MFA Server
Login to your MFA server and change the below to Succeed Authentication from Failed
In Azure Cloud
Login to Office 365 Portal
Choose Azure Active Directory
Choose MFA
Add One Time Bypass
loading...
loading...
MFA Server
Login to your MFA server and change the below to Succeed Authentication from Failed
In Azure Cloud
Login to Office 365 Portal
Choose Azure Active Directory
Choose MFA
Add One Time Bypass
Azure Single Sign-On
Identifier (Entity ID): https://imanage.domain.com
Reply URL (Assertion Consumer Service URL): https://imanage.domain.com/api/v1/session/saml-login
Download Certificate file (.cer) and store on iManage server e.g. C:\SSL\
HIVE: HKLM\SOFTWARE\Interwoven\WorkSite\imDmsSvc
SAML Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
SAML Endpoint: https://myapps.microsoft.com/signin/iManage%20SAML/xxxxxxx-xxxxxx-xxxx
SAML Key File: C:\SSL\iManageSAML.cer
SAML Logout Endpoint: https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0
SAML Web RP: https://imanage.domain.com
Find the current cert location
sudo vi /etc/nginx/nginx.conf
Look for lines
ssl_certificate /etc/pki/nginx/cert.pem;
Go to Digicert and download .pem with All certs
Use WINSCP to copy this to /etc/pki/nginx/and change the config to look at the new PEM file :
sudo vi /etc/nginx/nginx.conf
Restart Nginx
sudo service nginx restart
If you are looking to Migrate a classic VM in Azure to ARM , you will need to change your Endpoint port forwards via a Load Balancer
Go to the Azure portal: http://portal.azure.com
Click “NEW” -> write “Load Balancer” in search field -> Click “Load Balancer”
After you have clicked the “Load Balancer”, click the “Create” button.
Then fill out the configuration blade as shown below:
Azure will take a few minutes to create the Load Balancer.
Once created, your resource group will look like this:
In order to connect our newly created load balancer to our virtual machines, we need to create a so-called “Backend Pool”.
To do so click on your load balancer to open its configuration blade.
Click on the item called “Backend Pool” in the menu to the left:
Fill out the “Add backend pool” configuration blade as shown below:
Now click on “+ Add a target network IP configuration”:
…and select the IP configuration for your virtual machine:
Finally, click the “OK” button to save the Backend Pool.
Now repeat this step; but this time choose VM1 instead of VM0.
All in all, this will give us two backend pools pointing to VM0 and VM1 respectively:
It will take Azure 1-2 minutes to create the Backend Pools
Now our load balancer is connected to our virtual machine and we now need to configure rules for redirecting network traffic.
Start by clicking “Inbound NAT Rules” in the menu to the left:
Fill out the “Add inbound NAT rule” configuration blade as shown below:
Now repeat this step, but this time choose VM1 instead of VM0 .
We will now end up with two Inbound NAT Rules: one with port 8088 associated to VM0 and one with port 8089 associates to VM1 :
Error
that determining the Current Master Multi-Factor Authentication Server. the user interface will close
Things to check
2. Make sure you have a valid Subscription in Azure
If you have been using a Trial this might of expired , you need to be at least on a pay as you go subscription. You need to manually change this
3. Make sure you have a Multi-Factor Auth Provider in your Azure Login
Login to https://manage.windowsazure.com/
New Portal
https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/Providers/fromProviders//hasMFALicense/
Just follow the steps
Go back to the Azure Portal and select manage multifactor provider:
Then under download settings you have the option to generate an activation code:
Enter the activation details in the MFA server tool and click activate:
After activation I choosed to use the default group, you can create your own groups if you want:
You can check the status via https://pfweb.phonefactor.net/framefactory
Setup MFA Server to proxy radius connections between Gateway and Radius server ( Network Policy Server )
Add the gateway as a Radis Client for the MFA Server
Setup Radius Target):
Connect Remote Desktop Gateway to MFA server
Fix the timeout settings for the request
Under Remote Radius Server open the TS Gateway Server Group. Then choose edit.
Change seconds without response before request is considered dropped to 60 seconds.
On the NPS server add MFA server as radius client. So I open the NPS Console on the ADC and add new radius client :
Here I have created the MFA Radius client on the ADC:
Connection Request Policies Add MFA server as condition
Easy way to quote client Azure Backup and Recovery using their existing Veeam infrastucture
Veeam to Azure Backup Quote Calculator