Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

User Profile

andrewmcn

Copper Contributor

Joined 4 years ago

8 Posts2 Likes

View All Badges

User Widgets

Recent Discussions

Remote Desktop Connection - How to force a Certificate Revocation method?
Is it possible to force a particular method/protocol for the certificate revocation used by RDC? We have two separate enterprise environments where endpoints occasionally need to cross reference each other's certificate revocation servers. We don't allow LDAP between the two environments. CRL and OCSP is fully accessible. RDC seems to default to LDAP [only] and throws up a warning about not being able to check revocation when there is a cross-environment check required. This isn't pretty. We do have LDAP as the first certificate revocation method in our certificates as I think this is default by design. Does RDC only support LDAP? Alternatively, is there a way to force it to use HTTP/CRL/OCSP? Seems like there should be a nice little registry entry we can inject to set the protocol order.
Jul 25, 2023 Place Windows Server for IT Pro
Active Directory Certificate Services
Microsoft Remote Desktop Client
1.9KViews
0likes
0Comments
Re: After Windows 2019 CU KB5012647, enabling IIS automatic rebind of renewed certificates gets an error
I have this issue today and it wasn't helped by the KIR.
Mar 10, 2023 Place Windows Server for IT Pro
5.5KViews
0likes
1Comment
Re: You can now Enable Encrypted Client Hello (Encrypted SNI or ESNI/ECH) in Microsoft Edge
Can we use this on Mac? If so, how?
Oct 03, 2022 Place Discussions
58KViews
0likes
0Comments
Re: Adding multiple domains to RestrictSigninToPattern string
Just to add to this... I had to adapt this to incorporate support for the $ character in our admin usernames and also realised it's case sensitive by default. So, the format changed to this: (?i:[[:ascii:]]*@mydomain.com|.*@myschool.sch.uk|.*@other.org.uk|[[:ascii:]]*@mytenant.onmicrosoft.com) In case you didn't know, the "$" has special meaning in regex. So, if we use it then we need to cover it by some other means. So, I had to add in the [[:ascii:]] to get the $ character accepted. Then I realised it's also case sensitive by default. So, needed to add the little i after the ?
Sep 05, 2022 Place Enterprise
8KViews
0likes
0Comments
PowerShell DnsServer module and DKIM 2048-bit keys
I haven't checked 2019 yet but 2016's Add-DnsServerResourceRecord cmdlet can't handle a key that goes beyond the 255 character limit. The mmc for DNS appears to support this just fine. I've tried various workarounds but as soon as you cross that 255 limit, the cmdlet fails. This is a real pain in the neck if you've got 162 domains to manage and want to inject DKIM public keys into all of them with a script. Even Microsoft is now recommending the use of 2048-bit keys in its M365 documentation. I've had to stick with 1024-bit for now and manual set critical domains to 2048-bit. I hope Microsoft fixes this issue back to Windows Server 2016 urgently. Has anyone figured out any workarounds to this issue? T.I.A.
Apr 17, 2021 Place Windows Server for IT Pro
Active Directory
powershell
1.5KViews
0likes
2Comments
Re: PowerShell DnsServer module and DKIM 2048-bit keys
Thanks Dave. I was looking for that. Discovered someone already asked for this on UserVoice back in 2018. Sadly only had 3 votes.
Apr 11, 2021 Place Windows Server for IT Pro
1.5KViews
0likes
0Comments

Groups

Recent Blog Articles