search

GSA / piv-guides

This is the old location for the PIV Playbook. New location below.
https://playbooks.idmanagement.gov/piv/
Other
69 stars 44 forks source link

Disable UPN mapping on Server 2012 R2 for altSecurityIdentities approach #184

Closed gmkbenjamin closed 3 years ago

gmkbenjamin commented 7 years ago

Description of Issue:

Disabling UPN mapping instruction doesn't seem to work on Server 2012 R2

Details of Issue:

KDC: Windows Server 2012 R2 Client: Windows Server 2012 R2 (Same box) Disabled UPN mapping using the reg key UseSubjectAltName Enabled username hint altSecurityIdentities configured to use Subject and RFC822

Certificate contains: Subject, RFC822, UPN This doesn't work even with username hint I'm getting Your credential could not be verified.

Certificate contains: Subject, RFC822 This works with or without username hint.

References (Docs, Links, Files):

https://piv.idmanagement.gov/networkconfig/accounts/#disable-user-principal-name-mapping

If a New Page or Content is Needed, Expected Outcomes:

Instructions on disabling UPN mapping for Server 2012 R2

Link to the Content Page for Contributors:

https://piv.idmanagement.gov/networkconfig/accounts/#disable-user-principal-name-mapping

ryancdickson commented 3 years ago

Closing issues. Instructions posted on site have been confirmed to work with modern versions of Windows Server.