Azure Files Currently does not have “Take Ownership” permission on the file share using Domain Auth So if robocopy requires setting the owner, it will fail with access denied.

“ERROR 5 (0x00000005) Copying NTFS to Destination Directory Access is Denied”.

Way around this is to mount the file share to a drive letter using storage account and key which uses a localuser which can be found per below

Make sure you run powershell as Admin , you will then also need to run cmd as Admin to be able to see the new drive share 

 

GD Star Rating
loading...
GD Star Rating
loading...

PreReq’s

  • You need to have the HyperV Role installed on the server if you want to convert VHDX -> VHD , Azure only support VHD
  • You need to create a storage account in Azure : $storageaccount
  • You need to create a container in that storage account $containername
  • Azure Resource Group : $resourceGroup
  • VHD to VHDX should be stored at $localPath e.g. C:\Temp\VHD.VHD – this should be the C drive of the computer including System Reserve partition

 

  1. Connect to Azure

connect-azaccount

2. Select Azure Subscription

Select-AzureSubscription -Current -SubscriptionName $AzureSubscriptionName

3. 
# Upload the VHD
$urlOfUploadedImageVhd = (‘https://$storageaccount.blob.core.windows.net/’ + $containername + ‘/’ + $vhdName)
Add-AzVhd -ResourceGroupName $resourceGroup -Destination $urlOfUploadedImageVhd -LocalFilePath $localPath

This will try and convert the VHDX file to VHD

To be compatible with Azure, Add-AzVhd will automatically try to convert VHDX files to VHD, and resize VHD files to N * Mib using Hyper-V Platform, a Windows naitive virtualization product.
For more information visit https://aka.ms/usingAdd-AzVhd

MD5 hash is being calculated for the file \\XXXX\f$\TEMP\XXXX.VHD.
MD5 hash calculation is completed.
Elapsed time for the operation: 00:16:32
Creating new page blob of size 68719477248…
Detecting the empty data blocks in the local file.
Detecting the empty data blocks completed.
Elapsed time for upload: 00:32:37

LocalFilePath DestinationUri
————- ————–
\\vbr01\f$\TEMP\XXXX.VHD https://$storageaccount.blob.core.windows.net/$containername/XXXX.VHD

You will have the new Blob URL for the VHD, now you need to make a managed disk from it – https://aidanfinn.com/?p=20441

Once you have a managed disk you can then create a VM from that Managed Disk

GD Star Rating
loading...
GD Star Rating
loading...

1)Setup User in Access Control ( Local or AD ) 

2) Make sure Auth with Cert is ticked

Setup Virtual Folder and set to home

 

Get end user to create a new Public and Private Keypair 

 

https://www.ssh.com/academy/ssh/putty/windows/puttygen ( RSA ) 

 

Get end user to share Public Key with you ( they keep private key ) 

Copy  their Public Key 

Sits in C:\Program Files\VanDyke Software\VShell\PublicKey\%username% called Identity.pub

Top line should be 

—- BEGIN SSH2 PUBLIC KEY —-

User should then auth to server with .ppk file using SFTP client like Filezilla

GD Star Rating
loading...
GD Star Rating
loading...

Recently I was trying to set access to a SSH server over the internet for a third party. 

The third party could see the SSH headers in telnet , however opening putty did not bring up the login screen

Sounds a lot like IPS not allowing SSH through , however I had to prove it!

Finding an open ssh server they could use was tough but I found example.dreamhosters.com

GD Star Rating
loading...
GD Star Rating
loading...
  1. HPE Insight Management Agent needs upgrading , latest here : Software Details – HPE Insight Management Agents for Microsoft Windows Server x64 Editions | HPE Support ,does not support 2019 so you have to extract and install MSI manually
  2. Breaks AD Connect
  3. Breaks NPS Azure Radius  ( needs to run repair on installer ) 
  4. Document the firewall status before upgrade ( whats enabled on what profile ) 
GD Star Rating
loading...
GD Star Rating
loading...

Recently had a plugin that installed by default to the users profile location , this is how to manually change it to a directory so it can be used by all users on a computer like a terminal server.

 

1. Run the installer as Administrator
2. Accept all the default prompts EXCEPT for install location.
3. Update the highlighted portion to “C:\Program Files\”

 

Add CalibreFT add-in for user on RDS Server
1. Launch Excel
2. File > Options > Add-Ins
3. Change the drop-down to COM Add-Ins > GO
4. Click Add…
5. Navigate to “C:\Program Files\CalibreFT\CalibreFT CRMS Office Add-in 2021.9.1”
6. Select using the following rules:

a. If Office is x64 = “adxloader64.CalibreFT.CRMS_OfficeAddin.dll”
b. If Office is x32 = “adxloader.CalibreFT.CRMS_OfficeAddin.dll”

7. Add-In list should now look like:

8. Click OK
9. Go back to File > Options > Add-Ins
10. Make sure drop down is set to Excel Add-ins and click GO
11. Click Browse…
12. Navigate to “C:\Program Files\CalibreFT\CalibreFT CRMS Office Add-in 2021.9.1”
13. Change the filter to “All Files”

14. Select using the following rules (will be same as Step 6)

a. If Office is x64 = “adxloader64.CalibreFT.CRMS_OfficeAddin.dll”
b. If Office is x32 = “adxloader.CalibreFT.CRMS_OfficeAddin.dll”

15. Should now see entry per below:

16. Restart Excel
17. CalbreFT should be in the ribbon

 

 

GD Star Rating
loading...
GD Star Rating
loading...
  1. Acgivate the Subnets in Azure if you use split tunneling in your VPN portal settings ( to make sure there’s a local route ) 
  2. Enable the IPv4 policies SSL.Root -> Azure IP Sec VPN ( NO Nat ) 
  3. Enable the SSL.root subnet in Azure per below ( 10.212.134.0/24 ) 

 

GD Star Rating
loading...
GD Star Rating
loading...

