Welcome in my blog

This could be due to CredSSP encryption oracle remediation – RDP to Windows 10 pro host

May 13, 2018 Leave a comment

Following Windows security updates in May 2018, when attempting to RDP to a Windows 10 Pro workstation the following error message is displayed after successfully entering user credentials:

An authentication error occurred. The function requested is not supported.

This could be due to CredSSP encryption oracle remediation

Screenshot

enter image description here

Solution:

just add regedit with following below, after that reboot and try again

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
"AllowEncryptionOracle"=dword:00000002
Categories: Windows Client

Scripting to prepare migration user gmail to o365

February 25, 2017 1 comment

a few days ago I got the project to implement migration from google to o365 incude mailbox and onedrive online, we have done migration data mailbox using third party, but this post i dont want to discuss how to migration the data from google to o365 but I want to share step by step to migration the users using scripting while users will be moved to o365

just for information we have to change the domain from @demagnum.com to @demagnum.co.id

  1. Create forwarding users in gmail to forward users o365, here i dont have script to enable forwarding in gmail because i dont have experience in gmail
  2. Remove-MailContact -Identity “deby@demagnum.co.id” -confirm:$false previously we create all contact in gmail because for this implementation we didnt migration big bang, so we have migration for partial users,
  3. set-aduser “deby” -clear msexchhidefromaddresslists we need to clear exchange address list in proxy SMTP address because we will create new smtp proxy address will be defined
  4. Get-Aduser -identity “deby” | Set-aduser -Clear Proxyaddresses yes we need step to clear proxy addres
  5. Get-Aduser -identity “deby” | Set-aduser -add @{proxyaddresses = “SMTP:deby@demagnum.co.id”} we need add SMTP proxy address will be defined
  6. Running delta azure AD Connect, because primary address SMTP on active directory need sync to o365
  7. Set-MsolUserPrincipalName -UserPrincipalName “deby@demagnum.com” -NewUserPrincipalName “deby@demagnum.co.id” we need to change UPN existing from @demagnum.com to @demagnum.co.id
  8. Get-Aduser -identity “deby” | Set-aduser -add @{proxyaddresses = “smtp:deby@demagnum.com”}  we need add additional SMTP previously to be secondary SMTP address to o365
Categories: Office 365

AD RMS Troubleshooting: Reset the Client (MSIPC)

February 23, 2017 Leave a comment

In the course of troubleshooting the MSIPC rights management it may be beneficial to reset the client. The reset process removes the pertinent registry settings and files. This reset applies to the logged on user. Other users on the same machine are not reset.

The steps are as follows.

  1. Exit running Office applications.
  2. Delete existing registry entries.
  3. Clear existing licenses, GICs (RACs), and etc.
  4. Reproduce the issue.

NOTE: Feel free to export the DRM registry key before deleting it. Moving the entire MSIPC directory to another location or renaming it may be done instead of deleting it.

Delete the RMS registry settings for the user.

  1. Open regedit.exe.
  2. Navigate to HKCU\Software\Microsoft\Office\XXX\Common\DRM.
    XXX is the current Office version. 15.0 is Office 2013, 16.0 is Office 2016. There may be multiple versions listed (which is normal). Picking the highest is usually the correct one.

    1. Delete the DefaultServer and DefaultServerURL values.
  3. Navigate to HKCU\Software\Classes\Local Settings\Software\Microsoft\MSIPC.
    Note: this step resets the template distribution settings to default.

    1. Delete the <Server name> key that corresponds with desired RMS server/cluster.

Clear the existing licenses, GICs (RACs), and etc.

  1. Use one of the following methods to open the user MSIPC directory.
    1. Open a command prompt and enter the following commands.
      1. Cd %localappdata%
      2. Start . (the command is the word Start followed by a “period” and the enter key.
    2. In the “Search programs and files” dialog type %localappdata%
  2. In the AppData\Local directory navigate to the Microsoft directory.
  3. Delete the MSIPC directory.

NOTE: The CLC*.drm file may be too long for either Explorer or the command prompt to delete. Explorer reports a “destination path too long” error and the command prompt says “the file name or extension is too long.” In this case we may use robocopy.exe to move the MSIPC directory to another location.
I created a C:\Temp directory and used the following command.
robocopy “C:\Temp” %localappdata%\Microsoft\MSIPC /mir

Screenshots

Using the start menu to navigate to the MSIPC directory

Sample contents of the MSIPC directory for the curious.

Reference: https://social.technet.microsoft.com/wiki/contents/articles/19251.ad-rms-troubleshooting-reset-the-client-msipc.aspx#Delete_the_RMS_registry_settings_for_the_user

Categories: EMS, Windows Client

How to uninstall windows intune client

February 23, 2017 Leave a comment

It is not possible to uninstall the Windows Intune client from Programs and Features (for obvious reasons). Step by Step Guide describes how to do this.

There are 3 methods:

  1. Intune Administrator console – “retire the device”.
  1. Command line on the device
  • Open an admin command prompt
  • Navigate to C:\Program Files\Microsoft\OnlineManagement\Common
  • Run “ProvisioningUtil /UninstallAgents /WindowsIntune”

This will create a scheduled task and shortly uninstall all the agents.

3. Download and run the Microsoft uninstall script

Windows_Intune_AIS_Uninstall_Scripts_Extractor.exe

reference: http://gerryhampsoncm.blogspot.co.id/2013/08/uninstall-windows-intune-client.html

Categories: EMS, Windows Client

Azure Active Directory Connect Export profile error: stopped-server-down.

May 23, 2016 Leave a comment

Kloud Blog

Originally posted on Lucian’s blog over at clouduccino.com.

Follow Lucian on Twitter @LucianFrango.

A couple of weeks ago I deployed Azure AD Connect in production. It was a relatively smooth process. The wizard did most of the work which was great. There was a few hiccups (blog post) along the way, which, in most cases is expected if the problems are not so serious.

Fast forward to my second install of the latest and greatest sync service for Azure AD and Office 365 cloud identities and we have problem no. 2. This time, though, I can say that the process ran through allot smoother. There was no real errors. Things were looking straight great and I was looking at my next task with some enthusiasm.

However, come 8.30ish this morning and going over the AADConnect server once more for peace of mind, I had noticed that the…

View original post 444 more words

Categories: Windows Client