Устанавливаем сертификат Verisign на Cisco ASA5510

Шаг1. Проверяем Дату, Время и Временную зону
1. Выбираем Configuration, и кликаем на Device Setup.
2. Раскрываем список System Time и выбираем Clock.
3. Проверяем информацию которая отбразилась.

Шаг2. Генерация Certificate Signing Request (SCR)

Certificate signing request (CSR) is required in order for the 3rd party CA to issue an identity certificate. The CSR contains your ASA's distinguished name (DN) string along with the ASA's generated public key. The ASA uses the generated private key to digitally sign the CSR.
ASDM Procedure

1. Выбираем Configuration и кликаем Device Management.
2. Раскрываем список Certificate Management и выбираем Identity Certificates.
3. Нажимаем Add.
4. Переключаем radio button на Add a new identity certificate.
5. В строке Key Pair кликаем на New.
6. Выбираем Enter new key pair name. Далее надо дать название, желательно осмысленное :)
7. В поле Size выбираем 2048
8. И нажимаем Generate Now.
В течение некоторого времени будут создаваться пара ключей.
8. Далее необходимо сопастваить признаки для Certificate Subject DN:
Attribute Description
CN FQDN (Full Qualified Domain Name)
OU Department Name
O Company Name (Avoid using Special Characters)
C Country Code (2 Letter Code without Punctuation)
St State (Must be spelled out completrly EX: North Carolina)
L City

Чтобы сформировать какой либо параметр, сначала выбираем в поле Attribute необходимый атрибут и вписываем в поле Value значение и нажимаем кнопку Add.
9. После завершения работы по добавлению атрибутов, нажимаем OK.
10. Нажимаем на кнопку Advanced.
11. В поле FQDN, вводим FQDN которое используется для доступа к девайсу через Интернет. Это значение FQDN такое же какое вы использовали для Common Name (CN).
12. Нажимаем OK, и затем кликаем на Add Certificate.
Будет предложено сохранить Ваш CSR в файл на вашей локальной машине.
13. Кликаем Browse, выбираем папку куда сохранить ваш CSR, и сохраняем файл с расширением .txt.
14. Подтверждаем сохранение и отправляем файл поставщику сертификата.

Шаг3. Authenticate the Trustpoint

Once you receive the identity certificate from the 3rd party vendor, you can proceed with this step.
ASDM Procedure

1. Save the identity certificate to your local computer.

2. If your were provided a base64-encoded certificate that did not come as a file, you must copy the base64 message, and paste it into a text file.

3. Rename the file with a .cer extension.

Note: Once the file is renamed with the .cer extension, the file icon should display as a certificate.

4. Double-click the certificate file.

The Certificate dialog box appears.

[+] Show Image [ASDM]
asa_8.x_3rdpartyvendorcert_07.gif
Note: If the "Windows does not have enough information to verify this certificate" message appears in the General tab, you must obtain the 3rd party vendor root CA or intermediate CA certificate before you continue with this procedure. Contact your 3rd party vendor or CA administrator in order to obtain the issuing root CA or intermediate CA certificate.

5. Click the Certificate Path tab.

6. Click the CA certificate located above your issued identity certificate, and click View Certificate.

[+] Show Image [ASDM]
asa_8.x_3rdpartyvendorcert_08.gif
Detailed information about the intermediate CA certificate appears.

warning Warning! Do not install the identity (device) certificate in this step. Only the root, subordinate root, or CA certificate are added in this step. The identity (device) certificates are installed in Step 4.

7. Click Details.

[+] Show Image [ASDM]
asa_8.x_3rdpartyvendorcert_09.gif
8. Click Copy to File.

9. Within the Certificate Export Wizard, click Next.

[+] Show Image [ASDM]
asa_8.x_3rdpartyvendorcert_10.gif
10. In the Export File Format dialog box, click the Base-64 encoded X.509 (.CER) radio button, and click Next.

[+] Show Image [ASDM]
asa_8.x_3rdpartyvendorcert_11.gif
11. Enter the file name and location to which you want to save the CA certificate.

12. Click Next, and then click Finish.

13. Click OK in the Export Successful dialog box.

14. Browse to the location where you saved the CA certificate.

15. Open the file with a text editor, such as Notepad. (Right-click the file, and choose Send To > Notepad.)

16. The base64-encoded message should appear similar to the certificate in this image:

[+] Show Image [ASDM]
asa_8.x_3rdpartyvendorcert_12.gif
17.

Within ASDM, click Configuration, and then click Device Management.
18.

Expand Certificate Management, and choose CA Certificates.
19.

Click Add.
20.

Click the Paste certificate in PEM Format radio button, and paste the base64 CA certificate provided by the 3rd party vendor into the text field.
21.

Click Install Certificate.

[+] Show Image [ASDM]
asa_8.x_3rdpartyvendorcert_13.gif

A dialog box appears that confirms the installation was succesful.

