An email from this sender could not be delivered to your mailbox as it has failed DKIM verification. To comply with government security standards the ATO cannot accept emails that fail DKIM integrity checks because the email cannot be verified as genuine.

Currently there is an issue causing emails from organisations using Office 365 to fail DKIM verification.

Office 365 has implemented its own DKIM features and customers must ensure that outbound DKIM is correctly configured for their domain (DNS) and namespace (Office 356 Administration).

 

Resolution

How to enable DKIM on 365

You will need to enable DKIM outbound DNS Verification on either 365 

selector1._domainkey.domain.com
selector2._domainkey.domain.com

These need to point to 

selector1-domain-com._domainkey.onmicrosoftalias.onmicrosoft.com
selector2-domain-com._domainkey.onmicrosoftalias.onmicrosoft.com

Your onmicrosoftalias is the domain GUID and can be retrieved from the MX record for your domain

You then need to enable

View Powershell :  

New-DkimSigningConfig –DomainName domain.com –Enabled $true

Or through GUI : 

 

If you send out via another provider e.g. a spam filter you will need to check the method on the spam filter of enabling this

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

 Error: Unfreeze error: [Backup job failed.
Cannot create a shadow copy of the volumes containing writer’s data.
A VSS critical writer has failed. Writer name: [SqlServerWriter]. Class ID: [{a65faa63-5ea8-4ebc-9dbd-a0c4db26912a}]. Instance ID: [{60e3e5dd-73fc-46d6-ab6b-6b8723df09e3}]. Writer’s state: [VSS_WS_FAILED_AT_PREPARE_SNAPSHOT]. Error code: [0x800423f4].]

I restarted the SQL Server VSS Writer ( Can be done during production as only used for backups ) and a retry still errored.

In the end I needed to reboot the server

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had a client delay receiving emails

A check of SMTP logs showed

4.7.0 SMTP; 403 4.7.0 TLS handshake failed

To investigate : 

Open Exchange Management Console

Go to Server Configuration and check Exchange Certificates check if there are any expired with SMTP next to them

Renew Self Signed Certificates  :

  1. type Get-ExchangeCertificate to list the installed certificates

  2. Match the certificate to the expired certificate (using subject the name and services) from the Console then copy the associated thumbprint

  3. Type Get-ExchangeCertificate –Thumbprint INSERTTHUMBPRINTHERE | New-ExchangeCertificate

Renew Third Party Cert

  1. Go through the process of Renewal with your Third Party SSL Authority

To disable Receiving email via TLS

Go to Hub Transport under Server Configuration, then Untick Transport Layer Security (TLS) for each Receiver Connector

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

When trying to add your email account to Outlook 2016 you get the follow error

an encrypted connection to your mail server is not available

365 is obviously  encrypted which means there must be something wrong with Autodiscover

  1. Check Autodiscover

Should be a CNAME to autodiscover.outlook.com. ( Put full stop on the end )

2. Make sure you have finished setting up the domain in 365 or it won’t listen for the domain

Test Autodiscover via : https://testconnectivity.microsoft.com/

Try logging in to powershell on your 365 Tenant and disabling OAuth2 (2fa ) 

Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

When adding an Exchange account to a Send and Recieve Group you could get Sync Errors occuring

published calendar 0x80004005

To check which Published Calendar the error was talking about , go into  Account settings and go to the following tab below

You can remove these if you don’t need/want them

Image result for published calendar

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

For some reason I couldn’t delete credentials from Veeam due to them being used on a Shared Folder that did not existing in a backup repository or Tape to Folder. In the end I had to use SQL remove this.

  1. Verify the record to be deleted by running the following query against the configuration database (VeeamBackup by default);

    SELECT * FROM [backup.model.mrulist]

  2. Run the following query, changing <share path> to match the record to be deleted.

    DELETE FROM [backup.model.mrulist] WHERE url = ‘<share path>’

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

If a website a being blocked from being viewed due to Fortinet web filter with the Category 

“newly observed domain” 

This is due to URLs whose domain name is not rated and were observed for the first time in the past 30 minutes. 

You can wait 30 minutes or you can use the Web Ratings Overrides below to change the category from newly observed domain to an accepted Category like Business and Finance

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 2 votes)

A windows update to Windows 10 has stopped the Camera on a x360 HP laptop working on Windows Hello ( Camera Login ) however the camera works for everything else

HP has released a driver update which fixes this problem , which you can download from below

ftp://ftp.hp.com/pub/softpaq/sp77501-78000/sp77657.exe

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had a Citrix server start to pulse on Disk Space useage in Monitoring where it would use 25 Gig’s in an hour then clear which brought up waves on the disk usage monitoring. The good news was that it was happening every hour so easily trackable in realtime.

I used performance monitor to check what the top process was that was writing to disk which was System … which did not help

Then I checked the folder, that System process was writing to the most, which picked up to be this single file : 

C:\Windows\System32\LogFiles\UserProfileManager\%domain.local%#%servername%_pm_config

Checking this file and it was 20 Gigabytes which would be the largest Config File I have ever seen!

I restart the Citrix Profile Management Service which dropped the File back down to 378kb and stopped the excessive disk writes/useage!

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)