point to All Tasks |
|
|
|
and then click Stop Service. |
|
|
k. |
Right-click Adatum-LON-DC1-CA, point to All Tasks and then click Start Service. |
|
|
l. |
Close the Certification Authority console. |
|