Ошибка подключения по RDP – TermDD Event ID 50

Вот как с этой бедой поборолся...

1. Откройте редактор реестра.
2. Найдите и выделите раздел реестра
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TermService\Parameters
3. Удалите в этом разделе следующие параметры:
* Certificate
* X509 Certificate
* X509 Certificate ID
4. Закройте редактор реестра и перезагрузите сервер.

Не рботает Server Manager на Windows Server 2008R2

Столкнулся на днях со следующей проблекой, не смог просмотрить вкладки Roles и Features в Server Manager. Проблема оказалась из-зи одного обновления, на ошибку указали следующие логи: CBS.log (%windir%\Logs\CBS\CBS.log) and ServerManager.log (%windir%\Logs\ServerManager.log).
Решается ручной досустановкой файлов, которые видимо не скопировались при обновлении:
Недостающие файлы:
servicing\packages\Package_for_KB978886_RTM~31bf3856ad364e35~amd64~~6.1.1.0.mum
servicing\packages\Package_for_KB978886_RTM~31bf3856ad364e35~amd64~~6.1.1.0.cat

Здесь можно скачать обновление:
http://www.microsoft.com/downloads/details.aspx?FamilyID=a1f95600-34e5-44b3-b2cb-b2b2cbf645cb&displayLang=en

Создаю временную директорию c:\servicing

И запускаю консоль:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>cd c:\servicing

c:\servicing>wusa Windows6.1-KB978886-x64.msu /extract:c:\servicing\kb978886

c:\servicing>cd kb978886

c:\servicing\kb978886>mkdir files

c:\servicing\kb978886>expand Windows6.1-KB978886-x64.cab -F:* files
Microsoft (R) File Expansion Utility Version 6.1.7600.16385
Copyright (c) Microsoft Corporation. All rights reserved.

Adding files\update.mum to Extraction Queue
Adding files\update.cat to Extraction Queue
Adding files\update-bf.mum to Extraction Queue
Adding files\update-bf.cat to Extraction Queue
Adding files\package_2_for_kb978886~31bf3856ad364e35~amd64~~6.1.1.0.cat to Extraction Queue
Adding files\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\fwpkclnt.sys to Extraction Queue
Adding files\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\fwpkclnt.sys to Extraction Queue
Adding files\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys to Extraction Queue
Adding files\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys to Extraction Queue
Adding files\package_1_for_kb978886~31bf3856ad364e35~amd64~~6.1.1.0.cat to Extraction Queue
Adding files\package_3_for_kb978886~31bf3856ad364e35~amd64~~6.1.1.0.cat to Extraction Queue
Adding files\package_for_kb978886_rtm~31bf3856ad364e35~amd64~~6.1.1.0.mum to Extraction Queue
Adding files\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079.manifest to Extraction Queue
Adding files\package_2_for_kb978886_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum to Extraction Queue
Adding files\package_1_for_kb978886_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum to Extraction Queue
Adding files\package_3_for_kb978886_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum to Extraction Queue
Adding files\package_for_kb978886_rtm~31bf3856ad364e35~amd64~~6.1.1.0.cat to Extraction Queue
Adding files\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8.manifest to Extraction Queue
Adding files\package_2_for_kb978886_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat to Extraction Queue
Adding files\package_1_for_kb978886_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat to Extraction Queue
Adding files\package_3_for_kb978886_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat to Extraction Queue
Adding files\package_for_kb978886_rtm_bf~31bf3856ad364e35~amd64~~6.1.1.0.mum to Extraction Queue
Adding files\amd64_48f68e154e2a96cc9002091c8936ab97_31bf3856ad364e35_6.1.7600.20733_none_5976d7d43af5ba65.manifest to Extraction Queue
Adding files\package_1_for_kb978886~31bf3856ad364e35~amd64~~6.1.1.0.mum to Extraction Queue
Adding files\package_2_for_kb978886~31bf3856ad364e35~amd64~~6.1.1.0.mum to Extraction Queue
Adding files\package_for_kb978886_rtm_bf~31bf3856ad364e35~amd64~~6.1.1.0.cat to Extraction Queue
Adding files\amd64_336fc16a68bca61114642eda02f33f41_31bf3856ad364e35_6.1.7600.16610_none_39eac325001025a8.manifest to Extraction Queue
Adding files\package_3_for_kb978886~31bf3856ad364e35~amd64~~6.1.1.0.mum to Extraction Queue

Expanding Files ....

Expanding Files Complete ...
28 files total.

Теперь в этом катологе ищем файлы c:\servicing\kb978886\files и востанавливаем их...

servicing\packages\Package_for_KB978886_RTM~31bf3856ad364e35~amd64~~6.1.1.0.mum
servicing\packages\Package_for_KB978886_RTM~31bf3856ad364e35~amd64~~6.1.1.0.cat