Security

Security related items and thoughts

0

Wildcard Certificate ERR_CERT_COMMON_NAME_INVALID

Posted on by Rhoderick Milne [MSFT]

The below is a reproduction of a customer situation where they moved from a SAN certificate to a wildcard cert thinking that it would be “easy”.  The certificate in question was issued from their internal Windows CA and was installed onto Exchange.  No issues were noted until they tried to then bind the certificate to Exchange and users immediately started to get errors in their browser.    In Chr… Read the rest “Wildcard Certificate ERR_CERT_COMMON_NAME_INVALID”

2

IIS SMTP Virtual Server Component No Longer Supported

Posted on by Rhoderick Milne [MSFT]
IIS SMTP Component Not Supported

Please consider this a quick PSA (Public Service Announcement) as it is still common that I run into environments with the IIS SMTP service still running and processing mail.

While the component has had a long and interesting life, it is now unsupported as it is tied to the support lifecycle of Windows Server 2003.

For more details and information please see:

How to: Install and Configure SMTP VirtuaRead the rest “IIS SMTP Virtual Server Component No Longer Supported”

10

Sign-In Error 5000811 — Unable to verify token signature. The signing key Identifier Does Not Match Any Valid Registered Keys

Posted on by Rhoderick Milne [MSFT]

The error message "Sorry, that didn’t work. Please go back to office.com and try again” is probably one of the most vague that I've seen.  It's up there with "please contact your administrator", which is fine unless you are the administrator...

The below is a repro of a case where all users were unable to sign into Office 365.  They would receive the aforementioned "Sorry, that didn't work" message… Read the rest “Sign-In Error 5000811 — Unable to verify token signature. The signing key Identifier Does Not Match Any Valid Registered Keys”

0

Why Is The Exchange Security Update Not Installed?

Posted on by Rhoderick Milne [MSFT]

The issue of "Why is the Exchange Security Update not installed?" has popped up frequently over the last few months due to the number of security releases for on-premises Exchange.

Due to Hafnium, security teams have increased the monitoring of Exchange to make sure that it is fully patched.  In some of these cases, the Exchange and server admins think that they are all good as they run Windows Upd… Read the rest “Why Is The Exchange Security Update Not Installed?”

0

Does Manually Running Azure AD Connect Change Schedule?

Posted on by Rhoderick Milne [MSFT]

Despite the current versions of Azure AD Connect running the main synchronisation task every 30 minutes, there are still times when we want to force the task.  As a result of this, a question was floated if that changed the existing schedule.  If the next scheduled instance is in 10 minutes, and we run a manual task right now does that mean that another task will execute in 10 minutes?

TL;DR

In shor… Read the rest “Does Manually Running Azure AD Connect Change Schedule?”

10

AD FS Web Application Proxy Re-Establish Proxy Trust

Posted on by Rhoderick Milne [MSFT]
WAP Re-Establish Trust

In the Tailspintoys environment the AD FS Proxy was offline for month.  It was unable to contact the AD FS server on the internal network, and this allowed the short lived authentication certificate to expire.  At this point the AD FS Proxy was "dead to me" as far as the AD FS server was concerned.  The internal AD FS server was OK, the issue was just with the proxy.

Bummer....

How do we fix this?  … Read the rest “AD FS Web Application Proxy Re-Establish Proxy Trust”

0

Exchange Online Transport Rule Audit

Posted on by Rhoderick Milne [MSFT]
Impact Of Not Enabling ETR Audit

This is a topic that still comes up when doing email investigations.  After there has been an issue, we want to perform analysis to determine what may have happened any potentially why certain security controls did not act the way we expected.

With email one example would be around the audit information collected when an Exchange Online transport rule acts upon a message.

It is common to see that ad… Read the rest “Exchange Online Transport Rule Audit”

2

Is Exchange Fully Updated? If Not, Go Update Now

Posted on by Rhoderick Milne [MSFT]

The Exchange team just posted that the September 2021 updates are going to be slightly delayed.  The priority will always be to ship quality updates rather than force it out to meet a specific day.

You can look at the announcement, and Nino's additional comments here:

Delay of September 2021 Cumulative Update for Exchange Server - Microsoft Tech Community

This means that we have a little bit more tim… Read the rest “Is Exchange Fully Updated? If Not, Go Update Now”

1

Remote Desktop Connection Manager Download (RDCMan) 2.81

Posted on by Rhoderick Milne [MSFT]

Finally we have good news for all fans of the Remote Desktop Connection Manager (RDCMan) tool!    It has risen from the ashes, and is now part of Sysinternals.

Over the years RDCMan built up a strong user base as it was a simple but powerful utility to manage connections to multiple machines.  Sure, if you have three or four servers to manage you can get by with saved .rdp files or use the Universa… Read the rest “Remote Desktop Connection Manager Download (RDCMan) 2.81”

0

New And Advanced Azure AD Connect Topics

Posted on by Rhoderick Milne [MSFT]
Azure AD Connect Password Hash Sync

There have been some recent feature additions to Azure AD Connect.  If we look at the Azure AD Connection Version History  after a brief hiatus, there are newer versions as of March 2021.  At the time of witing, the latest version is 1.6.4.0 and was released on the 31st May 2021.

There are multiple new features and changes in this build.

  • Updated ADSyncTools PowerShell module
  • Defaults to V2 synchronisati
Read the rest “New And Advanced Azure AD Connect Topics”