Category Archives: KnowledgeBase Articles

KnowledgeBase: KB4462917 breaks Domain Controller Promotions for new Active Directory domains in existing forests

Microsoft’s October 9th, 2018 Security update KB4462917, raising Windows Server 2016 to build 14393.2551, feature a security update for the JET Database engine. However, this update seems to cause an issue with Windows Server installations intended to become Active Directory Domain Controllers. One of my team members at SCCT experienced this issue at a customer […]

2  

KnowledgeBase: High CPU Usage for Azure AD Connect Health Sync Monitor with .NET Framework 4.7.2 Installed

Today, there is an issue in a component of Azure AD Connect version 1.1.819.0, Microsoft free Hybrid Identity bridge product, that enables you to synchronize objects and their attributes between your on-premises Active Directory Domain Services (AD DS) environment(s) and Azure Active Directory. The Azure AD Connect Health Sync Monitor Service consumes lots of CPU. […]

14  

KnowledgeBase: You receive error 801c0003 when you try to Azure AD Join a device during the Out-of-the-Box Experience (OOBE)

Sometimes, error codes for Microsoft products and technologies are really straightforward. Especially in situations where you have limited to no troubleshooting options, like the Windows Out-of-the-Box Experience (OOBE), this might prove difficult to solve. Today, let’s look at one of the most common errors you might encounter when you try to Azure AD Join a […]

1  

KnowledgeBase: When you activate the Microsoft Authenticator App on Android 5.x you receive “Your device does not trust the activation URL”

The mobile world is still a fragmented world, where various versions of Apple’s iOS and Google’s Android compete for usage share. With people still getting accustomed to today’s throw-away society and handset manufacturers and vendors tailoring to their needs, there’s people using three years old Operating Systems on mobile phones they just purchased.   The […]

0  

KnowledgeBase: When you activate the Microsoft Authenticator App you receive “The remote server returned an error: NotFound”

I’ve written about the Multi-Factor Authentication server quite extensively. I’ve been pretty content with text messages for authentication, but since DRAFT NIST Special Publication 800-63B, Out-of-Band (OOB) using the PSTN (SMS or voice) is deprecated (ref 5.1.3.2) I’ve been taking a closer look at the Microsoft Authenticator app.   The situation Microsoft’s on-premises Multi-Factor Authentication […]

0  

KnowledgeBase: Logging in to the Intune Company Portal App results in an error “Could not sign in” on Android phones with Chrome 56, and up

This morning I read a blogpost by John Arnold on the Intune Support TechNet Blog on a strange Intune-related error on Android Phones when accessing the Company Portal app. As it turned out, this is an Active Directory Federation Services (AD FS)-related certificate issue, so I thought I’d share it here as well.   The […]

0  

Security Thoughts: Security Update for DNS Server to Address Remote Code Execution (MS15-127, KB3100465, CVE-2015-6125, Critical)

Today, during this December Patch Tuesday, Microsoft released a security update for Windows Server DNS among other security-related updates. While I’d normally only draw your attention to Active Directory security updates, I’ve chosen to blog on this update, because the vast majority of Active Directory Domain Controllers I come across function as DNS Servers serving […]

0  

KnowledgeBase: Azure AD Connect hangs on the splash screen when installed on Windows Server 2008

After you jump through the hoops to install Azure AD Connect on Windows Server 2008, you might encounter some strange behavior when you first start Azure AD Connect. I know I did, and I worked with the product team to come to a solution. Of course, I’m sharing this solution here, before Microsoft fixes the […]

0  

Security Thoughts: Security Update for Kerberos to Address Security Feature Bypass (KB3105256, MS15-122, CVE-2015-6095, Important)

During BlackHat Europe 2015 in Amsterdam, last week, Ian Haken, a security researcher at Synopsis, presented a session titled Bypassing Local Windows Authentication to Defeat Full Disk Encryption. The accompanying Research paper (PDF) detailed an ‘evil maid’ attack vector specifically targeting BitLocker Drive Encryption. The most interesting part of the session was the way Ian […]

0  

Knowledgebase: You receive Event-ID 1539 and ‘This device does not allow its write-caching setting to be changed’ warnings on virtualized Generation 2 Domain Controllers

When I was in training as an Active Directory admin, I was taught that the disk(s) where the Active Directory database and Active Directory transaction logs reside are automatically configured with write-back caching disabled. Today, roughly 15 years later, I found out that although my teacher was right, things have changed and might be counter-intuitive […]

0