Previously, we used a development instance of Azure AD Connect with a development Azure AD tenant to investigate the rules. However, Microsoft has created new functionality in the adfshelp.microsoft.com ADFSHelp Portal:

The ADFSHelp Portal in Microsoft Edge (click for larger screenshot)

ADFSHelp ToolsIn the Tools section, there is now a Claims Generator wizard labeled Azure AD RPT Claim Rules, that will help you get optimized claims rules for the ‘Office 365 Identity Platform’ RPT.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently on adding some machines and updates to a existing WSUS server that had been stable for a whole year, I was getting the server being unresponsive , and the reset server node would not work

After restarting the Windows Update Server Service , the error below would display in the event log : 

The WSUS content directory is not accessible. System.Net.WebException: The remote server returned an error: (503) Server Unavailable. at System.Net.HttpWebRequest.GetResponse() at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)

Running IISRest in the Command prompt brought the site back online  , however clearly this was a workaround to teh crash , Turns out you need some tweaking of the Website in IIS to stop this!

  1. On your WSUS Server, launch the IIS Manager
  2. Open Application Pools
  3. Right click ‘WsusPool’ and select ‘Advanced Settings…’
  4. To support the maximum SCCM Software Update Point clients, change ‘Queue Length’ from the default 1,000 to 25,000
  5. If your server is NUMA aware, change ‘Maximum Worker Processes’ from the default 1 to 0. If you don’t know if your server is NUMA aware, leave this value default
  6. Change ‘”Service Unavailable” Response Type’ from the default HttpLevel to TcpLevel
  7. Change ‘Failure Interval (minutes) from the default 5 to 30
  8. Change ‘Maximum Failures’ from the default 5 to 60
  9. Click ‘OK’ to save the App Pool changes
  10. From an administrative command prompt, type IISRESET

This is also a good Cleanup script to schedule : 

https://community.spiceworks.com/scripts/show/2998-wsus-automated-maintenance-formerly-adamj-clean-wsus

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

In October Microsoft is shutting down TLS 1.0 and TLS 1.1 so we need to check Legacy decives that speak to 365 with protocols that use this like SMTP

https://dirteam.com/dave/2018/01/10/office-365-only-allows-tls-1-2/

TLS 1.2 Supported

Toshiba E-Studio MFD – Have checked with an Engineer, the device support all 3 version of TLS and will failover when required , no issue 

Veeam – This uses SSL not TLS 

DocuCenter-V and Above Supported ( needs latest firmware ) 

No TLS 1.2 Support

ApeosPort-IV C3371 does not support for TLS 1.2 as it only support to TLS 1.1 even after the possibility to upgrade to the latest firmware

TBC

Avaya IP Office 500 V2 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

I tried to go to this group policy documented around 

User Configuration > Administrative Templates > Windows Components > Internet Explorer Double click on the item named “Pop-Up Allow List”

Add the site to here, however due to the way the group policy works , the User never sees this list being populated and for some reason, it was not applying

Solution

Add Site to Trusted Sites in Group Policy By going to 

 User Settings -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page. Double click on the Site to Zone Assignment

Add the URL and Zone as 2

 User Settings -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Trusted Site Zone Double Click on Use Pop-Up Blocker

Change to disabled 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Install-Module AzureADPreview

Install-Module MSOnline

Install-Module : The term ‘Install-Module’ is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:1 char:1
+ Install-Module AzureADPreview
+ ~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Install-Module:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

Or you get “You must have the MSOnline Windows PowerShell modules”

Solution 

Download and install : https://www.microsoft.com/en-us/download/details.aspx?id=51451

Then run Powershell as Administrator

Run again

VN:F [1.9.22_1171]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

VERBOSE: Connecting to exchange-2016.domain.local
New-PSSession : [exchange-2016.domain.local] Connecting to remote server exchange-2016.domain.local failed with the following
error message : [ClientAccessServer=EXCH01,BackEndServer=exch01.rvh-win2k3.com,RequestId=75c539ee-5e13-4e23-b28c-d9dc6d
23b282,TimeStamp=7/31/2014 1:43:33 PM] [FailureCategory=Cafe-SendFailure]  For more information, see the
about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ConnectionURI “$connectionUri” -ConfigurationName Microsoft.Excha …

