Thursday, 19 July 2018

Certificate Services New Cert Req from CSR fails with "The request contains no certificate template information 0x80094801 CERTSRV_E_NO_CERT_TYPE Denied by Policy Module 0x80094801 The request does not contain a certificate template extension or the Certificate Template request attribute."

When you try to request a new certificate from AD CS using a CRS you get the following error
"The request contains no certificate template information 0x80094801 CERTSRV_E_NO_CERT_TYPE Denied by Policy Module 0x80094801 The request does not contain a certificate template extension or the Certificate Template request attribute."
This was when the "Request new CA certificate" option was used from the Certificate Authority GUI.


To use the command line tools to generate this certificate you must find the true certificate template name, please note that this is not the template name which is displayed in the Certificate Templates pane.
To find the true name right click Certificate Templates and select Manage, find your template from the list and select Properties. 


The certreq looking for the Template Name, not the Template Display Name.tool is 

Use the command line tool certreq.exe with the following command
certreq –adminforcemachine –config “cahostname\certauthname” -submit -attrib "CertificateTemplate: CertificateTemplateName" “C:\Path to CSR”
Please note if you leave –adminforcemachine or –config out of this command you will get the following error “The DNS name is unavailable and cannot be added to the Subject Alternate Name
Once you do this it will ask you to confirm which AD CS in the AD you want to issue the certificate, in my example there is only one. 

Wednesday, 18 July 2018

Enabling Mailbox Auditing in Office 365


Mailbox Auditing is not enabled by default in Office 365. Mailbox Auditing is a security flag when you check the Security Score of your tenant. The Security Centre states that Mailbox Auditing should be abled for at least 90% of the mailboxes in your organisation.

Mailbox Auditing allows administrators to search the audit log for mailbox activity.

Imports the Office 365 Module
Import-Module MSOnline

Stores the Global Admin Creds in a Variable
$UserCredential = Get-Credential

Connects to the Tenant using the Variable
Connect-MsolService = $UserCredential

Creates a Session to Exchange Online and Stores in Variable
$Session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential –Authentication Basic -AllowRedirection

Import-PSSession $Session

Enables Mailbox Auditing for all Users
Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -AuditEnabled $true

Verifies that Mailbox Auditing is Enabled, if so “True” will be returned
Get-Mailbox "Username"| FL Audit*

Install Azure AD & Office 365 Powershell Modules

How to install the latest Azure AD and Office 365 Powershell modules, please note that the Office 365 Sign In Assistant is also required on the workstation.

Set-ExecutionPolicy Unrestricted
Install-Module AzureAD
Install-Module MSOnline
Import-Module AzureAD
Import-Module MSOnline
Connect-MsolService