Read Support Issues FAQ

FAQ is organized by major issue and kept current as issues are discovered, updated, and resolved

Topic: KB5014754 “Certifried” Issue – Updated as of Jan 19, 2023 

We have received several questions from customers about this update from Microsoft and how it will affect their infrastructures and users. So we put together this list of frequently asked questions:

Disclaimer: The questions and answers below only apply to user and computer certificates that were issued through Axiad. Any certificate that was issued outside of the Axiad solution will need to be reviewed and addressed to ensure it meets the new Microsoft strong mapping requirements.

Q: Once Axiad delivers the update, will existing user certificates need to be re-issued to comply with Microsoft’s change?
A: No, you will not need to re-issue any existing certificates. The Axiad Cloud change will ensure that all certificates issued going forward are compliant with the Microsoft requirement. Customers using our on-premises solution will receive instructions on how to upgrade their configuration for the Axiad update. For existing certificates, we will provide a PowerShell script that will import the certificate data for each user into Active Directory so that the users’ existing certificates will continue to work. To summarize it will be a two step process

  1. Axiad updates your Cloud instance so that any new certificate is compliant going forward
  2. Customer to run the script and import the data for the existing certificates into Active Directory

Q: How will we import the user certificates into Active Directory?
A: Axiad will provide a PowerShell script and a CSV export of the user certificates. The PowerShell script will read the CSV export and import the details about the users’ certificates into the AD attribute called “AltSecurityIdentities” for each user.

Q: What is the user impact when we import the user certificates into Active Directory?
A: There is no user impact expected when importing the certificate data into Active Directory. The script only adds to the “AltSecurityIdentities” attribute in AD and doesn’t require any action or changes for the end user.

Q: When will Axiad release an update to address this Microsoft change?
A: The current planned release date is Q2 2023. We will send another communication in the coming weeks that provides more details on the actual date.

Q: Does this Microsoft update affect certificates issued to machine?
A: Yes, this Microsoft update will affect machine certificates if the certificates are being used for Kerberos based authentication. It does not affect certificates that are used for web servers (https web SSL/TLS). We will include machine certificate remediation steps with the Axiad update that is scheduled for Q2 2023 and will follow the same or similar process that we are using for user certificates. The important thing to note is that you will not need to re-issue machine certificates to address this Microsoft update.

Q: What are the key dates for the changes implemented by this Microsoft update?
A: Here are the key dates to be aware of for this Microsoft update:

  • May 10, 2022- Microsoft released KB5014754 update
  • Q2 2023 [update as of Jan 19, 2023] – Axiad will release a product enhancement to support SID extension
  • Q2 2023 [update as of Jan 19, 2023] – Axiad will provide certificate export and import process
  • November 14, 2023 – Microsoft will start enforcing the new certificate requirements