Exchange Online – Hybrid – Missing SMTP

Posted by robd on October 23, 2018
Exchange Online / No Comments

Strange issue today, synced a bunch of users from on prem to Exchange which was successful.

Then the user was missing his default SMTP address on EoL but the SMTP was there on prem:

EoL, no COM:

EX prem, has COM

First thing to check, is the domain setup as a accepted domain in EoL (should be as the migration would of failed otherwise).

Next you can “override” the sync process by using the following EoL cmdlet:

 

Tags: ,

AD Attributes Tab Missing

Posted by robd on October 22, 2018
Active Directory / No Comments

Had a few people ask me recently why the attribute tab is missing for AD users in Active Directory Users and Computers.

First thing to check, is Advanced Features enabled:

Are you searching for the user??  If so then thats the issue, you CAN NOT get to the attribute tab from the search:

Go to the OU, open the user, booooom:

Tags: , ,

Check the PowerShell version

Posted by robd on October 20, 2018
Server / No Comments

Anothe quick one, to check PowerShell version:

 

Install the Remote Server Administration Tools (RSAT) on Windows 10 1809 via PowerShell

Posted by robd on October 19, 2018
powershell / No Comments

Just a quick one, to install RSAT on Windows 10 1809 via PowerShell:

then check:

 

Tags: , ,

Use PowerShell to Remotely Enable Firewall Exceptions

Posted by robd on October 18, 2018
powershell / No Comments

Got this today while connecting to Event viewer on a remote windows 10 machine:

To Fix remotely:

 

 

 

Tags:

Office 365/Outlook 2016 with MFA and the dreaded Password prompt of doom

Posted by robd on October 12, 2018
Exchange Online / No Comments

We recently started implementing Multiple Factor Authentication with office 365 and today I ran into a weird issue while working from home.

Laptop – Windows 10 1703

Outlook 2016 – 16.0.7726.1049

While opening Outlook 2016 I was prompted for my 365 credentials (over and over again) without any MFA prompt.

Would not not go away and would not connect.

So I checked

OWA – https://outlook.office365.com/owa – worked no problem and was prompted with MFA.

Teams – local install, worked no bother with MFA.

So I went to Azure Active Directory and could see loads of failed attempts:

Specifically: User did not pass MFA challenge (non Interactive)

So my guess was Outlook wasnt prompting me for MFA for what ever reason. I tried a new Outlook profile which wouldnt connect and the following registry entried to try and force basic connections from Outlook:

HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL

dword value 0

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableADALatopWAMOverride

dword value 1

None of this worked so I went all out and did the following which fixed the issue:

  1. Sign out of Office 365
    1. Open Word
    2. In the upper-right corner of the Office 2016 app, click your name, and then click Switch Account.
    3. On the Accounts screen, click Sign out.
    4. Locate the account that you want to remove, and then click Sign out.
  2. Remove the cached credentials in Credentials Manager.
    1. To do this, follow these steps: Open Control Panel, and then click Credentials Manager.
    2. Under Windows Credentials, remove all the accounts under Generic Credentials
  3. Clear cached credentials on the computer from the registry.
    1. Click Start, click Run, type regedit, and then click OK.
    2. In Registry Editor, locate and backup then delete the following registry subkey:

4. Launch Word and sign into Office 365 (it logged in without issue)

5. Launch Outlook and I was prompted for my MFA credentials and which I authenticated via my phone and I was in.

 

Tags: , ,

WSUS – Updates not downloading updates

Posted by robd on October 11, 2018
WSUS / No Comments

Had this very annoying issue on the WSUS console where updates would just stick.

The fix was really very simple although I tried a varierty of things that didnt work first.

The fix:

Stop the following services (I actually had to disable and reboot as they wouldnt stop):

Then delete this folder:

Restart the services and bobs your uncle.

 

What didnt work but might for you (or me in the future):

Find the failed update:

From the WSUS management console, you can go to Updates -> All Updates. After searching out the approved updates, and then adding the column for File Status, you can see the updates in downloading.

For the updates downloading incompletely, you can decline these updates.

or

Look for these events and decline the update:

Or

Cancel all updates from PowerShell

Then let them download and keep and eye on which is struggling and decline it.

Or

Reset WSUS content:

1) Correct any settings above or disapprove any unneeded updates.

2) Close any open WSUS consoles.

