Trying to diagnose an issue of a reason why an NPS server would not let a user in and come back with Access-Reject produces the following Reason in the event log

An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

I recommend uninstalling the NPS Extension for Azure MFA Plugin 

Retrying the access which should give you some better reason in the event log e.g. The RADIUS request did not match any configured connection request policy (CRP).

Once this is fixed you can reinstall the Plugin and re-authenticate it

• No Comments

 If you host your Azure MFA User Portal outside of your MFA Server e.g. in a DMZ , the User portal server has to speak to this MFA server via SSL using the SDK and also via a certificate. Make sure the SSL of you MFA server is valid. It might be self signed internally on that server ( cannot be from the domain as the DMZ server can’t speak to your domain ) so you need to create a new one and transfer it securely to the User portal and install it on the Trusted Root Authority 

System.Security.Authentication

This certificate cannot be verified up to a trusted certification

• No Comments

MFA Server

Login to your MFA server and change the below to Succeed Authentication from Failed

In Azure Cloud

Login to Office 365 Portal

Choose Azure Active Directory

Choose MFA

Add One Time Bypass

• No Comments

Azure Single Sign-On 

Identifier (Entity ID): https://imanage.domain.com

Reply URL (Assertion Consumer Service URL): https://imanage.domain.com/api/v1/session/saml-login 

Download Certificate file (.cer) and store on iManage server e.g. C:\SSL\

HIVE: HKLM\SOFTWARE\Interwoven\WorkSite\imDmsSvc 

SAML Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name 

SAML Endpoint: https://myapps.microsoft.com/signin/iManage%20SAML/xxxxxxx-xxxxxx-xxxx

SAML Key File: C:\SSL\iManageSAML.cer 

SAML Logout Endpoint: https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0 

SAML Web RP: https://imanage.domain.com

• No Comments

Find the current cert location

sudo vi /etc/nginx/nginx.conf

Look for lines

ssl_certificate /etc/pki/nginx/cert.pem;

Go to Digicert and download .pem with All certs

Use WINSCP to copy this to /etc/pki/nginx/and change the config to look at the new PEM file : 

sudo vi /etc/nginx/nginx.conf

Restart Nginx

sudo service nginx restart

• No Comments

If you are looking to Migrate a classic VM in Azure to ARM , you will need to change your Endpoint port forwards via a Load Balancer

Go to the Azure portal: http://portal.azure.com

Click “NEW” -> write “Load Balancer” in search field -> Click “Load Balancer”

After you have clicked the “Load Balancer”, click the “Create” button.

Then fill out the configuration blade as shown below:

Azure will take a few minutes to create the Load Balancer.

Once created, your resource group will look like this:

Step 2: Configure Load Balancer Backend Pool

In order to connect our newly created load balancer to our virtual machines, we need to create a so-called “Backend Pool”.

To do so click on your load balancer to open its configuration blade.

Click on the item called “Backend Pool” in the menu to the left:

Then click the “Add” button:

Fill out the “Add backend pool” configuration blade as shown below:

Now click on “+ Add a target network IP configuration”:

…and select the IP configuration for your virtual machine:

Finally, click the “OK” button to save the Backend Pool.

Now repeat this step;  but this time choose VM1 instead of VM0.

All in all, this will give us two backend pools pointing to VM0 and VM1 respectively:

It will take Azure 1-2 minutes to create the Backend Pools

Step 3: Configure NAT rules

Now our load balancer is connected to our virtual machine and we now need to configure rules for redirecting network traffic.

Start by clicking “Inbound NAT Rules” in the menu to the left:

Then click the “Add” button:

Fill out the “Add inbound NAT rule” configuration blade as shown below:

Now repeat this step, but this time choose VM1 instead of VM0 .

We will now end up with two Inbound NAT Rules: one with port 8088 associated to VM0 and one with port 8089 associates to VM1 :

• No Comments

Error

that determining the Current Master Multi-Factor Authentication Server. the user interface will close

Things to check 

1. Make sure the server can access via IE

• https://pfd.phonefactor.net
• https://pfd2.phonefactor.net
• https://css.phonefactor.net

2. Make sure you have a valid Subscription in Azure

If you have been using a Trial this might of expired , you need to be at least on a pay as you go subscription. You need to manually change this

3. Make sure you have a Multi-Factor Auth Provider in your Azure Login

Login to https://manage.windowsazure.com/

New Portal 

https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/Providers/fromProviders//hasMFALicense/

Just follow the steps

1. Jump into C:\Program Files\Multi-Factor Authentication Server\Data
2. Unhide the all folders and files
3. Rename the LicenseKey to Licensekey.old
4. Re Open Program
5. skip the wizard and configure components manually so I choose to check the box and choose next.

Go back to the Azure Portal and select manage multifactor provider:

Then under download settings you have the option to generate an activation code:

Enter the activation details in the MFA server tool and click activate:

After activation I choosed to use the default group, you can create your own groups if you want:

You can check the status via https://pfweb.phonefactor.net/framefactory

• No Comments

Easy way to quote client Azure Backup and Recovery using their existing Veeam infrastucture

Veeam to Azure Backup Quote Calculator

• No Comments