Category Archives: KnowledgeBase Articles

KnowledgeBase: When you activate the Microsoft Authenticator App on Android 5.x you receive “Your device does not trust the activation URL”

The mobile world is still a fragmented world, where various versions of Apple’s iOS and Google’s Android compete for usage share. With people still getting accustomed to today’s throw-away society and handset manufacturers and vendors tailoring to their needs, there’s people using three years old Operating Systems on mobile phones they just purchased.   The […]

0  

KnowledgeBase: When you activate the Microsoft Authenticator App you receive “The remote server returned an error: NotFound”

I’ve written about the Multi-Factor Authentication server quite extensively. I’ve been pretty content with text messages for authentication, but since DRAFT NIST Special Publication 800-63B, Out-of-Band (OOB) using the PSTN (SMS or voice) is deprecated (ref 5.1.3.2) I’ve been taking a closer look at the Microsoft Authenticator app.   The situation Microsoft’s on-premises Multi-Factor Authentication […]

0  

KnowledgeBase: Logging in to the Intune Company Portal App results in an error “Could not sign in” on Android phones with Chrome 56, and up

This morning I read a blogpost by John Arnold on the Intune Support TechNet Blog on a strange Intune-related error on Android Phones when accessing the Company Portal app. As it turned out, this is an Active Directory Federation Services (AD FS)-related certificate issue, so I thought I’d share it here as well.   The […]

0  

Security Thoughts: Security Update for DNS Server to Address Remote Code Execution (MS15-127, KB3100465, CVE-2015-6125, Critical)

Today, during this December Patch Tuesday, Microsoft released a security update for Windows Server DNS among other security-related updates. While I’d normally only draw your attention to Active Directory security updates, I’ve chosen to blog on this update, because the vast majority of Active Directory Domain Controllers I come across function as DNS Servers serving […]

0  

KnowledgeBase: Azure AD Connect hangs on the splash screen when installed on Windows Server 2008

After you jump through the hoops to install Azure AD Connect on Windows Server 2008, you might encounter some strange behavior when you first start Azure AD Connect. I know I did, and I worked with the product team to come to a solution. Of course, I’m sharing this solution here, before Microsoft fixes the […]

0  

Security Thoughts: Security Update for Kerberos to Address Security Feature Bypass (KB3105256, MS15-122, CVE-2015-6095, Important)

During BlackHat Europe 2015 in Amsterdam, last week, Ian Haken, a security researcher at Synopsis, presented a session titled Bypassing Local Windows Authentication to Defeat Full Disk Encryption. The accompanying Research paper (PDF) detailed an ‘evil maid’ attack vector specifically targeting BitLocker Drive Encryption. The most interesting part of the session was the way Ian […]

0  

Knowledgebase: You receive Event-ID 1539 and ‘This device does not allow its write-caching setting to be changed’ warnings on virtualized Generation 2 Domain Controllers

When I was in training as an Active Directory admin, I was taught that the disk(s) where the Active Directory database and Active Directory transaction logs reside are automatically configured with write-back caching disabled. Today, roughly 15 years later, I found out that although my teacher was right, things have changed and might be counter-intuitive […]

0  

KnowledgeBase: Users in Azure Multi-Factor Authentication Server 6.3.x and up can not select One-Way OTP or PIN options in the User Portal

Microsoft’s on-premises Azure Multi-Factor Authentication Server is a rapidly evolving product for all your multi-factor authentication needs. In recent versions, Microsoft has added numerous features in the product that was originally developed by the acquired PhoneFactor company. One such feature is the one-way SMS authentication method, as an alternative to the two-way SMS method. Microsoft […]

0  

KnowledgeBase: Install-ADCSCertificationAuthority fails without a network adapter present

An issue has been identified in situations where you would configure a Windows Server installation as an Offline Root Certification Authority (CA). The Install-ADCSCertificationAuthority Windows PowerShell Cmdlet would error out, while you could achieve the scenario without problems using the Graphical User Interface (GUI).    The situation In multi-tier Public Key Infrastructure (PKI) implementations, you […]

0  

Knowledgebase: You receive a "Web Service Requests must be protected by authentication" error when activating a Multi-Factor Auth app

I have identified an issue with Azure Multi-Factor Authentication (MFA) in a hybrid deployment. When you access the User Portal to activate the mobile app, you receive an error. All other Multi-Factor Authentication (MFA) functionality works.   The situation After you’ve deployed a Multi-Factor Authentication Server installation as part of your Azure MFA hybrid implementation, […]

0