Upgrade to Azure Standard Load Balancer

Azure Outbound Network Options

On September 30, 2025, the Azure Basic Load Balancer will be retired. For more information, see the official announcement. If you are currently using Basic Load Balancer, make sure to upgrade to Standard Load Balancer prior to the retirement date.

You can use the guidance to upgrade, please ensure that all of the steps are followed when you test and then implement the change.  This is due to the fact… Read the rest “Upgrade to Azure Standard Load Balancer”


How To Generate File Hash Using Certutil

Create File Hash using Certutil

Windows has the ability to easily generate a hash for a given file using the Certutil.exe utility.  Administrators may have previously used to this tool when they need to generate TLS certificates or to perform other tasks against AD Certificate Services.  As an example of the former, this was a common task for AD FS certificates as described in this post.

To generate the file hash we will use the … Read the rest “How To Generate File Hash Using Certutil”


Using PowerCfg To Set Server Power Plan From Command Line

Set Power Plan Via Command Line

Being able to automate and set Power Plan options via the command is useful for both automation and tasks on Server Core.  We can use powercfg.exe to control power plans - also called power schemes - to use the available sleep states, to control the power states of individual devices, and to analyze the system for common energy-efficiency and battery-life problems.

Below are multiple examples of the … Read the rest “Using PowerCfg To Set Server Power Plan From Command Line”


Quick Tip – Easily Allow JIT to Azure VMs In A Resource Group

Azure Portal Connect to VM

Controlling connections to Azure VMs using the just in time (JIT) policy of Microsoft Defender for Cloud (MDC) certainly improves the overall security of the Azure resource.  However, then having to enable JIT on a given VM runs into issues pretty quickly.

Azure Portal Too Permissive

Who thought it was a great idea to have “All configured IPs” as the default option? No thanks – I do not want to enab… Read the rest “Quick Tip – Easily Allow JIT to Azure VMs In A Resource Group”


Quick Tip – Easily Start All Azure VMs In A Particular Resource Group

Quick Tip Easily Start Azure VMs Using Azure Cloud Shell

Manually starting up lab VMs is painfully slow, and since many organisations will implement management policy to auutomatically shut them down to save costs you may find yourself powering them on a lot...

While you can set up automated tasks to power them on, not all really need to be running every day.  For example, I always want the DC's running so they are able to maintain replication and there … Read the rest “Quick Tip – Easily Start All Azure VMs In A Particular Resource Group”


Kerberos Issues November 2022

Kerberos Issues November 2022

The November 8, 2022 and later Windows updates address a  security bypass and elevation of privilege vulnerability with Authentication Negotiation by using weak RC4-HMAC negotiation.

This update will set AES as the default encryption type for session keys on accounts that are not marked with a default encryption type already.

To help secure your environment, install the Windows update that is dated … Read the rest “Kerberos Issues November 2022”


Check If AD FS WSTrust Endpoint Enabled

Check WSTrust Endpoint Configuration

Active Directory Federation Services (AD FS) uses endpoints to provide access to features.  There are a series of different endpoints which each serve a different purpose from password reset, publishing federation metadata or multiple web services protocols.  It is important to ensure that only the required features are actually enabled, and also if those features are to be made available internal… Read the rest “Check If AD FS WSTrust Endpoint Enabled”


WordPress Linux Web App Poor Performance

Azure Create WordPress App Service

Having to host, upgrade and manage WordPress is not really my main job.  The various posts over the years will provide a small clue that other things take up most of my time and are my day job.  Life was certainly easier when TechNet was still around as a dedicated team ran the MSDN and TechNet blog platforms and provided all of the infrastructure support.  All I had to do was write the posts.

Alas… Read the rest “WordPress Linux Web App Poor Performance”


How to Use NsLookup To Check DKIM Record

Check DMARC DNS Record Using NSLookUP

There are a multitude of online tools that help diagnose issues with various mail services, but understanding what these tools actually check is valuable.  One example is around manually checking published DomainKeys Identified Mail (DKIM) records.  DKIM is described in RFC 4871.  As an interesting piece of history DKIM went through a previous iteration "Domain-Based Email Authentication Using Pub… Read the rest “How to Use NsLookup To Check DKIM Record”


Move FSMO Roles Using PowerShell

PowerShell FSMO Role

Rather than kicking it old school and using the classic tools such as AD Users & Computers (dsa.msc) to move FSMO roles, PowerShell makes it nice and easy to get this done rapidly.

In this example we are moving the roles gracefully, but there is also the -Force option.


State Of The Nation

To start with, let's confirm where the FSMO roles currently reside:

Using PowerShell To Check FSMO Role Holders

Note that server DC-1.wingtiptoys.ca… Read the rest “Move FSMO Roles Using PowerShell”