Malinda's Blog

Unable to install certificate in mobile devices

Smart phones with mobile 5 do not allow to install certificate display the warning “Security permission was insufficient to update your device”.

 

To resolve this issue you have to change few registry keys and give necessary permission to install the certificate.

 

Download regeditSTG.zip and extract in the mobile device it provides you view of all registry keys then change following registry keys.

 

HKLM\Security\Policies\Policies

 

1. 00001001 to 1
2. 00001005 to 40
3. 00001017 to 144

 

Regards,

Malinda

Vacancies @ MIT Microsoft Division

I think this is a good place to find promising techies; we are looking for good technical people for Millennium IT Microsoft division we spotted few people from the forum and looking for some more please let us know if you interested.

 

Job Description:

Candidate should able to provide reactive and proactive support to Enterprise Customers for the most technically complex environments.

We are looking for two types of candidates that is for Microsoft Infrastructure products and Communication can Collaboration products. Candidate must have good knowledge in his domain and at lease 3 years experience in similar role.

 

Contact details:

Malindap@millenniumit.com

077 3147273

ROOT CA

Information security is very important topic for any organization, there are many technologies to secure information one common method is public key infrastructure. Microsoft certificate service based PKI is secured way of exchanging data, this article is not about how to secure data using certificates. This article about how to protect public key infrastructure, among all other components root CA is the most critical component because that is the only self signing certificate authority. All other subordinate CA’s are required certificate sign by another CA upon the certificate hierarchy. If root CA compromised it affect down the certificate hierarchy that mean entire public key infrastructure will be at a risk. Because of that it is very important to protect root CA. Entire certificate hierarchy should plan in a way to minimize risk, today we cant say anything 100% secure no one guarantee computer networks, then best option is keep root CA unplug from the network. If that the case how root CA communicate with Active Directory, root CA should not be an enterprise CA it can be a stand alone CA. If that the case best option is implement stand alone root CA in a stand alone server which not plug to the network that will be more secure than network connected server and use portable media to transfer certificate to subordinates (issuing of intermediate CA). Issuing CA’s can be enterprise CA which can use benefits of Active Directory integration. Depend on the requirement certificate hierarchy can be extended up to multiple tiers by adding more CA into the hierarchy and make intermediate CA’s offline it make the environment complex but it gives you more secured environment. Other than offline the root CA it can be protected by providing physical security system with use special hardware security modules which design to protect CA’s and issue couple of smartcards to which required access the server.

Exchange cluster registry corruption

Mail system is one of the most critical systems in any organization. Most of the companies use e-mails as primary communication between partners, suppliers and customers in case of mail system failures have an effect on business operation in great extend. As a solution for server failures most of the companies are willing to invest for server clusters. If all the nodes in the cluster fails what will be the solution, why all nodes in the cluster fails same time. Last week I had to face similar kind of issue all nodes in the cluster failed same time. After restarting the server all resources in the cluster online except Microsoft search instance. I tried to start search instance couple of times but those attempts were not successful but I able to successfully restart search services in windows. After few minutes of trouble shooting I able to recognize registry keys belong to MS search instance is not available in both servers. Then I recreate those registry keys and try to restart search instance in cluster resources, but it failed again. Then only I identified real issue; registry keys which I created earlier were deleted when I am restarting search instance. I recreate registry keys again and try to restart search instance again but results were same in both servers. Now this become a real issue no way to recreate registry keys because it get deleted automatically every time I create it and no system state or registry backup. After considering all the facts I didn’t had any option other than recreate Exchange virtual server. My main consideration when deleting Exchange system attendant was data. Before I delete system attendant dismounted all databases, after successfully deleting system attendant I recreate it back, new system attendant able to successfully mount all databases and recreate missing registry keys. Delete and recreate system attendant not a solution for every problem because in other words you delete the Exchange cluster with that, have to consider all aspects before delete it, but it solve many issues because it recreate all dependencies again. Still I couldn’t able to figure out why those registry keys were deleted.