Issue Statement: You have disabled a specific version of TLS/SSL using following registry as mentioned in https://support.microsoft.com/en-in/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\<SSL/TLS version to disable>\Server When you run vulnerability scan in your environment, you still get disabled SSL/TLS version listed as enabled in the vulnerability report over a specific port (e.g. 4883) Action Plan: Capture following data: 1) Netstat […]

Read More →

Problem Statement: How to change the signature algorithm on CA (Certification Authority) Server from RSASSA-PSS to RSA256SHA? Cause: You have legacy clients e.g. Windows XP, Window Server 2003 cannot validate the RSASSA-PSS signature and this behavior cannot be changed by installing any Service Packs as well. RSASSA-PSS signatures are supported on Vista and later operating systems only. […]

Read More →

Symptoms You are running Windows 8 or newer or Windows Server 2012 or newer member machines in a domain. When you restart the machines you may notice that the Netlogon is not running. You may detect this only after a dependent service reports a problem. In the system eventlog you find the following event: Log […]

Read More →