KnowledgeBase: Azure AD Connect hangs on the splash screen when installed on Windows Server 2008

After you jump through the hoops to install Azure AD Connect on Windows Server 2008, you might encounter some strange behavior when you first start Azure AD Connect. I know I did, and I worked with the product team to come to a solution. Of course, I’m sharing this solution here, before Microsoft fixes the … Continue reading "KnowledgeBase: Azure AD Connect hangs on the splash screen when installed on Windows Server 2008"

Security Thoughts: Security Update for Kerberos to Address Security Feature Bypass (KB3105256, MS15-122, CVE-2015-6095, Important)

During BlackHat Europe 2015 in Amsterdam, last week, Ian Haken, a security researcher at Synopsis, presented a session titled Bypassing Local Windows Authentication to Defeat Full Disk Encryption. The accompanying Research paper (PDF) detailed an ‘evil maid’ attack vector specifically targeting BitLocker Drive Encryption. The most interesting part of the session was the way Ian … Continue reading "Security Thoughts: Security Update for Kerberos to Address Security Feature Bypass (KB3105256, MS15-122, CVE-2015-6095, Important)"

Knowledgebase: You receive Event-ID 1539 and ‘This device does not allow its write-caching setting to be changed’ warnings on virtualized Generation 2 Domain Controllers

When I was in training as an Active Directory admin, I was taught that the disk(s) where the Active Directory database and Active Directory transaction logs reside are automatically configured with write-back caching disabled. Today, roughly 15 years later, I found out that although my teacher was right, things have changed and might be counter-intuitive … Continue reading "Knowledgebase: You receive Event-ID 1539 and ‘This device does not allow its write-caching setting to be changed’ warnings on virtualized Generation 2 Domain Controllers"

KnowledgeBase: Users in Azure Multi-Factor Authentication Server 6.3.x and up can not select One-Way OTP or PIN options in the User Portal

Microsoft’s on-premises Azure Multi-Factor Authentication Server is a rapidly evolving product for all your multi-factor authentication needs. In recent versions, Microsoft has added numerous features in the product that was originally developed by the acquired PhoneFactor company. One such feature is the one-way SMS authentication method, as an alternative to the two-way SMS method. Microsoft … Continue reading "KnowledgeBase: Users in Azure Multi-Factor Authentication Server 6.3.x and up can not select One-Way OTP or PIN options in the User Portal"

KnowledgeBase: Install-ADCSCertificationAuthority fails without a network adapter present

An issue has been identified in situations where you would configure a Windows Server installation as an Offline Root Certification Authority (CA). The Install-ADCSCertificationAuthority Windows PowerShell Cmdlet would error out, while you could achieve the scenario without problems using the Graphical User Interface (GUI).    The situation In multi-tier Public Key Infrastructure (PKI) implementations, you … Continue reading "KnowledgeBase: Install-ADCSCertificationAuthority fails without a network adapter present"

Knowledgebase: You receive a "Web Service Requests must be protected by authentication" error when activating a Multi-Factor Auth app

I have identified an issue with Azure Multi-Factor Authentication (MFA) in a hybrid deployment. When you access the User Portal to activate the mobile app, you receive an error. All other Multi-Factor Authentication (MFA) functionality works.   The situation After you’ve deployed a Multi-Factor Authentication Server installation as part of your Azure MFA hybrid implementation, … Continue reading "Knowledgebase: You receive a "Web Service Requests must be protected by authentication" error when activating a Multi-Factor Auth app"

KnowledgeBase: Azure MFA Portal shows error “Error communicating with the local Multi-Factor Authentication service. Please contact your administrator.”

When you’re setting up Microsoft Azure Multi-factor Authentication (Azure MFA) in a setup involving the on-premises MFA Server, and want to use the User portal for registration, you might encounter an error that makes the portal unusable. Luckily, there’s a solution.   The situation On an on-premises Windows Server installation with the Azure Multi-factor Authentication … Continue reading "KnowledgeBase: Azure MFA Portal shows error “Error communicating with the local Multi-Factor Authentication service. Please contact your administrator.”"

KnowledgeBase: The user name and password box might not appear on the sign-in screen in Windows 10 Technical Preview

Yesterday, Microsoft issued a new Knowledgebase article for the brave people, like you ant me, that run Windows 10 Technical Preview, build 10041. It fixes a bug where the user name and password box might not appear on the sign-in screen.   The situation You run the 32bit (x86) version of Windows 10 Technical Preview … Continue reading "KnowledgeBase: The user name and password box might not appear on the sign-in screen in Windows 10 Technical Preview"

Security Thoughts: Vulnerability in NETLOGON cloud allow spoofing (MS15-027, CVE-2015-0005)

While this has proven to be n interesting month with the Factoring RSA Export Keys (FREAK) technique affecting a plethora of Operating Systems, Microsoft has also issued an update to address a privately reported vulnerability in NETLOGON.   About the vulnerability A spoofing vulnerability exists in NETLOGON that is caused when the NETLOGON service improperly … Continue reading "Security Thoughts: Vulnerability in NETLOGON cloud allow spoofing (MS15-027, CVE-2015-0005)"

Security Thoughts: Vulnerability in SChannel allows security bypassing (Important, FREAK, MS15-031, CVE-2015-1637)

In recent days, a new attack vector, called the FREAK technique, that facilitates SSL/TLS Man-in-the-Middle (MitM) attacks was in the news. Microsoft has confirmed that its implementations of SChannel in Windows and Windows Server are also vulnerable to this attack method and has released updates for all its supported Operating Systems.   About FREAK On … Continue reading "Security Thoughts: Vulnerability in SChannel allows security bypassing (Important, FREAK, MS15-031, CVE-2015-1637)"