Modern Authentication / Outlook 2016 Password / OWA / App Password

In Office 365 two factor authentication (2FA), App Password is used for older versions of Microsoft Outlook or for non-outlook clients on devices like MACs or smart phones.

After enforcing 2FA in Office 365 and if you are trying to configure Outlook 2016 for email, and Outlook keeps rejecting the password that you have been using and that works with OWA, while if you try the App Password it works in Outlook, then you might want to add a registry key to enable and enforce Modern Authentication.

  • Outlook 2010 doesn’t support Modern Authentication

 

  • Outlook 2013 supports Modern Authentication but you need to add the following two registry keys.  DWORD and set to i

HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL

HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Version

The following key will enforce it.

HKEY_CURRENT_USER\Software\Microsoft\Exchange\AlwaysUseMSOAuthForAutoDiscover

 

  • Outlook 2016 supports modern authentication and it is ON by default but we’ve had to enforce it in some instances because Outlook kept prompting for a password and wouldn’t take the password that worked with OWA but Outlook worked with App Password.  Enforcing Modern Authentication made Outlook 2016 accept the regular office 365 password (that worked OWA password).   Add the following DWORD and set to 1

HKEY_CURRENT_USER\Software\Microsoft\Exchange\AlwaysUseMSOAuthForAutoDiscover

Note: registry changes might result in problems and serious issues with computers and software.  Do it at your own risk.

 

How to Force Sync Azure AD Connect with Azure Office 365

 

If you have Azure AD Connector with Azure Office 365 and want to force Sync AD with Azure when you have just created a new user, start PowerShell on the server that has Azure AD Connect installed and type:

import-Module ADSync

Get-ADSyncScheduler

Start-ADSyncSyncCycle -PolicyType Delta

 

How to Connect to Office 365 Through Powershell

1- In Windows run PowerShell as an admin

2- Install PowerShell v2 if not installed

Install-Module -Name ExchangeOnlineManagement

3- Import Exchange Online Management module

Import-Module ExchangeOnlineManagement

4- Connect to Office 365 with admin user

Connect-ExchangeOnline  -UserPrincipalName  Admin@WhateverDomain.com

Replace admin@whateverdomain.com above with office 365 administrator account.  You will be prompted for credentials.

5- After that if you want, for instance, to grant a user named User1 “Author” permissions on root of public folders

Get-PublicFolder -Identity “\” -Recurse | Add-PublicFolderClientPermission -User  User1 -AccessRights Author

Replace User1 above with the user you want to grant access

6- To view permissions on the public folders called My Public Folder

Get-PublicFolderClientPermission “\My Public Folders”

How to renew OAUTH SSL Certificate in Exchange

 

Open Exchange PowerShell on the Exchange server

Run the following command (replace *.domainname below with the domain name)

New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName “CN= Microsoft Exchange Server Auth Certificate” -DomainName “*.domainname” -FriendlyName “Microsoft Exchange Server Auth Certificate” -Services SMTP

Answer No to over-write

Write down the certificate thumpprint

Type:

$date = Get-Date

Type:

Set-AuthConfig -NewCertificateThumbprint <certificate_thumbprint> –NewCertificateEffectiveDate $date

Substitute <certificate_thumbprint> above with certificate thumpprint that you wrote down.

Confirm Y

Type:

Set-AuthConfig –PublishCertificate

Type:

Set-AuthConfig -ClearPreviousCertificate

Restart the Microsoft Exchange Service Host service

Restart IIS
IISReset

Site link to create or delete Microsoft Office 365 App password

TO Create or Delete Microsoft Office 365 App password that is used for non Microsoft apps with two Factor Authentication (2FA).

https://aka.ms/mysecurityinfo

 

 

Renewing VMware esxi 6.0 SSL certificate – Certificate Error – Host – vCenter

If the self-assigned VMware esxi 6.0 SSL Certificate expired on a Host and displaying a warning or an error in vCenter on the Host, you will need to renew that SSL Certificate.

The certificate can’t be renewed through the VMware vSphere client, but can be renewed via the Web Client but unfortunately that would require Adobe Flash to work, and Adobe Flash has been deprecated and unavailable to download unless you had an old browser with flash installed and you never removed flash from it.

We had this issue last week.  We found another way to renew that certificate and that is by going to vSphere client, right-clicking on the Host and disconnecting it, wait a few seconds then choose to reconnect it.  By reconnecting the Host, that will automatically renew that ssl Certificate.

 

 

Do at your own risk.  We take no responsibility for anything that could go wrong.

PowerShell failed to invoke ‘New-FederationTrust’: Unable to access the Federation Metadata document from the federation partner

We were in the process of migrating on premise Exchange to 2013 on Windows Server 2012 to office 365  and while installing the Hybrid Configuration Wizard we were getting the following error.

PowerShell failed to invoke ‘New-FederationTrust’: Unable to access the Federation Metadata document from the federation partner. Detailed information: “The underlying connection was closed: An unexpected error occurred on a receive

After some troubleshooting and collecting logs, we found out that the reason we were getting that is that a few years ago and to comply with PCI requirements, we disabled SSL and weaker TLS encryptions and enabled TLS 1.1 and 1.2 on the Exchange server.  The Hybrid Configuration was invoking .NET that was trying to use those disabled protocols and therefore the Hybrid Configuration Wizard was failing.  In Registry we told .NET to use the new TLS protocols.

