Active Directory Kerberos KDC certificate selection

Discover the intricacies of Active Directory's Kerberos KDC certificate selection for PKINIT, including techniques for choosing a specific certificate, analysis using IDA Pro, and PowerShell cmdlets for managing certificates. This deep dive explores the challenges and solutions for ensuring the right KDC certificate is used, overcoming the unpredictability of certificate selection in Windows environments.

Marc-André Moreau published on
12 min, 2247 words

Active Directory LDAPS certificate selection deep dive

A deep dive into Active Directory LDAPS certificate selection, detailing the technical intricacies of ensuring secure communications through TLS. This guide covers the validation and selection process, including PowerShell scripts for certificate management, aiming to clarify and resolve common issues with LDAPS implementation.

Marc-André Moreau published on
9 min, 1768 words

RDP NLA with Azure AD: The PKU2U Nightmare

This post tackles the challenges of RDP Network Level Authentication (NLA) with Azure AD, labeled as the PKU2U nightmare, offering detailed solutions for common problems. It addresses enabling PKU2U authentication, Azure AD workplace joining, the correct Azure AD username format, and third-party application support, providing both technical insights and practical steps to mitigate these issues in Azure AD environments.

Marc-André Moreau published on
7 min, 1315 words

RDP Smartcard Logon: User Name Does Not Exist

Navigate through the confusion of "the specified user name does not exist" error during RDP smartcard logon, offering insights into common misinterpretations and actionable solutions. This post breaks down error messages, suggests disabling strict KDC validation, and guides on certificate trust validation, ensuring successful authentication with practical steps and PowerShell commands.

Marc-André Moreau published on
7 min, 1359 words

Windows Hello: Cloud Kerberos Trust, or Key Trust?

Unpack the dilemma between Cloud Kerberos Trust and Key Trust in Windows Hello for Business deployments. This post navigates through troubleshooting login issues, clarifying deployment types, and offering solutions for transitioning between deployment models with Group Policy and PowerShell, ensuring a smoother Windows Hello setup and operational reliability.

Marc-André Moreau published on
4 min, 693 words

Disabling Web Proxy Auto Detect (WPAD) Correctly

Explore the correct method to disable Web Proxy Auto Detect (WPAD) in Windows to enhance security without breaking essential components. This guide clarifies common misconceptions and provides a safe approach using registry modifications, avoiding potential pitfalls associated with service deactivation.

Marc-André Moreau published on
2 min, 354 words