User Profile
azuser
Copper Contributor
Joined Aug 09, 2021
User Widgets
Recent Discussions
Azure passowrd protection
We have a hybrid Azure infrastructure with an AD Connector installed on-prem and configured for PTA. We installed the password protection server and registered it with the Azure tenant, then deployed the DC agent on all domain controllers. Both the proxy and agents are operational. We published a few banned words to block in case anyone uses them. For testing, I changed my password to include one of the banned words. To my surprise, I was able to change the password. I checked the corresponding logon server, and the DC event viewer showed that the password was validated, but the banned word was in the password list that Azure set to enforce. Why is it not blocking the change?Solved58Views0likes1CommentCertificate based Authentication and KB5014754
Hello community, we have an AD CS that issues certificates to users and computers. How do we achieve automatic certificate mapping? According to KB504754, strong certificate mapping is to be done. Currently, AD computer/user certificates are being used, and no mapping has been configured. Will this continue to work?AZureADSSOACC and AES
I have been auditing event IDs 4768 and 4769 and noticed a few accounts with 0x17. I believe that to be related to RC4. One of the accounts is an AzureADSSOacc account that was created before the year 2020. Will this account use AES if we upgrade the DC to 2025 or will we have to force it?279Views0likes1CommentSQL MI firewall
During SQL MI deployment, a built-in firewall is deployed along with a dedicated virtual network (VNET). We can choose to access SQL MI using either a public URL or a private endpoint. Does this built-in firewall provide sufficient protection for SQL MI, or do we need to implement an additional firewall?140Views0likes0CommentsRe: Windows Server 2019 NPS Radius no event viewer logs (solution)
We have a one-year-old Windows 2019 NPS server that logs all the events, and I installed a new Windows 2019 Network Policy Server (NPS) that is not logging any events. 'sc sidtype IAS unrestricted' did not help either.9.5KViews0likes0CommentsVMXNET3 and Exchange 2016
According to HealthChecker in our Exchange, the script is warning us that ("Large packet loss at the guest operating system level on the VMXNET3 vNIC in ESXi (2039495)). I do not see any connectivity issues. There is a KB article from VMware to look at the firmware to see if they are okay, then change the buffer size. I do not want to change the buffer size since I do not see any connectivity issues. Has anyone else seen this warning in their Exchange Server/SQL environment? Is this a real problem? Or can it be ignored?1.6KViews0likes1CommentWindows 2022 Azure Datacenter Edition
I installed my first Windows 2022 Azure Datacenter Edition as a DC in Azure lab, and I got a warning saying, " This VM is in Violation of Azure online service terms because it is running on a hypervisor not licensed for Microsoft Windows 2022 datacenter edition" when I connect that server using Windows admin center. How do I fix it?2.7KViews0likes2CommentsInternal roo CA and CRL
I am trying to determine what would happen if the internal root CA power down for a day or unavailable for a few days. We have a root CA with no subordinate. I thought PCs and Servers would check the local cache file and determine whether a certificate was revoked or not. I came across a few articles that say to set the revocation list longer to avoid the CRL server offline issue; this way, you do not have to worry about the CRL. I checked my PC's cache file with certutil -urlcache and noticed the Last sync time:1/28/2022. so a PC or server is synching the revocation list from time to time to ensure it has an up-to-date cache file whether we set a more extended period for revocation list or not. CRL Distribution Point (CDP) as listed below. C:\Windows\system32\CertSrv\CertEnroll\<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl ldap:///CN=<CATruncatedName><CRLNameSuffix>,CN=My-Server,CN=CDP,CN=Public Key Services,CN=Services,<ConfigurationContainer><CDPObjectClass> What would happen if the CRL/CA server is not available with default installation above, that is, CRL is not in available central server?Re: Exchange Server Mail Stuck on Queue due to Microsoft Bug 01/01/2022
I only ran the two steps below, and the email started to flow after. 1. Disable-Antimalwarescanning.ps1 2. restart the transport service I did not run Set-MalwareFilteringServer <ServerIdentity> - BypassFiltering $true instead of the above two. Will the next Exchange patch release installation re·vert the antimalware agent back "on," as on the default installation, and again we have to disable the agent?11KViews1like8Comments
Recent Blog Articles
No content to show