Recently I migrated from Safeword to Azure Radius NPS Extension for Citrix Netscaler

Web Authentication worked fine , however whenever you tried to activate the .cr file for Receiver the below error showed

Error: "Cannot retrieve discovery document" when the Provisioning File is  Run

Needed to change the Storefront and Netscaler Gateway this from Domain and Security Token to just Domain

GD Star Rating
loading...
GD Star Rating
loading...

 

Get-ADSyncConnector
Get-ADSyncConnector : Retrieving the COM class factory for remote component with CLSID
{835BEE60-8731-4159-8BFF-941301D76D05} from machine XXXXX failed due to the following error: 80040154 XXXXX
At line:1 char:1
+ Get-ADSyncConnector
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ReadError: (Microsoft.Ident…ConnectorCmdlet:GetADSyncConnectorCmdlet) [Get-ADSyncConne
ctor], SynchronizationConfigurationValidationException
+ FullyQualifiedErrorId : Retrieving the COM class factory for remote component with CLSID {835BEE60-8731-4159-8BF
F-941301D76D05} from machine IDP-ADDC02 failed due to the following error: 80040154 IDP-ADDC02.,Microsoft.Identity
Management.PowerShell.Cmdlet.GetADSyncConnectorCmdlet

The registry keys for ADSync get removed during the upgrade , you need to restore these and restart the server ( Save below file a a .reg file ) 

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{835BEE60-8731-4159-8BFF-941301D76D05}]
"AppID"="{835BEE60-8731-4159-8BFF-941301D76D05}"
@="Microsoft Azure AD Sync"

[HKEY_CLASSES_ROOT\CLSID\{835BEE60-8731-4159-8BFF-941301D76D05}\InprocHandler32]
@="ole32.dll"

[HKEY_CLASSES_ROOT\CLSID\{835BEE60-8731-4159-8BFF-941301D76D05}\ProgID]
@="Microsoft.Metadirectory.Server.1"

[HKEY_CLASSES_ROOT\CLSID\{835BEE60-8731-4159-8BFF-941301D76D05}\VersionIndependentProgID]
@="Microsoft.Metadirectory.Server"

[HKEY_CLASSES_ROOT\AppID\{835BEE60-8731-4159-8BFF-941301D76D05}]
"LocalService"="ADSync"
@="Microsoft Azure AD Sync"
"LaunchPermission"=hex:01,00,04,80,e8,00,00,00,04,01,00,00,00,00,00,00,14,00,\
  00,00,02,00,d4,00,06,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,24,00,0b,00,00,00,01,05,00,00,00,00,00,05,\
  15,00,00,00,37,2f,2d,49,15,53,3f,2a,03,63,45,00,a8,44,00,00,00,00,24,00,0b,\
  00,00,00,01,05,00,00,00,00,00,05,15,00,00,00,37,2f,2d,49,15,53,3f,2a,03,63,\
  45,00,a9,44,00,00,00,00,24,00,0b,00,00,00,01,05,00,00,00,00,00,05,15,00,00,\
  00,37,2f,2d,49,15,53,3f,2a,03,63,45,00,aa,44,00,00,00,00,24,00,1f,00,00,00,\
  01,05,00,00,00,00,00,05,15,00,00,00,37,2f,2d,49,15,53,3f,2a,03,63,45,00,f8,\
  48,00,00,00,00,24,00,0b,00,00,00,01,05,00,00,00,00,00,05,15,00,00,00,37,2f,\
  2d,49,15,53,3f,2a,03,63,45,00,ab,44,00,00,01,05,00,00,00,00,00,05,15,00,00,\
  00,37,2f,2d,49,15,53,3f,2a,03,63,45,00,f4,01,00,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,20,02,00,00
"AccessPermission"=hex:01,00,04,80,fc,00,00,00,18,01,00,00,00,00,00,00,14,00,\
  00,00,02,00,e8,00,07,00,00,00,00,00,18,00,07,00,00,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,24,00,03,00,00,00,01,05,00,00,00,00,00,05,\
  15,00,00,00,37,2f,2d,49,15,53,3f,2a,03,63,45,00,a8,44,00,00,00,00,24,00,03,\
  00,00,00,01,05,00,00,00,00,00,05,15,00,00,00,37,2f,2d,49,15,53,3f,2a,03,63,\
  45,00,a9,44,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
  00,00,00,24,00,07,00,00,00,01,05,00,00,00,00,00,05,15,00,00,00,37,2f,2d,49,\
  15,53,3f,2a,03,63,45,00,f8,48,00,00,00,00,24,00,03,00,00,00,01,05,00,00,00,\
  00,00,05,15,00,00,00,37,2f,2d,49,15,53,3f,2a,03,63,45,00,aa,44,00,00,00,00,\
  24,00,03,00,00,00,01,05,00,00,00,00,00,05,15,00,00,00,37,2f,2d,49,15,53,3f,\
  2a,03,63,45,00,ab,44,00,00,01,05,00,00,00,00,00,05,15,00,00,00,37,2f,2d,49,\
  15,53,3f,2a,03,63,45,00,f4,01,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
  02,00,00
"AuthenticationLevel"=dword:00000006
GD Star Rating
loading...
GD Star Rating
loading...

An app trying to send emails out to an SMTP server on TLS was receiving the following java error

 

javax.mail.MessagingException: Could not convert socket to TLS; nested exception is: java.net.SocketException: Connection reset

 

Issue was due to a fortigate Firewall block , make sure its whitelisted and the policy is the correct order ( Above the main outbound rule ) 

GD Star Rating
loading...
GD Star Rating
loading...