Friday, December 11, 2020

Error 1312 when adding ssl cert

 If you get an error when using netsh to add a cert thumbprint, make sure you have a private key attached to the cert. Also, make sure the command prompt is open as admin.


netsh http add sslcert ipport=0.0.0.0:443 certhash=‎‎certThumbprint appid={eea9431a-a3d4-4c9b-9f9a-b83916c11c67}

Saturday, September 12, 2020

-bash: [: too many arguments When logging on via SSH

 I had an unusual error after creating a CIS Hardened Ubuntu 18.04 image from the Azure Marketplace. As soon as I would log on I would get the error: -bash: [: too many arguments.


I asked the question on EE and this is what we did to find the answer:

I logged on and ran an strace:  strace bash -l 2>output.txt

While that was running I logged on to another session. As soon as I got the error after logging in, I stopped the strace process on the first session.

I opened the output.txt file in Notepad++ and did a search for -bash: [: too many arguments

and found this:

write(2, "/etc/profile: line 22: [: too ma"..., 45/etc/profile: line 22: [: too many arguments
) = 45


I opened /etc/profile and commented out the lines:

#if [ -d /etc/profile.d ]; then
#  for i in /etc/profile.d/*.sh; do
#    if [ -r $i ]; then
#      . $i
#    fi

#  done
#  unset i
#fi
#umask 027

I logged on again and didn't get the error.

What we ended up doing was deleting the file in /etc/profile.d called '*.sh' using; rm -fi '*.sh'



Friday, January 17, 2020

Installing Microsoft Teams Per Machine instead of Per User

Microsoft finally has a way to install Microsoft Teams "Per Machine" instead of "Per User".

In the past when you installed Teams either from the EXE or through the click to run install, it would put in in the users Appdata folder. Now, you can install it per machine and each new user will already have it without the need to install it per user (the way it should be IMHO). 

THIS article from Microsoft explains how to do it with a persistent setup and a non-persistent setup.

We use FSLogix so we have a non-persistent setup. The article can be a little confusing so I will just put the steps that we did:

  1. Since we used the O365ProPlus installer using ODT and had Teams installed using that, we created a new XML file with the <ExcludeAppID=  "Teams" />  inside and reran the setup.
  2. We removed the two Teams programs inside Programs and apps, Teams and Machine Wide Teams installer.
  3. Added to the registry, HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VDM\Agent. (or, HKLM\Software\Citrix\PortICA)
  4. Used the PS Script in the article to remove it from users AppData folder. (This MUST be done per user. So if you have a lot of users you may want to add the script to the login and have it run)
  5. Install the msi using the command line given for Per Machine.


Friday, November 30, 2018

User unable to login to RDP Farm after you re-enable them?

We had a strange issue. We had a user leave and since we knew when she was leaving i set the account to expire at a certain date. A couple days after she left they re hired her for some part time work so I set the radio button back to Never Expires.

The user called saying she couldn't log on to our RDP farm. After looking over everything we noticed she was in the correct group, she was getting emails on her phone (we use O365/EXO) and I even tried to disable and re-enable her account.

For giggles we reset her password and sure enough that worked. I don't know if its a bug in AD that if you set an account to expire and then change it back to never expire it doesn't really send the "All Clear" to all the systems or what. Such a strange issue.

Thursday, February 8, 2018

Enable .NET 3.5 on Windows 10

Go into RegEdit and set the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU folder.  


DoubleClick on UseWUServer(UseWindowsUpdateServer) and change the value to 0

Saturday, December 30, 2017

Removing O365 Hybrid Config - Exchange 2010/2016

I'm finishing up our companies migration to O365/Exchange Online (EXO). When migrating your on prem users to EXO, O365 has a Hybrid Configuration Wizard (HCW) that does the bulk of the work for you to setup your servers to talk to O365 and vice versa.

Once the HCW completes, all you should have to do is logon to your O365 global admin account and migrate users. This is great but......

