ADCS – Login Failure: The user has not been granted the logon type at this computer
KB ID 0001242 Problem Post By: Daniel Newton I was configuring a ADCS (Active Directory Certificate Services) on a DC (Domain Controller) for a client today and wanted to setup web-enrolment. I gave the Certificate Service User permissions to the IIS_USRS Group and everything was going well. Then, this error popped up when assigning the service account in setup. Solution This can be easily fixed, just follow these instructions and...
Error – The Computer You Are Signing Into Is Protected By An Authentication Firewall
KB ID 0001241 Problem I put a ‘net use’ command in a logon script for a client today, and the drive refused to appear. So I executed the offending line and saw the following error; System error 1935 has occurred The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate the computer. Solution This error is seen because the user, (or group the user is a...
Changing Domain Users’ ‘User Logon Names’ and UPN’s
KB ID 0001238 Problem Changing a users UPN suffix is easy (as long as it’s been added – see below). There is some confusion about the User Login Name though. A few weeks ago I had a client that needed this done, (for an office 365 migration). But they had the added problem that some of their User Logon Names had spaces in them, they were in first-name{space}last-name format. What would happen if I changed their user...
Group Policy To Throttle Network Speed via QoS
KB ID 0001217 Problem Why would you want to do this? Well what if you want to test slow link group policy processing, or you are testing BranchCache? Using Group policy you can ‘throttle’ traffic to and from a particular IP address. Below I will pick a domain client on 192.168.110.120, and throttle all traffic between that client, and the domain controller to be 100kbps. Solution As I sad above I’m throttling...
PowerShell – Updating Users Email Addresses In Active Directory
KB ID 0001216 Problem Note: I’m referring to the Email address value that is listed on the user object in Active Directory, this will not effect any Exchange Settings! A colleague asked me today if I had any PowerShell to update ALL the users in a clients AD, to match their UPN to their Email addresses. A quick internet search turned up loads of handy scripts to update the UPN to mach the email address, but not the way round he...
Windows – Suppress the ‘First Run’ Welcome to Windows Animation
KB ID 0001186 Problem I don’t like ‘first-run’ dialogs, Internet Explorer is annoying enough, Now Windows and Office insist on playing me a film clip when they start for the first time. I’m a busy guy I have things to do, stop asking me questions and making recommendations! It takes this long to create a user profile? I don’t think so. Solution You can do this by local policy on the machine, but domain...
Deploying Windows ‘Web Application Proxy’
KB ID 0001142 Problem This is part of a larger piece of work Im putting together on publishing Remote Desktop Services with Microsoft Web Application Proxy. This article is simply to guide you though the process of installing the Web Application Proxy role. In a later article I will run though configuring it to work with Active Directory Federation Services, and Remote Desktop Services, to present secure RemoteApps. Solution Before...
Publishing Remote Desktop Services With Web Application Gateway
KB ID 0001143 Problem Getting this article to completion has been a bit of a journey! This is the final post that will stitch together all the others I’ve posted over the last couple of weeks, that will enable you to publish your RemoteApps with ‘Remote Desktop Web Access’, and have that service presented securely from your DMZ. I’ll be using Active Directory Federation Services, (you don’t have to, but...
Remote Desktop Web Access – Connection Error
KB ID 0001141 Problem Eleven days! That’s how long it took to fix this, after seven days, I bit the bullet and logged a call to Microsoft. I spent hours on the phone to the Remote Desktop Team, The Web Application Proxy Team, and the Networking Team. I replicated the error by building a complete new domain, PKI, ADFS, Remote Desktop Deployment and Web Application Proxy Server. Then today I got a call from the...
Active Directory Federation Services – Certificate Error ‘CNG Key’
KB ID 0001129 Problem When installing the Active Directory Federation Services Role, you need to supply a certificate. I was running this up using a self signed wildcard certificate when this happened; The certificate with the specified thumbprint {thumbprint} has a Cryptographic Next Generation (CNG) private key. The certificates with the CNG private key are not supported. Use a certificate based on a key pair generated by a legacy...