Create a new application in App Registration under Azure AD. Once the application is created copy the Object ID. Open Graph Explorer by using https://developer.microsoft.com/en-us/graph/graph-explorer# url. Click on Sign in with Microsoft on the left and Sign in with Global Admin account who is a member of same directory and not added as external (guest) […]
Read More →Issue Statement: User accounts which are not configured with MFA are compromised. Now you decided to force MFA on all user accounts but there is a risk that the malicious user can perform 1st factor authentication and register for the 2nd factor with some spoofed contact numbers by going to https://aka.ms/mfasetup or https://aka.ms/securityinfo. Resolution: Pre-populate […]
Read More →Issue Statement: Unable to create CrossRef object for Child.Contoso.local in configuration partition of Contoso.local domain. Error: Operation failed. Error code: 0x2071 An attempt was made to add an object to the directory with a name that is already in use. Environment Detials: Forest 1 : Contoso.local Forest 2 : Child.Contoso.local Cause: The nCname attribute value […]
Read More →Issue Statement: Intermittently getting Schannel Error Event 36888: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960. Cause: Cipher suite being used was TLS_DHE_RSA_WITH_AES_256_GCM_SHA384. There are some known issues […]
Read More →Problem Statement: System time on Domain Controllers and Domain Clients is out of sync. Cause: Registry entries for W32time service were not configured properly. Resolution Recommended registry settings for W32Time Service: o On PDC, • HKLM\System\CurrentControlSet\Services\W32time\Config – AnnounceFlag = 5 • HKLM\System\CurrentControlSet\Services\W32time\Config – MaxPollInterval = 10 (2^10 = 1024s) • HKLM\System\CurrentControlSet\Services\W32time\Config – MinPollInterval = 6 […]
Read More →Problem Statement: Need to remove Digital signature form KeyUsage filed of CA certificate. Cause: Want to use the Root CA and Policy CA only for CRL Signing, Offline CRL Signing and Certificate Signing only. Resolution Verified that certificate policy field was added to the certificate with OID. This needs to be matching on all CAs in […]
Read More →Issue Definition: Unable to Delegate Control on User’s SPN attribute as the Read ServicePrincipalName and Write ServicePrincipalName properties are not visible for user accounts while setting up permissions. Cause: These are the filtered properties of user objects and not visible by default. Resolution In order to make these attributes visible, you need to perform following […]
Read More →Issue Definition: Getting following error while trying to edit Windows Firewall with Advanced Security policy settings in the GPO on PDC. Error: The process cannot access the file because it is being used by another process. Status: The rule was parsed successfully from the store. Cause Handles on group policy folder in SYSVOL by multiple […]
Read More →Problem Description: How to migrate NIS Server from Windows Server 2003 to Windows Server 2012 R2? Solution: if there is only one NIS Server in your environment, make sure you follow the procedure mentioned below: Promote another server as NIS Subordinate Server. Convert that into Master NIS Server. Start the migration process on the original […]
Read More →Problem Description: Getting an internal server error 500 while trying to access NDES sites – MSCEP and MSCEP_Admin. Cause: Private keys were not available. Resolution: Problem started after renewing the certificates on NDES Server enrolled using “Exchange Enrollment Agent (Offline request)” and “CEP Encryption” templates. Tried to verify permissions on private keys (Open Certlm.msc […]
Read More →