They have next to no documentation on how to remove the hybrid configuration, especially if you want to keep an exchange server on prem.

Let's take a few minutes and discuss why you would want to keep an exchange server on prem. It took me a little time to figure out why as some blog posts I couldn't follow.

The main reason you would want to keep an on prem exchange server is if you are using AD Connect (used to be called DirSync) to sync passwords and users from your on prem AD to Azure AD/O365.

If you have AD Connect syncing to Azure AD/O365, then your on prem AD is still the source of authority. Basically what this means is that even though all your users mailboxes are in O365/EXO you can't manipulate any attributes. For example, you can't add another SMTP email address to a user using the O365 admin page. It'll give you an error telling you that the attributes are on your on prem AD. To get around this, you should keep an exchange server on prem. This server does not need to be anything big. Maybe a small VM to handle the mailbox role if using Exchange 2016. All you need it for is to manage users.

In my case I had an Exchange 2010 environment and all i wanted to do was remove those 2010 servers and keep the 2016 server but I couldn't find anything that told me the order to do things or how to create mailboxes on prem that would then sync up to O365 for EXO to create the mailbox for the user.

I finally found THIS site from technet. While it was an older post it worked for me. My only issue was when I tried to remove the Federate trust with the powershell command i got an error so i just went to the EMC and removed it from there.

At this point in time my confusion was (and always has been) how do I now get my 2016 server to create a mailbox for a user and send it to O365 now that the hybrid config is gone? I couldn't find any place that tells you what to d, only thats its possible.

Turns out is easier than I thought. Once you create your user an AD, run this comment in EMS: Enable-MailUser -Identity John -ExternalEmailAddress john@contoso.com

This will create the correct attributes that when you AD Connect sync the changes to Azure AD/O365 it will create the mailbox for that user, as long as you have given that user the correct license in O365.

The one thing I do notice when I do this is that on my 2016 server, the user is listed under Contacts and not mailbox. All the users that I migrated using the HCW show up in the mailbox section as O365 users. Under the O365 admin, the user shows up in the mailbox section.

I'll update the post if I find out a way to make it so that it shows up as a mailbox in both. Hopefully they do so that I can keep everything consistent.

EDIT 12/31/17 - I found out that if you run this command after creating a user it will create the mailbox on O365 and it will be listed as an O365 mailbox in the 2016 server:  Enable-RemoteMailbox "wjones" -RemoteRoutingAddress "wjones@mycompany.mail.onmicrosoft.com

Thursday, December 7, 2017

Add O365 License to users in bulk

We are moving to O365 and I needed a way to add our O365 licenses in bulk. To do this I used PowerShell.

First you need to install the AzureAD V2 PowerShell. This is very easy if you have Windows 10. You will do this:

Install-Module AzureAD

Once you install the module you will need to connect to your account:

Connect-AzureAD

It will prompt you for your O365 global admin credentials. Once you are connected you can see what your License SKU is by doing this:

Get-AzureADSubscribedSku | Select Sku*,*Units

The one we have it called ENTERPRISEPACK. You will need the SkuID. From this point you can put in the code below. I used a CSV file with a header of UserPrincipalName (UPN) and then below that the users. The UPN looks like an email address.


$file = import-csv test.csv

foreach ($user in $file){

$upn = $user.UserPrincipalName

$user2 = Get-AzureADUser -SearchString $upn

Set-AzureADUser -ObjectId $user2.ObjectId -UsageLocation US

$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense

$License.SkuId = "6fd2c87f-b296-42f0-b197-1e91e994b900"

$LicensesToAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses

$LicensesToAssign.AddLicenses = $License

Set-AzureADUserLicense -ObjectId $user2.ObjectId -AssignedLicenses $LicensesToAssign

}

This went through all my users in the CSV file and assigned the E3 license to their account.

Error 1312 when adding ssl cert

 If you get an error when using netsh to add a cert thumbprint, make sure you have a private key attached to the cert. Also, make sure the c...