Introduction
Active Directory provides built-in redundancy through its Domain Controller Locator process, which utilizes DNS SRV records and site awareness to select an available domain controller automatically.
By configuring vSEC:CMS to reference the domain name rather than a specific domain controller, the application seamlessly uses this redundancy.
This ensures reliable Active Directory connectivity even when individual domain controllers become unavailable.
Configuring the Active Directory Connection
Navigate to Options - Connections and select Active Directory. Click Add.
Enter a template name and select the checkbox labeled 'Use current user credentials.' In the Server field, input the domain name for your environment.
Click the Test button to verify you can access users from your domain.
Finally, click Save to save your settings and close.
Configuring the Connection to a Microsoft Enterprise CA
If you are using a Microsoft Enterprise Certificate Authority, configure the CA connection in vSEC:CMS as follows:
Open Options → Connections → Certificate Authorities.
Click Add.
Enter a name and select Windows CA from the drop-down list.
Click Select CA.
Choose Use specific server.
In the Server field, enter your domain name (for example:
vseccms.com).This allows vSEC:CMS to retrieve Enterprise CAs published in Active Directory.
In the Windows logon name field, enter an account with permission to communicate with the CA.
We recommend using the same service account that runs the vSEC:CMS Service.
Enter the password and click OK.
Next:
From the list of Enterprise CAs published in Active Directory, select the CA that vSEC:CMS should use.
Enable the Sign server-side checkbox and then Request an Enrollment Agent.
Click Save.
vSEC:CMS will now use the selected Microsoft Enterprise CA for certificate enrollment.