Category: Microsoft

  • Notes from the field: Citrix FAS SSO not working with invalid CRL

    Recently I got contacted by a customer who had problems performing an SSO to a newly build desktop environment. The setup a greenfield resource domain and forest trust from an existing tenant with a two way trust. Basically everything was correct but the logon from the users would always get terminated at the desktop with…

  • Notes from the lab: Windows firewall profile not correct after reboot

    Just thought of leaving a quick win here. Did you ever had the firewall profile of Windows not correctly mapped after reboots etc.? This is because after a reboot the Domain Controllers put it in e.g. public profile and this will get passed on to other servers as well. This will effect in not being…

  • Notes from the lab: VMware Horizon and Microsoft MFA NPS Extension

    In my own lab environment I have a mixture of EUC components and dual factor configured accordingly, but more and more I see that customers also just use the MFA solution of Microsoft to integrate it for their environments. Why not it’s included with your license right. So back to the techie part I’ve configured…

  • Notes from the field: The unexplained Outlook pop-up

    Quite recently I’ve had an interesting troubleshoot at a customer. The problem was at first that there was an issue in the newly build Exchange 2019 environment that Outlook clients would open up and ask for credentials in a domain joined environment, so the SSO part of WIA isn’t working and it “seemed” to work…

  • Notes from the field: Configuring AFAS Online with Azure

    I have a quick win for those who are also in the process of migrating an ADFS configured AFAS Online setup to Azure Active Directory. I’ve already had an support call with them and besides the point they don’t support any troubleshooting IDP setups they did their best which in turn got me to sharing…

  • Notes from the lab: Configuring vCenter 7 with ADFS

    With the release of vCenter 7 you can now integrate it with Microsof Active Directory Federation Services (ADFS) See the following blog article for an overview: https://blogs.vmware.com/vsphere/2020/03/vsphere-7-identity-federation.html See the following configuration articles for a setup overview: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-C5E998B2-1148-46DC-990E-A5DB71F93351.html https://kb.vmware.com/s/article/78029 With this information I’ve configured my lab environment to a working SAML based login with a few…

  • Notes from the lab: Migrating Windows vCenter to VCSA 7

    In my lab environment I was running Windows vCenter 6.7 and with the release of vCenter 7 a migration is needed because there is no Windows vCenter anymore. The following articles will give you enough information on how the process works especially the how-to from Vladan Seget: https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.upgrade.doc/GUID-9A117817-B78D-4BBE-A957-982C734F7C5F.html https://www.starwindsoftware.com/blog/how-to-migrate-vmware-vcenter-from-windows-to-vcsa-6-7-update-1 Basically the process is the same…

  • Notes from the field: Windows 2019 Storage Replica lock-up on VMware

    On one of my latest projects consisting of a new Windows Server 2019 setup on VMware and making use of Storage Replica in a server to server setup for replicating home drives and profiles I came across a random lock-up of the VM and by that inaccessible shares. The setup was all working until the…

  • Notes from the field: Hyper-V to VMware migrated VM’s cannot install VMware Tools

    One of my last projects I needed to convert Hyper-V VM’s to VMware, this all went fine with the offline capability of vcenter converter and the migration succeeded. Only after trying to install the VMware tools this would hang on starting the VGauth services and several other dependencies. For reference the VM’s in question are…

  • Notes from the lab: Citrix ADC Native OTP and AdminSDHolder

    While doing some lab work I came across an issue that the Domain Admin accounts could not register on the manageotp site while Domain Users could. This got me figuring it out. For the use of Native OTP on the ADC we need to use an bind account for Active Directory which has the appropriate…