Your company uses a Windows Server 2008 R2 Enterprise Root C

You are the network administrator for your organization.
Your company uses a Windows Server 2008 R2 Enterprise Root CA.
The company has issued a new policy that prevents port 443 and port 80 from being opened
on domain controllers and on issuing CAs.
Your users need to request certificates from a web interface.
You have already installed the AD CS role.
What do you need to do next?

You are the network administrator for your organization.
Your company uses a Windows Server 2008 R2 Enterprise Root CA.
The company has issued a new policy that prevents port 443 and port 80 from being opened
on domain controllers and on issuing CAs.
Your users need to request certificates from a web interface.
You have already installed the AD CS role.
What do you need to do next?

A.
Configure the Certificate Authority Web Enrollment Service on a member server.

B.
Configure the Certificate Authority Web Enrollment Service on a domain server.

C.
Configure AD FS on member server to allow secure web-based access.

D.
Configure AD FS on domain controller to allow secure web-based access.

Explanation:
Basically the same as A/Q41:
http://technet.microsoft.com/en-us/library/dd759209.aspx
Certificate Enrollment Web Service Overview
The Certificate Enrollment Web Service is an Active Directory Certificate Services (AD CS)
role service that enables users and computers to perform certificate enrollment by using the
HTTPS protocol. Together with the Certificate Enrollment Policy Web Service, this enables
policy-based certificate enrollment when the client computer is not a member of a domain or
when a domain member is not connected to the domain.
Personal note:
Since domain controllers are off-limits (regarding open ports), you are left to install the
Certificate Enrollment Web Service role service on a plain member server



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Dave

Dave

You could also change the bindings in IIS to non-standard or alternate http ports such as 8080, 8008.