Passwords are well known to be generally insecure the way users create them. They don’t like “complex” passwords such as p9Y8Li!uk%al and so if they are forced to create a “complex” password due to a policy in say Active Directory, or because their password has expired and they need to generate a new one, they will go for something that is easy to remember and matches the “complexity” rules required by their IT department. This […]
↧
Improving Password Security In the Cloud and On-Premises
↧
SSL Inspection and Office 365
Lots of cloud endpoint URL’s break service flow if you enable SSL Inspection on the network devices between your client and the service. My most recent example of this Enterprise State Routing in Windows 10. Microsoft have a list of URLs for the endpoints to their service, where they are categorised as Default, Allow or Optimize. The URLs that are Allow or Optimize should avoid SSL inspection. The endpoint list is found at https://support.office.com/en-us/article/managing-office-365-endpoints-99cab9d4-ef59-4207-9f2b-3728eb46bf9a#webservice and […]
↧
↧
Configuring Multi Factor Authentication For Office 365
Given that Office 365 is a user service, the enabling of multi-factor authentication is very much as admin driven action – that is the administrators decide that the users should have it, or that it is is configured via Conditional Access when limiting the login for the user to certain applications and locations. For a more security conscious user, enabling it themselves if harder! To do this, follow these steps: Go to My Apps – […]
↧
Public Folder Sync–Duplicate Name Error
I came across this error with a client today and did not find it documented anywhere – so here it is! When running the Public Folder sync script Sync-ModernMailPublicFolders.ps1 which is part of the process of preparing your Exchange Online environment for a public folder migration, you see the following error message: UpdateMailEnabledPublicFolder : Active Directory operation failed on O365SERVERNAME.)365DATACENTER.PROD.OUTLOOK.COM. The object ‘CN=PublicFolderName,OU=tenant.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=)365DATACENTER,DC=PROD,DC=OUTLOOK,DC=COM’ already exists. At C:\ExchangeScripts\pfToO365\Sync-ModernMailPublicFolders.ps1:746 char:9 + UpdateMailEnabledPublicFolder $folderPair.Local $folderPair.Remote; […]
↧
Test Connectivity Website and TLS 1.2
An excellent resource for Microsoft Exchange Server and Exchange Online administrators and consultants is the Remote Test Connectivity website at http://exrca.com or https://testconnectivity.microsoft.com/. Here I am going to document an error that indicated that the Exchange Server (in this case) was not working, but we could see that the phone was connecting fine to the server. The error we say was: “The certificate couldn’t be validated because SSL negotiation wasn’t successful. This could have occurred […]
↧
↧
Public Folder Migrations and the Changing Cmdlets
To complete a public folder migration from Exchange 2013/2016 to Exchange Online you need to run Set-OrganizationConfig -PublicFolderMailboxesLockedForNewConnections $true But if you look at lots of the documentation that is out there with their tips and tricks etc. you will see that lots of them say: Set-OrganizationConfig –PublicFoldersLockedForMigration $true So very near – but its the wrong cmdlet now and it does nothing. It does not lock out the public folders and in the cloud […]
↧
Read Only And Attachment Download Restrictions in Exchange Online
Microsoft have release a tiny update to Exchange Online that has massive implications. I say tiny in that it take like 30 seconds to implement this (ok, may 60 seconds then). When this is enabled, and below I will describe a simple configuration for this, your users when using Outlook Web Access on a computer that is not compliant with a conditional access rule in Azure AD, will result in OWA that is read only […]
↧
Token2 Hardware OAuth Tokens and Azure AD Access
This blog post walks through the process of logging into Azure AD resources (Office 365, other SaaS applications registered in Azure AD and on-premises applications that utilise Azure AD App Proxy). First step is to order your desired hardware. For this article we are looking at the devices manufactured by Token2 (www.token2.com). These include credit card style and dongle type devices. The options are available at https://www.token2.com/site/page/product-comparison For the purposes of this blog post I […]
↧
451 4.7.0 Temporary server error. Please try again later. PRX2
There are a few articles online about this error, but none were correct for the scenario i found a clients network in. Not that I think the specifics matter, but this was Exchange Server 2016, Windows Domain Controllers running 2012 R2 and Exchange Hybrid. All the mailboxes had already moved to the cloud and the Exchange Server is used for attribute management and SMTP relay. Sometimes, randomly it would seem, the applications fail to send […]
