Category Archives: Microsoft

Microsoft PowerShell Windows server

Expired SCVMM certificate

The BITS client job failed to succeed for \srv-scvmm\c$\asd\SW_asdC_STD_MLF_X22-74300.ISO when attempting Start-BitsTransfer resource with following error: The date in the certificate is invalid or has expired

Restart BITS service and try the operation again. Also make sure that the client has permissions on the source and the destination.

ID: 24366

Possible resolution:

Restart BITS (Background Intelligent Transfer Service)

Delete the expired certificate from the VMM server’s Personal Store and create a new one:

[PowerShell]:

$credential = get-credential

Get-VMMManagedComputer -ComputerName “VMM-Server.domain.com” | Register-SCVMMManagedComputer -Credential $credential

You will now get a new certificate which is valid for 5 years.

try
Get-SCVMMServer if command not recognized.

Exchange Microsoft SSL

Configure Wildcard SSL Certificate for POP/IMAP on Exchange 2010 (PowerShell)

It is assumed you have your SSL wildcard certificate already installed on an Exchange 2010 server.

We use Windows Server 2008 R2 Datacenter x64 in this example.

Open Exchange Management Shell as Administrator and get a list of SSL certificates that are available:

[PS]> Get-ExchangeCertificate

Thumbprint                    Services  Subject
----------                              --------  -------
1F70359DC0BE9CAD58F965A3C110  ...WS.    CN=*.example.com, OU=IT Dep, O=Example Comp...
0F7FF199B11E662621D80700D04F  ....S.    CN=ExampleDC

When you enable the wildcard *.example.com certificate for POP service, you normally get the following error:

PS]> Enable-ExchangeCertificate -Thumbprint 1F70359DC0BE9CAD58F965A3C110 -Services POP
WARNING: This certificate with thumbprint 1F70359DC0BE9CAD58F965A3C110 and subject '*.example.com' cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-POPSettings to set X509CertificateName to the FQDN of the service.

The same applies to IMAP:

[PS]> Enable-ExchangeCertificate -Thumbprint 1F70359DC0BE9CAD58F965A3C110 -Services IMAP
WARNING: This certificate with thumbprint 1F70359DC0BE9CAD58F965A3C110 and subject '*.example.com' cannot used for IMAP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-IMAPSettings to set X509CertificateName to the FQDN of the service.

Set FQDN for POP service to fix the error:

[PS]> Set-POPSettings -X509CertificateName exchange2010.example.com

Do the same for IMAP service:

[PS]> Set-IMAPSettings -X509CertificateName exchange2010.example.com

Verify POP settings:

[PS]> Get-POPSettings

UnencryptedOrTLSBindings  SSLBindings            LoginType    X509CertificateName
------------------------  -----------            ---------    -------------------
{:::110, 0.0.0.0:110}     {:::995, 0.0.0.0:995}  SecureLogin  exchange2010.example...

Verify IMAP settings:

[PS]> Get-IMAPSettings

UnencryptedOrTLSBindings  SSLBindings            LoginType    X509CertificateName
------------------------  -----------            ---------    -------------------
{:::143, 0.0.0.0:143}     {:::993, 0.0.0.0:993}  SecureLogin  exchange2010.example...

Restart POP and IMAP services:

[PS]> Restart-service MSExchangePOP3
[PS]> Restart-service MSExchangeIMAP4

Source link:

https://www.lisenet.com/2014/configure-wildcard-ssl-certificate-for-pop-imap-on-exchange-2010-server/

.NET ASP.Net ASP.Net 2.0 Microsoft

Problem with Session in iFrame after windows update

Microsoft ASP.NET will now emit a SameSite cookie header when HttpCookie.SameSite value is “None” to accommodate upcoming changes to SameSite cookie handling in Chrome. As part of this change, FormsAuth and SessionState cookies will also be issued with SameSite = ‘Lax’ instead of the previous default of ‘None’, though these values can be overridden in web.config.

You have to set the cookieSameSite= “None” in the session state tag to avoid this issue. I have tried this and working well.

<system.web>
<sessionState cookieSameSite="None"  cookieless="false" timeout="360">
</sessionState> 
</system.web>

https://social.msdn.microsoft.com/Forums/en-US/1b99630c-299c-446e-bf4b-d7d4d74bf9ef/problem-with-session-in-iframe-after-recent-windows-update?forum=aspstatemanagement

Active Directory Networking

Using Ntdsutil Tool to Manage Active Directory

The NTDSutil.exe utility is one of the key tools to manage Active Directory and its database (ntds.dit file).

The NTDSutil utility can be used by AD administrators in various scenarios. Most often the utility is used to:

  • Transfer (seizing) FSMO roles in the AD domain between domain controllers;
  • Authoritative restoring of deleted objects in Active Directory;
  • Remove faulty (missing) AD domain controllers;
  • Performing AD database maintenance: checking integrity, compressing, moving the ntds.dit file or AD log files to another drive on a domain controller in order to increase performance;
  • Active Directory snapshot management;
  • Change the administrator password for the DSRM (Directory Services Restore Mode) recovery mode.