3) Go to Administrative Tools – Services and STOP the Update Services service.

4) In Windows Explorer browse to the WSUSContent folder (typically D:\WSUS\WSUSContent or C:\WSUS\WSUSContent)

5) Delete ALL the files and folders in the WSUSContent folder.

6) Go to Administrative Tools – Services and START the Update Services service.

7) Open a command prompt and navigate to the folder: C:\Program Files\Update Services\Tools.

8) Run the command WSUSUtil.exe RESET

Or

Check the permission of the WSUS Content folder, check if NETWORK SERVICE and WSUS administrators have full permission

Or

Reindex the SQL DB:

https://gallery.technet.microsoft.com/scriptcenter/6f8cde49-5c52-4abd-9820-f1d270ddea61

Tags: ,

Direct Access – IPSec Issue

Posted by robd on October 10, 2018
Direct Access / 2 Comments

Had a odd issue with our Direct Access servers today, We kept getting the following errors:

“There is no valid certificate to be used by IPsec which chains to the root/intermediate certificate configured to be used by IPsec in the DirectAccess configuration.”

After a day or two of not doing anything we couldnt event open the direct access console:

Or see any of the settings in PowerShell:

So whats the issue?  Turns out our Certificates had updated, namly our root and intermediate certificate and the direct access console didnt know what to do.

So to fix it, I’ll need to update the cert.

Open PowerShell and find the cert you want to use (the root or intermediate cert you used before):

Then set this cert:

Open the Direct Access console and give it a try.

Tags: , ,

Disable Dedup

Posted by robd on September 23, 2018
powershell, Server 2012 / No Comments

How to disable Dedup:

First an important point about disabling dedup (via GUI or PowerShell), when you disable it only stops further deduplication from occurring i.e data that has already been deduplicated will remain deduplicated

If you want to “move” the data back to the original files and out of the deduplication store (Chunk Store) you need to use powershell command

You can check the status on where this is at by using

Here’s another gotcha, chunk size (love that name) will not get smaller until you run two more commands, GarbageCollection and Scrubbing.  GargabeCollection will find and remove unreferenced chunks and scrubbing will perform an integrity check but this wont work unless dedup is on….so enable dedup:

Then run garage collection:

Once your drive is small again then disable dedup:

Tags: , ,

Microsoft Dedup

Posted by robd on September 22, 2018
Server 2012 / No Comments

I posted about Microsoft Dedup recently and thought I should mention how to setup dedupe:

Data deduplication is a feature that allows space reduction on a data volume by removing duplicate copy of data and replacing it with a reference file that looks exactly the same to the end user.

Microsoft does not recommend dedup on databases such as .edb, .mdf and .ldf files. This feature help IT admins reduce storage costs if it’s applied to the right data such as File shares such as home folders.

Below is the recommendation of dedup feature based on data type

Recommend Deduplication File Servers, VHD Files, Software Repositories, Backups and other static data.
Not Recommended Virtualization Hosts, WSUS, Database servers or any data that changes very frequently.

Requirements

  • Windows Server 2012 Operating system
  • At least 4GB of RAM
  • 1 CPU core and 350MB of RAM for every 1.5TB worth of data
  • Must be on non-system volume such as boot volume
  • Mapped drives via net use is not supported. Must be a local volume.
  • Must be using NTFS with MBR or GPT partition
  • Not supported on ReFS file system

To install the deduplication feature, use the Server Manager – Server Manager > Server Roles > File and storage services > File services > Data Deduplication.

Or PowerShell

Run below powershell commands to install the feature
To turn on deduplication feature, use below command (where E is the volume)
To Set the minimum file age before deduplication
To get a list of deduped volumes, run
To get dedup status, run
To start a dedup job manually, run
To get current dedup schedule, run

How to calculate dedup rate

Installing the “Data Deduplication” feature will automatically install the DDPEVAL.exe in c:\windows\system32 . This tool will allow you determine if deduplication is effective your data type.

This tool can be copied from any server running Windows Server 2012 R2 or Windows Server 2012 to systems running Windows Server 2012, Windows Server 2008 R2, or Windows 7. You can use it to determine the expected savings that you would get if deduplication is enabled on a particular volume.

To use:

More info:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831700(v=ws.11)

 

Copy Protected by Chetan's WP-Copyprotect.