Fix

Step by step procedure:

1. Launch IIS Manager

2. Expand “Sites” under the server with this issue

3. Click on “Exchange Back End”

4. In the actions pane to the right, click on “Bindings”

5. Select the https type and click on “Edit”

6. Select the appropriate certificate and click on Ok.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently a Webroot Bug : https://community.spiceworks.com/topic/2114911-netlogon-5820-endpoint-duplicate-windows-10  and https://community.webroot.com/t5/Known-Issues-KB/Netlogon-is-not-starting-after-Reboot/ta-p/316119 Had caused Netlogon service to not start on some machines which stops group policy running. We needed to deploy the following which ran a script when it detected netlogon stopped : 

SCHTASKS /Create  /TN “System_NETLOGON_5820” /TR c:\Scripts\netstartnetlogon.cmd /SC ONEVENT /RL Highest /RU SYSTEM /EC SYSTEM /MO “*[System[Provider[@Name=’NETLOGON’] and EventID=5820]]” /F

With netstartnetlogon.cmd stored on the local machine in C:\Scripts\containing “net start netlogon”

You can deploy a schedule task remotelty using : 

SCHTASKS /Create /s %machinename%  /TN “System_NETLOGON_5820” /TR c:\Scripts\netstartnetlogon.cmd /SC ONEVENT /RL Highest /RU SYSTEM /EC SYSTEM /MO “*[System[Provider[@Name=’NETLOGON’] and EventID=5820]]” /F

Then Run it remotely using 

SCHTASKS /run /s %machinename%  /TN “System_NETLOGON_5820”

However it seemed a long method to go through all the machines with this. I used BatchPatch to deploy the netstartnetlogon.cmd files into the Folder on each machine , then used the Deploy Software/Patch/Script/Regkey to deploy and run the file : 

createscheduledtask.bat

Which containned : 

SCHTASKS /Create /TN “System_NETLOGON_5820” /TR c:\Scripts\netstartnetlogon.cmd /SC ONEVENT /RL Highest /RU SYSTEM /EC SYSTEM /MO “*[System[Provider[@Name=’NETLOGON’] and EventID=5820]]” /F
SCHTASKS /Run /TN “System_NETLOGON_5820”

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

The event log shows the below error : 

Faulting application name: WINPROJ.EXE, version: 16.0.9126.2072, time stamp: 0x5aa71b2d Faulting module name: mso20win32client.dll, version: 0.0.0.0, time stamp: 0x5aa6e4e7 Exception code: 0x010d5840 Fault offset: 0x00152808 Faulting process ID: 0x18b4 Faulting application start time: 0x01d3bffa8580d681 Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\WINPROJ.EXE Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll Report ID: 15fb1e4a-ee75-4217-9a89-1e75433a8b0a Faulting package full name: Faulting package-relative application ID:

Resetting the Registry and User App data for MS project does not resolve this 

You will have to go into Control Panel and do an Online Repair ( quick repair does not fix this ) 

VN:F [1.9.22_1171]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: +1 (from 1 vote)

The first delay is a long cycle of checking every file mentioned in the VSS writers metadata. There are 8 million of FILESTREAM blobs on that server. This must be what causes this cycle to be so long for that volume.

 

Please download the bundle here: https://storage.veeam.com/Fix_125973_aebe4c1eb0.zip

To install, do the following on Veeam server and any Guest Interaction proxies that you have:
1. Locate C:\Program Files (x86)\Veeam\Backup Transport\GuestInteraction\VSS\VeeamGuestHelpers
2. Rename VeeamVssSupport2003_X86.dll to VeeamVssSupport2003_X86.dll_old
3. Rename VeeamVssSupport2008R2_X64.dll to VeeamVssSupport2008R2_X64.dll_old
4. Rename VeeamVssSupportXP_X86.dll to VeeamVssSupportXP_X86.dll_old
5. Extract new versions of these 3 DLL files from the archive.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)