Sometimes, error codes for Microsoft products and technologies are really straightforward. Especially in situations where you have limited to no troubleshooting options, like the Windows Out-of-the-Box Experience (OOBE), this might prove difficult to solve. Today, let’s look at one of the most common errors you might encounter when you try to Azure AD Join a … Continue reading "KnowledgeBase: You receive error 801c0003 when you try to Azure AD Join a device during the Out-of-the-Box Experience (OOBE)"
The mobile world is still a fragmented world, where various versions of Apple’s iOS and Google’s Android compete for usage share. With people still getting accustomed to today’s throw-away society and handset manufacturers and vendors tailoring to their needs, there’s people using three years old Operating Systems on mobile phones they just purchased. The … Continue reading "KnowledgeBase: When you activate the Microsoft Authenticator App on Android 5.x you receive “Your device does not trust the activation URL”"
I’ve written about the Multi-Factor Authentication server quite extensively. I’ve been pretty content with text messages for authentication, but since DRAFT NIST Special Publication 800-63B, Out-of-Band (OOB) using the PSTN (SMS or voice) is deprecated (ref 18.104.22.168) I’ve been taking a closer look at the Microsoft Authenticator app. The situation Microsoft’s on-premises Multi-Factor Authentication … Continue reading "KnowledgeBase: When you activate the Microsoft Authenticator App you receive “The remote server returned an error: NotFound”"
This morning I read a blogpost by John Arnold on the Intune Support TechNet Blog on a strange Intune-related error on Android Phones when accessing the Company Portal app. As it turned out, this is an Active Directory Federation Services (AD FS)-related certificate issue, so I thought I’d share it here as well. The … Continue reading "KnowledgeBase: Logging in to the Intune Company Portal App results in an error “Could not sign in” on Android phones with Chrome 56, and up"
Today, during this December Patch Tuesday, Microsoft released a security update for Windows Server DNS among other security-related updates. While I’d normally only draw your attention to Active Directory security updates, I’ve chosen to blog on this update, because the vast majority of Active Directory Domain Controllers I come across function as DNS Servers serving … Continue reading "Security Thoughts: Security Update for DNS Server to Address Remote Code Execution (MS15-127, KB3100465, CVE-2015-6125, Critical)"
After you jump through the hoops to install Azure AD Connect on Windows Server 2008, you might encounter some strange behavior when you first start Azure AD Connect. I know I did, and I worked with the product team to come to a solution. Of course, I’m sharing this solution here, before Microsoft fixes the … Continue reading "KnowledgeBase: Azure AD Connect hangs on the splash screen when installed on Windows Server 2008"
During BlackHat Europe 2015 in Amsterdam, last week, Ian Haken, a security researcher at Synopsis, presented a session titled Bypassing Local Windows Authentication to Defeat Full Disk Encryption. The accompanying Research paper (PDF) detailed an ‘evil maid’ attack vector specifically targeting BitLocker Drive Encryption. The most interesting part of the session was the way Ian … Continue reading "Security Thoughts: Security Update for Kerberos to Address Security Feature Bypass (KB3105256, MS15-122, CVE-2015-6095, Important)"
When I was in training as an Active Directory admin, I was taught that the disk(s) where the Active Directory database and Active Directory transaction logs reside are automatically configured with write-back caching disabled. Today, roughly 15 years later, I found out that although my teacher was right, things have changed and might be counter-intuitive … Continue reading "Knowledgebase: You receive Event-ID 1539 and ‘This device does not allow its write-caching setting to be changed’ warnings on virtualized Generation 2 Domain Controllers"
Microsoft’s on-premises Azure Multi-Factor Authentication Server is a rapidly evolving product for all your multi-factor authentication needs. In recent versions, Microsoft has added numerous features in the product that was originally developed by the acquired PhoneFactor company. One such feature is the one-way SMS authentication method, as an alternative to the two-way SMS method. Microsoft … Continue reading "KnowledgeBase: Users in Azure Multi-Factor Authentication Server 6.3.x and up can not select One-Way OTP or PIN options in the User Portal"
An issue has been identified in situations where you would configure a Windows Server installation as an Offline Root Certification Authority (CA). The Install-ADCSCertificationAuthority Windows PowerShell Cmdlet would error out, while you could achieve the scenario without problems using the Graphical User Interface (GUI). The situation In multi-tier Public Key Infrastructure (PKI) implementations, you … Continue reading "KnowledgeBase: Install-ADCSCertificationAuthority fails without a network adapter present"