On a domain controller copy all the files from c:\windows\policydefinitions to c:\windows\sysvol\sysvol\<domain name>\policies\policydefinitions.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

A Server 2012 R2 started getting VSS Writer Errors randomly in Veeam backup job. The server is running AADconnect which is set to autoupdate

A restart of the VSS SQL Writer which usually fixes this did not resolve the issue.

A look in the event log shows

A VSS writer has rejected an event with error 0x800423f4, The writer experienced a non-transient error. If the backup process is retried,
the error is likely to reoccur.
. Changes that the writer made to the writer components while handling the event will not be available to the requester. Check the event log for related events from the application hosting the VSS writer.

Operation:
PrepareForSnapshot Event

Context:
Execution Context: Writer
Writer Class Id: {a65faa63-5ea8-4ebc-9dbd-a0c4db26912a}
Writer Name: SqlServerWriter
Writer Instance Name: SQL Server Code-Named ‘Denali’ CTP2:SQLWriter
Writer Instance ID: {6c73bfe9-f82f-4854-bec4-4382c314a583}
Command Line: “C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe”
Process ID: 4292

With some

SQLVDI: Loc=SignalAbort. Desc=Client initiates abort. ErrorCode=(0). Process=4292. Thread=3940. Client. Instance=LOCALDB#SHDA41B2. VD=Global\{9C831400-DE4D-4364-BA22-A8299CF545FC}4_SQLVDIMemoryName_0.

Looks like you need to download the SQL Fix from here : https://support.microsoft.com/en-us/help/2983175/cumulative-update-package-2-for-sql-server-2012-sp2

Mirror Here : https://mega.nz/#!3AZ3gK7I!kDPhnAlur4XtslKxGXwmbnLitJiwN9R6rK-z4Rh0N-s

 

**Update , fix does not seem to work

A repair on the SQL database and then run the below script

Looks like this might be an issue with AADcoonect

https://github.com/pariswells/pariswells.com/blob/master/fixaadconnectvsswriter.ps1

 

**Update

 ADSync launches an SQL Server Local DB under it’s own user account
– The User Profile Service thinks ADSync is no longer logged on, and unloads the registry
– SQL Server though still has handles to the registry, but they’re invalid now

Detailed explanation:
https://support.microsoft.com/en-us/help/2287297/a-com-application-may-stop-working-on-windows-server-2008-when-a-user

In short: Computer Configuration->Administrative Templates->System->User Profiles->Do not forcefully unload the user registry at user logoff

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

An email from this sender could not be delivered to your mailbox as it has failed DKIM verification. To comply with government security standards the ATO cannot accept emails that fail DKIM integrity checks because the email cannot be verified as genuine.

Currently there is an issue causing emails from organisations using Office 365 to fail DKIM verification.

Office 365 has implemented its own DKIM features and customers must ensure that outbound DKIM is correctly configured for their domain (DNS) and namespace (Office 356 Administration).

 

Resolution

How to enable DKIM on 365

You will need to enable DKIM outbound DNS Verification on either 365 

selector1._domainkey.domain.com
selector2._domainkey.domain.com

These need to point to 

selector1-domain-com._domainkey.onmicrosoftalias.onmicrosoft.com
selector2-domain-com._domainkey.onmicrosoftalias.onmicrosoft.com

Your onmicrosoftalias is the domain GUID and can be retrieved from the MX record for your domain

You then need to enable

View Powershell :  

New-DkimSigningConfig –DomainName domain.com –Enabled $true

Or through GUI : 

 

If you send out via another provider e.g. a spam filter you will need to check the method on the spam filter of enabling this

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

 Error: Unfreeze error: [Backup job failed.
Cannot create a shadow copy of the volumes containing writer’s data.
A VSS critical writer has failed. Writer name: [SqlServerWriter]. Class ID: [{a65faa63-5ea8-4ebc-9dbd-a0c4db26912a}]. Instance ID: [{60e3e5dd-73fc-46d6-ab6b-6b8723df09e3}]. Writer’s state: [VSS_WS_FAILED_AT_PREPARE_SNAPSHOT]. Error code: [0x800423f4].]

I restarted the SQL Server VSS Writer ( Can be done during production as only used for backups ) and a retry still errored.

In the end I needed to reboot the server

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had a client delay receiving emails

A check of SMTP logs showed

4.7.0 SMTP; 403 4.7.0 TLS handshake failed

To investigate : 

Open Exchange Management Console

Go to Server Configuration and check Exchange Certificates check if there are any expired with SMTP next to them

Renew Self Signed Certificates  :

  1. type Get-ExchangeCertificate to list the installed certificates

  2. Match the certificate to the expired certificate (using subject the name and services) from the Console then copy the associated thumbprint

  3. Type Get-ExchangeCertificate –Thumbprint INSERTTHUMBPRINTHERE | New-ExchangeCertificate

Renew Third Party Cert

  1. Go through the process of Renewal with your Third Party SSL Authority

To disable Receiving email via TLS

Go to Hub Transport under Server Configuration, then Untick Transport Layer Security (TLS) for each Receiver Connector

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

When trying to add your email account to Outlook 2016 you get the follow error

an encrypted connection to your mail server is not available

365 is obviously  encrypted which means there must be something wrong with Autodiscover

  1. Check Autodiscover

Should be a CNAME to autodiscover.outlook.com. ( Put full stop on the end )

2. Make sure you have finished setting up the domain in 365 or it won’t listen for the domain

Test Autodiscover via : https://testconnectivity.microsoft.com/

Try logging in to powershell on your 365 Tenant and disabling OAuth2 (2fa ) 

Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

When adding an Exchange account to a Send and Recieve Group you could get Sync Errors occuring

published calendar 0x80004005

To check which Published Calendar the error was talking about , go into  Account settings and go to the following tab below

You can remove these if you don’t need/want them

Image result for published calendar

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

For some reason I couldn’t delete credentials from Veeam due to them being used on a Shared Folder that did not existing in a backup repository or Tape to Folder. In the end I had to use SQL remove this.

  1. Verify the record to be deleted by running the following query against the configuration database (VeeamBackup by default);

    SELECT * FROM [backup.model.mrulist]
  2. Run the following query, changing <share path> to match the record to be deleted.

    DELETE FROM [backup.model.mrulist] WHERE url = ‘<share path>’
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

If a website a being blocked from being viewed due to Fortinet web filter with the Category 

“newly observed domain” 

This is due to URLs whose domain name is not rated and were observed for the first time in the past 30 minutes. 

You can wait 30 minutes or you can use the Web Ratings Overrides below to change the category from newly observed domain to an accepted Category like Business and Finance

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: +1 (from 3 votes)