↧
↧
Exchange Server Dependency on Visual C++ Failing Detection
Exchange Server for rollup updates and cumulative updates at the time of writing (Feb 2019) has a dependency on Visual C++ 2012. The link in the error message you get points you to the VC++ 2013 Redistributable though, and there is are later versions of this as well. I found that by installing all versions VC++ 2011, 2012 and 2014 I was able to get past the following error – which I had on only […]
↧
CRM Router and Dynamics CRM V9 Online–No Emails Being Processed
This one is an interesting one – and it was only resolved by a call to Microsoft Support, who do not document that this setting is required. The scenario is that you upgrade your CRM Router to v9 (as this is required before you upgrade Dynamics to V9) and you enable TLS 1.2 on the router server as well (also documented as required as part of the upgrade). Dynamics is updated and all your email […]
↧
Convert Office 365 Group to Microsoft Team Totally Failing
This one has been annoying me for a while – I had an Office 365 Group that I created many years ago in Office 365 that I cannot convert to a Microsoft Team. This is what I see in Teams to do this process. First, click “Create a team” Followed by “Create a team from an existing Office 365 group” which is found at the bottom of the creation dialog in the Teams app: I […]
↧
Hardware Tokens for Office 365 and Azure AD Services Without Azure AD P1 Licences
A recent update to Azure AD Premium 1 (P1) licence has been the use of hardware tokens for multi-factor authentication (MFA). This is excellent news if your MFA deployment is stuck because users cannot use phones on the shop floor or work environment or they do not want to use personal devices for work activities. But it requires a P1 licence for each user. Now a P1 licence gives lots of stuff in addition to […]
↧
↧
Decommission ADFS When Moving To Azure AD Based Authentication
I am doing a number of ADFS to Azure AD based authentication projects, where authentication is moved to Password Hash Sync + SSO or Pass Through Auth + SSO. Once that part of the project is complete it is time to decommission the ADFS and WAP servers. This guide is for Windows 2012 R2 installations of ADFS. There are guides for the other versions online. This guide assumes you were using ADFS for one relying […]
↧
bin/ExSMIME.dll Copy Error During Exchange Patching
I have seen a lot of this, and there are some documents online but none that described what I was seeing. I was getting the following on an upgrade of Exchange 2013 CU10 to CU22 (yes, a big difference in versions): The following error was generated when “$error.Clear(); $dllFile = join-path $RoleInstallPath “bin\ExSMIME.dll”; $regsvr = join-path (join-path $env:SystemRoot system32) regsvr32.exe; start-SetupProcess -Name:”$regsvr” -Args:”/s `”$dllFile`”” -Timeout:120000; ” was run: “Microsoft.Exchange.Configuration.Tasks.TaskException: Process execution failed with exit […]
↧
Exchange Move Requests | Large Items | And Setting TCP KeepAliveTime To A Large Value
I have seen this situation a number of times. A large mailbox (or mailbox and archive) wont move to the target because the process of checking what the changes are in the mailbox take too long, the network or Exchange Server times out the users move and then reports the mailbox is locked. The fix for this is counter though to everything else you read online about this. Often you will see to reduce the […]
↧
Too Many Folders To Successfully Migrate To Exchange Online
Exchange Online has a limit of 10,000 folders within a mailbox. If you try and migrate a mailbox with more than this number of folders then it will fail – and that would be expected. But what happens if you have a mailbox with less than this number and it still fails for this reason? This is the problem, with resolution, I outline below. I was moving some mailboxes to Exchange Online when I came […]
↧
↧
Save Time! Have All Your Meetings End Early
I am sure you have been in a meeting, where the meeting end time rolls around and there is a knock at the door from the people who want the meeting room now, as their meeting time has started and yours has finished. What if you could recover five, eight, ten or more minutes per meeting so that the next meeting party can get into the room on time, and you have time to get […]
↧
Read Only And Document Download Restrictions in SharePoint Online
↧
Teams Calendar Fails To On-Premises Mailbox
In Microsoft Teams, you have a calendar icon in the main display that shows your diary and meetings etc. – except it does not work if your mailbox is not either in Exchange Online or, if if your mailbox is on-premises, you are not using Exchange Server 2016 CU3 or later. The reason for this is that the Teams calendar uses AutoDiscover v2, which is only supported by Exchange Server 2016 CU3 and Exchange Online […]
↧