HISCONNECTOR注册证书已过期
我刚刚注意到,我所有以PTA代理身份运行的服务器(包括AD连接服务器)都具有此证书过期.身份验证有效,但我担心某处损坏.另一个人对此有任何经验吗?
I have just noticed that all my servers running as PTA agent including AD connect server all have this certificate as expired. Authentication is working but i am worried there is something broken somewhere. Has another had any experience with this?
Hey Vintage,
Hey Vintage,
您可以检查是否还具有由HISconnectorRegistrationCA.msappproxy.net颁发的其他证书吗?
Can you check if you have other certificates that are issued by HISconnectorRegistrationCA.msappproxy.net as well ?
如果是,并且它们有效,则证书足够好,并且您可以删除这些旧证书,但是,您可能要确保此服务器在Azure AD门户中显示为活动服务器. Azure AD刀片> Azure AD连接>通过 验证>身份验证代理.
If yes, and if they are valid, the certificates are good enough, and you may remove these old certs, however, you may want to make sure that this server is shown up as active in Azure AD portal > Azure AD blade > Azure AD Connect > Pass Through Authentication > Authentication Agent.
理想情况下,如果该服务器的唯一身份验证代理证书已过期,并且如果对此服务器进行了续订过程,则该服务器将从上述部分下的活动服务器列表中删除.
Ideally, if this server's only auth agent certificate is expired, and if a renewal process was triggered on this, this server would be removed from the list of active servers under the section mentioned above.
来源:https://docs.microsoft.com/zh-cn/azure/active-directory/hybrid/how-to-connect-pta-security-deep-dive#operational-security-of-the -authentication-agents
Source : https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-security-deep-dive#operational-security-of-the-authentication-agents
您可能还想检查在Azure AD门户>下的门户中是否还有其他提到的服务器处于活动状态. Azure AD刀片> Azure AD连接>通过认证身份验证代理. ,您可能已在其中安装了Azure AD Connect直通代理,目前可以通过它们进行身份验证.
You may also want to check if there are other servers mentioned as active in the portal under Azure AD portal > Azure AD blade > Azure AD Connect > Pass Through Authentication > Authentication Agent. , where you may have installed the Azure AD Connect passthrough agents, through which your authentications may be working at the moment.
因此
1)检查此服务器在门户中是否被标记为活动服务器.如果该服务器显示为活动服务器,请检查本地计算机存储下的证书,以查看是否还有其他由HISconnectorRegistrationCA.msappproxy颁发的证书.网, 处于活动状态.
1) Check if this server is marked as active in the portal. If this server is being shown as active, check certificates under local machine store to see if there are other certificates that are issued by HISconnectorRegistrationCA.msappproxy.net, which are active.
2)如果否,则由于该服务器无法续签此证书,因此该服务器可能已从列表中删除,并且该服务器当前可能不用于通过身份验证,并且如果您将其他服务器标记为活跃,他们可能在 通过身份验证的用法.
2) If no, this server might have been taken off the list due to the server not being able to renew this certificate, and this server may not be currently used for pass through authentications, and if you have other servers marked as active, they may be under usage for pass through auths.
一些安全性深入了解信息:https://docs.microsoft.com/zh-cn/azure/active-directory/hybrid/how-to-connect-pta-security-deep-dive
Some security deep dive info : https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-security-deep-dive
谢谢
Ash