Added the following Registry values

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

“SystemDefaultTlsVersions”=dword:00000001

-AND-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]

“SystemDefaultTlsVersions”=dword:00000001

Exchange mailbox move – Unable to open message store. hr=0x80040111, ec=-2147221231

When trying to move a mailbox from one Exchange server 2008/2010/2013 to another or from Database to another you get the error message below.  Fixing it is easy if you have used ASDIEdit before.  Basically you are going to reset the Exchange Mailbox Move Values…

Sample Error:

Data migrated:
Migration rate:
Error: MigrationTransientException: Failed to communicate with the mailbox database. –> Failed to communicate with the mailbox database. –> MapiExceptionLogonFailed: Unable to open message store. ‎(hr=0x80040111, ec=-2147221231)‎

Diagnostic context: Lid: 55847 EMSMDBPOOL.EcPoolSessionDoRpc called [length=132] Lid: 43559 EMSMDBPOOL.EcPoolSessionDoRpc returned [ec=0x0][length=272][latency=0] Lid: 52176 ClientVersion: 15.0.1395.10 Lid: 50032 ServerVersion: 14.3.442.0 Lid: 23226 — ROP Parse Start — Lid: 27962 ROP: ropLogon [254] Lid: 17082 ROP Error: 0x80040111 Lid: 26937 Lid: 21921 StoreEc: 0x80040111 Lid: 27962 ROP: ropExtendedError [250] Lid: 1494 —- Remote Context Beg —- Lid: 26426 ROP: ropLogon [254] Lid: 44215 Lid: 60049 StoreEc: 0x8004010F Lid: 49469 Lid: 65341 StoreEc: 0x8004010F Lid: 56125 Lid: 47933 StoreEc: 0x8004010F Lid: 32829 Lid: 49213 StoreEc: 0x8004010F Lid: 48573 Lid: 64957 StoreEc: 0x8004010F Lid: 59409 Lid: 45073 Lid: 11173 StoreEc: 0x80040111 Lid: 22970 Lid: 8620 StoreEc: 0x80040111 Lid: 1750 —- Remote Context End —- Lid: 26849 Lid: 21817 ROP Failure: 0x80040111 Lid: 26297 Lid: 16585 StoreEc: 0x80040111 Lid: 32441 Lid: 1706 StoreEc: 0x80040111 Lid: 24761 Lid: 20665 StoreEc: 0x80040111 Lid: 25785 Lid: 29881 StoreEc: 0x80040111
Report: User@domain.com Download the report for this userLast successful sync date:

Status:Queued duration:
In-progress duration:
Synced duration:
Stalled duration:

 

Resolution:

Launch ADSI.MSC

Once launch, right click on ADSI Edit on the left pane and choose “Connect to” and when the “Connection Settings” open , CLick OK which will open the default naming context.

On the left double-click on default naming context and that should start drilling down on sub items that (otherwise would have stayed hidden).  Double click on the domain.  You should see OUs structure like AD.

Find the user.  Right click and choose Properties

Under Attribute Editor click on Filter and check off option to Show only attributes that have values (this way you filter out empty fields.)

Find all msExchangeMailboxMoveXXXXXXX values and reset them to blank.  In my case I had:

msExchangeMailboxMoveFlags
msExchangeMailboxMoveStatus
msExchangeMailboxMoveTargetMDBLink

To reset them to blank, you can’t just remove the values, you should highlight the value and click Edit and then Clear.  I would write down what those values are before clearing them (I don’t believe you need them going forward but why not recording them).

Click OK then try moving that mailbox again.

–use-spdy%3Doff’s server IP address could not be found –disable-http2

When you click on a web/html link in email Google Chrome or the default Internet Browser opens up the link plus two tabs.  The two tabs would say:

“—use-spdy%3Doff’s server IP address could not be found”

-AND-

“—disable-http2’s server IP address could not be found”

 

Solution:

Your Windows PC is infected with a malware.

Download MalwareBytes and run it.

http://www.MalwareBytes.com

Then download and run AdwCleaner from the same site.

That should clean it up and remove it.

There are blocking issues for the physical-to-virtual conversion, there is no BCD boot…

There are two traditional ways to move physical machines to Hyper-V virtual machine using Microsoft Tools.

1- Microsoft Virtual Machine Converter

When you try to convert a Windows server 2012 for example from physical to a VM, you might get the following error:

Microsoft Virtual machine Converter encountered an error while attempting to convert the virtual machine

There are blocking issues for the physical-to-virtual conversion, there is no BCD boot device found in the source machine, noticing that conversion of an EFI boot machine is currently not supported.

2- Disk2VHD

Another tool is Disk to VHD and if you try to convert the physical machine using Disk2VHD tool, then try to boot the VHD disk in Hyper-V manager you get the following error in Hyper-V Manager:

Boot Failed.  EFI SCSI Device

Boot Failed.  EFI Network

No Operating System was loaded.  Press a key to retry boot sequence

 

Solution:

Use Disk2VHD to convert the physical machine to a disk.  Before you do that map the boot partition on the source machine to a drive so when you run the Disk2VHD that partition will get captured.

To do that, go to command line and type:

mountvol V: /S

That will mount the boot partition to a drive called V: drive (you could choose any other available drive if you want).  Now run Disk2VHD.  That will convert the server’s partitions and disks including the boot to VHD.  Copy to the Hyper-V machine and boot the new VM with that disk.