To display the basic syntax of the NTDSutil utility, open an elevated command prompt on the domain controller and run:

Ntdsutil.exe /?

As you can see, the Ntdsutil utility has a few subcommands available. Let’s try to learn them in more detail with examples.

Let me remind you that in the AD there are five FSMO (Flexible Single Master Operation) roles:

  1. Schema master;
  2. Domain naming master;
  3. RID master;
  4. PDC emulator master;
  5. Infrastructure master.

These roles can be assigned to different domain controllers in the AD forest and/or domain. The current owners of FSMO roles can be obtained using the command:

netdom query fsmo

source link: https://theitbros.com/ntdsutil/

Microsoft Remote Desktop Services RemoteApp

diagnose RDP with commandline

netstat /p tcp /a | findstr 3389

Exchange Microsoft PowerShell

PowerShell One-Liner: Get a Count of Exchange Server Mailboxes Per Database

 
 
[PS] C:\Get-Mailbox | Group-Object -Property:Database | Select-Object Name,Count | Sort-Object Name | Format-Table -Auto

Exchange Microsoft

Message size and recipient limits in Exchange Server

Get-TransportConfig | Format-List MaxReceiveSize,MaxSendSize,MaxRecipientEnvelopeLimit

Get-TransportRule | where {($_.MessageSizeOver -ne $null) -or ($_.AttachmentSizeOver -ne $null)} | Format-Table Name,MessageSizeOver,AttachmentSizeOver




https://docs.microsoft.com/en-us/exchange/mail-flow/message-size-limits?view=exchserver-2019

Code Snippets Active Directory PowerShell

Using Net User command to Display User Expiration Date

Net user USERNAME /domain

Using Powershell

get-aduser -filter * -properties passwordlastset, passwordneverexpires |ft Name, passwordlastset, Passwordneverexpires

To display the expiration date rather than the password last set date, use this command.

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}


Microsoft SQL Server

Upgrading to SQL Server 2017 – VS Shell installation has failed with exit code 1638

I experienced this problem as well with SQL Server 2017 Developer and it appears to be just bad planning on the part of the SQL Server installation package people. The problem is that Visual Studio 2017 installs the Microsoft Visual C++ 2017 Redistributable (x86) and (x64) and the SQL Server installation tries to install the Microsoft Visual C++ 2015 Redistributables, which it can’t because the SQL Server installation doesn’t allow you to install an older version with the newer version installed.

This Microsoft Support article presents their explanation of the problem, and their recommended workarounds.

Solution 1: Install SQL Server first before installing Visual Studio 2017.

Solution 2 (what I did):

  1. Uninstall the Microsoft Visual C++ 2017 Redistributable (x86) and (x64),
  2. install SQL Server,
  3. then reinstall the Microsoft Visual C++ 2017 Redistributable (x86) and (x64).

They are a little hard to find, so here are the direct links:

X64: https://go.microsoft.com/fwlink/?LinkId=746572

x86: https://go.microsoft.com/fwlink/?LinkId=746571

Note: If you don’t have Microsoft Visual C++ 2017 Redistributable installed

at all, just install it from one of the above links, and retry installing SQL Server. It should work now.

Source link:https://dba.stackexchange.com/questions/190090/help-installing-sql-server-2017-vs-shell-installation-has-failed-with-exit-cod

Code Snippets Exchange Microsoft PowerShell

Hide Office 365 Groups from the GAL

Schools may require that newly created classes are hidden from the Global Address List (GAL) in Exchange Online. Classes may be hidden through PowerShell. Use the instructions below to hide Classes created with SDS from the GAL.

Classes are represented in Office 365 as Office 365 Groups. In Exchange Online, where the GAL is built, they are called Unified Groups. Use the Get/Set-UnifiedGroup cmdlet to manage these groups through PowerShell.

 

Hide a single class

Launch PowerShell as an Administrator and connect to Exchange Onlineas shown below.

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking

Once connected, run the command below against the Group you want to hide.

Set-UnifiedGroup -Identity <UnifiedGroupIdParameter> -HiddenFromAddressListsEnabled $true 

 

Hide all classes created by SDS

Launch PowerShell as an Administrator and connect to Exchange Online as shown below.

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking

Once connected, run the command below against all SDS-created groups.

 $Groups = Get-UnifiedGroup -ResultSize Unlimited | ? {$_.PrimarySmtpAddress -like "Section_*"}
Foreach ($Group in $Groups) {Set-UnifiedGroup -Identity $Group.Name -HiddenFromAddressListsEnabled $true}
}

 

 

https://docs.microsoft.com/en-us/schooldatasync/hide-office-365-groups-from-the-gal