OWA 2016 – Change Login From Domain\Username to Username
KB ID 0001254 Problem Out of the box, if you want to log into Outlook Web App, you need to use the Domain\Username format, like so; Seeing as how Microsoft are making a big song and dance about using UPN’s to log into Office 365, I thought they might have changed from the NT4 way of doing things, but hey what do I know? As we all know users are stupid, Domain\Username is up there with string theory and quantum mechanics. So how...
Outlook Web App :-( Something Went Wrong
KB ID 0001252 Problem I tried to get access to OWA on my Exchange 2016 server, and was greeted with this; 🙁 Something Went Wrong We’re having trouble getting to your mailbox right now.Please refresh the page or try again later Solution I’ve pointed it out on the image above, but it’s easy to miss, look at the time stamp on the error, and compare it to the correct time. The two are not the same. This is a known...
Exchange – Event ID 205 and Event ID 16025
KB ID 0001251 Problem At a client this week, they were having a LOT of mail flow problems. Looking at the queue viewer, I could see that all their mail was sat in queues waiting to go into their mails stores. There was a queue for each mail store, and the error on each was “451 4.4.0 DNS query failed Exchange Server error in message queue”. Looking in the Application log it was full of Event ID 205, and 16025 Errors...
Install and Configure Certificate Enrolment Policy Web Service
KB ID 0001250 Problem A client had moved a domain joined server into their DMZ, and while they had opened the correct ports for Domain Authentication on their firewall, no one had considered the certificates on the server which had expired, and could not be renewed. Some research, pointed me towards Certificate Enrolment Web Service. Its job is to let clients enrol and renew certificates, from either non domain joined machines, or...
URI Was Validated Successfully But there Was No Friendly Name Returned
KB ID 0001249 Problem When attempting to connect a host to a Certificate Enrolment Policy Server it worked but had the following complaint; WARNING: The URI “https://{Host-Name}ADPolicyPRovice_CEP_{Method}/service.svc/CEP” was validated sucessfully but there was no friendly name returned by the remote machine. Solution On your certificate enrolment policy server, open the Internet Information Servers (IIS) Management...
Certificate Enrolment – URI This ID conflicts with an Existing ID
KB ID 0001248 Problem When attempting to connect a host to a Certificate Enrolment Policy Server I got this error; The URI Entered above had ID : “{Random-GUID}”. This ID conflict with an existing ID Solution On your certificate enrolment policy server, open the Internet Information Servers (IIS) Management console. Expand {Server-Name} > Sites > Default Web Site > ADPolicyProvider_CEP_Kerberos, (yours may not end...
Upgrade Your Microsoft PKI Environment to SHA2 (SHA256)
KB ID 0001244 Problem This is pretty much PART TWO of two posts addressing the need to migrate away from SHA1 before February 2017. Back in PART ONE we looked at how to upgrade the ROOT CA. It does not matter if it’s an offline or online root CA the process is the same. In many organisations their PKI is multi tiered, they either have a RootCA <> SubCA, or a ROOTCA <> IntermediateCA <> IssuingCA. (which is...
Certificate Services – Migrate from SHA1 to SHA256
SHA1 to SHA256 KB ID 0001243 Problem It’s time to start planning! Microsoft will stop their browsers displaying the ‘lock’ icon for services that are secured with a certificate that uses SHA1. This is going to happen in February 2017 so now’s the time to start thinking about testing your PKI environment, and making sure all your applications support SHA2. Note: This includes code that has been signed using...
ADCS – Login Failure: The user has not been granted the logon type at this computer
KB ID 0001242 Problem Post By: Daniel Newton I was configuring a ADCS (Active Directory Certificate Services) on a DC (Domain Controller) for a client today and wanted to setup web-enrolment. I gave the Certificate Service User permissions to the IIS_USRS Group and everything was going well. Then, this error popped up when assigning the service account in setup. Solution This can be easily fixed, just follow these instructions and...
Error – The Computer You Are Signing Into Is Protected By An Authentication Firewall
KB ID 0001241 Problem I put a ‘net use’ command in a logon script for a client today, and the drive refused to appear. So I executed the offending line and saw the following error; System error 1935 has occurred The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate the computer. Solution This error is seen because the user, (or group the user is a...