From f9fe0bacd05dec56e748025e0709036dcf2549f3 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 24 Jan 2020 09:45:35 +0500 Subject: [PATCH 1/4] Update hello-hybrid-key-whfb-settings-pki.md --- .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 41d11386b2..d15d87fde6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -78,7 +78,7 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities. >[!NOTE] ->The Domain Controller Certificate must be present in the NTAuth store. By default, Microsoft Enterprise CAs are added to the NTAuth store. If you are using a 3rd party CA, this may not be done by default. If the Domain Controller Certificate is not present in the NTAuth store, user authentication will fail. +>The root certificate of the certification authority must be present in the NTAuth store. By default, Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a 3rd party CA, this may not be done by default. If the certificate authority's root certificate is not present in the NTAuth store, user authentication will fail. ### Publish Certificate Templates to a Certificate Authority From 07f51574f45853d637e9fdcfcb1cac247512cb43 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 27 Jan 2020 11:13:46 +0500 Subject: [PATCH 2/4] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index d15d87fde6..5ae8bfa12e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -78,7 +78,7 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities. >[!NOTE] ->The root certificate of the certification authority must be present in the NTAuth store. By default, Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a 3rd party CA, this may not be done by default. If the certificate authority's root certificate is not present in the NTAuth store, user authentication will fail. +> The root certificate of the certification authority must be present in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a 3rd party CA, this may not be done by default. If the certificate authority's root certificate is not present in the NTAuth store, user authentication will fail. ### Publish Certificate Templates to a Certificate Authority From f2652fba62274e925ba3b1774f8d00da088f28f8 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 27 Jan 2020 17:58:44 +0500 Subject: [PATCH 3/4] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 5ae8bfa12e..ca0ed0fa25 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -77,7 +77,7 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities. ->[!NOTE] +> [!NOTE] > The root certificate of the certification authority must be present in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a 3rd party CA, this may not be done by default. If the certificate authority's root certificate is not present in the NTAuth store, user authentication will fail. ### Publish Certificate Templates to a Certificate Authority From b80d20de5fdf910ef15fccf0f96959b2f9b02e40 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 16 Feb 2020 08:04:44 +0500 Subject: [PATCH 4/4] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index ca0ed0fa25..ccca58029e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -78,7 +78,7 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities. > [!NOTE] -> The root certificate of the certification authority must be present in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a 3rd party CA, this may not be done by default. If the certificate authority's root certificate is not present in the NTAuth store, user authentication will fail. +> The domain controller's certificate must chain to a root in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a third-party CA, this may not be done by default. If the domain controller certificate does not chain to a root in the NTAuth store, user authentication will fail. ### Publish Certificate Templates to a Certificate Authority