MFA Guides

Configure IIS

Follow these steps to configure IIS.

  1. Log into the workstation with the service account, access the start menu, and type run.

  2. Type mmc.

  3. Navigate to File | Add/Remove Snap-Ins | Certificates | Add.

    config_IIS_3.png
  4. When given the choice of type of certificate to add and manage, select My user account and click Finish.

    Cert_Type.png
  5. Click OK.

  6. Navigate to Current User | Personal and then right-click to All Tasks | Request New Certificate.

    config_IIS_5.png
  7. Click Next twice, select Enrollment Agent and Key Recovery Agent, and click Enroll.

    config_IIS_6.png
  8. Click Finish.

  9. Open Administrative Tools  and launch Certification Authority.

  10. Navigate to Pending Requests, right-click, and click All Tasks | Issue.

    config_IIS_9.png
  11. Navigate to Issue Certificates | Key Recovery Agent and right-click and select All Tasks | Export Binary Data.

    config_IIS_10.png
  12. Select Binary Data, save to file, and click OK.

    config_IIS_11.png
  13. Return to the MMC console, navigate to Personal | Certificates, right-click and select All Tasks | Import. Follow the wizard to import the saved certificate file. When complete, the imported file displays.

    config_IIS_12.png
  14. Return to the Certification Authority, right-click on its name, and select Properties. Navigate to Recovery Agents, select Archive the Key, add the service account, and click OK.

    config_IIS_13.png
  15. When prompted to restart the CA, click Yes.

  16. Log out and re-authenticate to windows with a different administrative account.

  17. Navigate to C:\Program Files\2FA, right-click on ONE Server, and select Properties.

  18. In the Security tab, ensure the service account has full control permissions.

    config_IIS_17.png
  19. Navigate to Administrative Tools, open IIS Manager, and select Application Pools.

    config_IIS_18.png
  20. Right-click oneAppPool and select Advanced Settings.

  21. Scroll to Generate Process Model Event Log Entry, and change the Identity field to the service account using the Custom account field. When finished, click OK to return to Advanced Settings.

    config_IIS_20_1.png
    config_IIS_20_2.png
  22. Verify that Load User Profile is set to True.

    config_IIS_21.png
  23. Click OK and Recycle.

    config_IIS_22.png