MFA Server

Login to your MFA server and change the below to Succeed Authentication from Failed

In Azure Cloud

Login to Office 365 Portal

Choose Azure Active Directory

Choose MFA

Add One Time Bypass

• No Comments

Azure Single Sign-On 

Identifier (Entity ID): https://imanage.domain.com

Reply URL (Assertion Consumer Service URL): https://imanage.domain.com/api/v1/session/saml-login 

Download Certificate file (.cer) and store on iManage server e.g. C:\SSL\

HIVE: HKLM\SOFTWARE\Interwoven\WorkSite\imDmsSvc 

SAML Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name 

SAML Endpoint: https://myapps.microsoft.com/signin/iManage%20SAML/xxxxxxx-xxxxxx-xxxx

SAML Key File: C:\SSL\iManageSAML.cer 

SAML Logout Endpoint: https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0 

SAML Web RP: https://imanage.domain.com

• No Comments

NPS Server 

Gateway

• No Comments

Find the current cert location

sudo vi /etc/nginx/nginx.conf

Look for lines

ssl_certificate /etc/pki/nginx/cert.pem;

Go to Digicert and download .pem with All certs

Use WINSCP to copy this to /etc/pki/nginx/and change the config to look at the new PEM file : 

sudo vi /etc/nginx/nginx.conf

Restart Nginx

sudo service nginx restart

• No Comments

If you are looking to Migrate a classic VM in Azure to ARM , you will need to change your Endpoint port forwards via a Load Balancer

Go to the Azure portal: http://portal.azure.com

Click “NEW” -> write “Load Balancer” in search field -> Click “Load Balancer”

After you have clicked the “Load Balancer”, click the “Create” button.

Then fill out the configuration blade as shown below:

Azure will take a few minutes to create the Load Balancer.

Once created, your resource group will look like this:

Step 2: Configure Load Balancer Backend Pool

In order to connect our newly created load balancer to our virtual machines, we need to create a so-called “Backend Pool”.

To do so click on your load balancer to open its configuration blade.

Click on the item called “Backend Pool” in the menu to the left:

Then click the “Add” button:

Fill out the “Add backend pool” configuration blade as shown below:

Now click on “+ Add a target network IP configuration”:

…and select the IP configuration for your virtual machine:

Finally, click the “OK” button to save the Backend Pool.

Now repeat this step;  but this time choose VM1 instead of VM0.

All in all, this will give us two backend pools pointing to VM0 and VM1 respectively:

It will take Azure 1-2 minutes to create the Backend Pools

Step 3: Configure NAT rules

Now our load balancer is connected to our virtual machine and we now need to configure rules for redirecting network traffic.

Start by clicking “Inbound NAT Rules” in the menu to the left:

Then click the “Add” button:

Fill out the “Add inbound NAT rule” configuration blade as shown below:

Now repeat this step, but this time choose VM1 instead of VM0 .

We will now end up with two Inbound NAT Rules: one with port 8088 associated to VM0 and one with port 8089 associates to VM1 :

• No Comments

Error

that determining the Current Master Multi-Factor Authentication Server. the user interface will close

Things to check 

1. Make sure the server can access via IE

• https://pfd.phonefactor.net
• https://pfd2.phonefactor.net
• https://css.phonefactor.net

2. Make sure you have a valid Subscription in Azure

If you have been using a Trial this might of expired , you need to be at least on a pay as you go subscription. You need to manually change this

3. Make sure you have a Multi-Factor Auth Provider in your Azure Login

Login to https://manage.windowsazure.com/

New Portal 

https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/Providers/fromProviders//hasMFALicense/

Just follow the steps

1. Jump into C:\Program Files\Multi-Factor Authentication Server\Data
2. Unhide the all folders and files
3. Rename the LicenseKey to Licensekey.old
4. Re Open Program
5. skip the wizard and configure components manually so I choose to check the box and choose next.

Go back to the Azure Portal and select manage multifactor provider:

Then under download settings you have the option to generate an activation code:

Enter the activation details in the MFA server tool and click activate:

After activation I choosed to use the default group, you can create your own groups if you want:

You can check the status via https://pfweb.phonefactor.net/framefactory

• No Comments

Setup MFA Server to proxy radius connections between Gateway and Radius server ( Network Policy Server ) 

Add the gateway as a Radis Client for the MFA Server

Setup Radius Target):

Connect Remote Desktop Gateway to MFA server

Fix the timeout settings for the request 

Under Remote Radius Server open the TS Gateway Server Group. Then choose edit.

Change seconds without response before request is considered dropped to 60 seconds.

On the NPS server add MFA server as radius client. So I open the NPS Console on the ADC and add new radius client :

Here I have created the MFA Radius client on the ADC:

 Connection Request Policies Add MFA server as condition 

• No Comments

Easy way to quote client Azure Backup and Recovery using their existing Veeam infrastucture

Veeam to Azure Backup Quote Calculator

• No Comments