Error After Renew certificate ADFS 3.0–This page cannot be displayed

image

First lets go over the correct steps to renew the Certificate

Step1: Check the current signing certificates:

  • Open ADFS  PowerShell command window, and run the following command:

Get-ADFSCertificate –CertificateType token-signing

  • If you only see one certificate, and the NotAfter date is within 5 days, you need to generate a new certificate.

Srep:2 Renew the token signing certificate manually:

  • To generate a new certificate, execute the following command

Update-ADFSCertificate –CertificateType token-signing

  • Verify the update by running the following command again:

Get-ADFSCertificate –CertificateType token-signing

Step 3: Update the new token signing certificates for the Office 365 trust

  • Run:

Connect-MsolService

  • Enter the Office 365 Global Admin credentials
  • Run:

Update-MSOLFederatedDomain –DomainName “Domain.com”

STEP 4:Check if the certificate is updated correctly

  • Open ADFS  PowerShell command window, and run the following command:

Get-AdfsSslCertificate

  • Look at the value: CertifiacteHash
  • Check that the CertifiacteHash is the same as the thumbprint of the new certificate and not the old one

image

  • If the thumbprint is not the same or you see only one cert and not two run the following:

Set-AdfsSslCertificate  -thumbprint “the new thumbprint”

image

  • Run:

Get-AdfsSslCertificate

Check that the CertifiacteHash is correct.

Go over step 3 again (Update-MSOLFederatedDomain –DomainName “Domain.com”)

 

Good luck Smile

Posted in ADFS | Tagged , , , | Leave a comment

Upgrade brocade FC switches firmware Step-By-Step guide

Upgrade brocade FC switches firmware Step-By-Step guide

Brocade switches have two firmware partitions, this means that their firmware can be upgraded without downtime, this process is done as follows:

The upgrade process will upgrade the firmware of one boot partition, then reboot that partition without interrupting the normal operation, next the switch will change the updated partition to be the active partition and only then upgrade the second partition firmware immediately.

There is also an option to stage the installation and have only one firmware partition updated but this option will cause a disruptive update, disconnecting all the connections to the switch, this is done by adding “firmwaredownload -s” parameter to the update command (You can look for example screenshots below).

Preparation:

Before we begin we need a few things ready:

a. An FTP or sFTP server for saving a backup of the existing configuration and also downloading the new firmwares to the switches

b. Download the firmwares from the vendor’s website (in my case it’s from EMC)

Before you download the latest firmware from the vendor’s site you need to know what is your proper upgrade path (which version need to be installed first in order to avoid disruptive installations or lost of configuration).

To find my current firmware I login to the switch and run:

“firmwareshow”

clip_image001[4]

*This screenshot was taken after I’ve already did the first update from 6.4.x.

Finding out the proper upgrade path is a bit tricky because there isn’t a concentrated location of all the proper paths, if I want to upgrade from version 6.4.X to 7.4.X I need to search for the document that describes how to update to version 7.4.X and see if 6.4.X can be updated without disruption.

Searching Google for this:

“Brocade Fabric OS Upgrade Guide, [x.x.x]”

Where [x.x.x] should be replaced with the version you want to upgrade to helped me to find the paths:

This is an example of the upgrade path of version 7.4.0 table:

clip_image003[4]

As you can see in order to have a nondisruptive upgrade I need to upgrade from version 7.3.X,

Searching again for the upgrade to 7.3.X I’ve found again that the only version that will work without disruption is 7.2.X:

clip_image004[4]

In my case I continued until 7.0.X and found out that in order to update from 6.4.X I need to do a 5 step process updating from 6.4 to 7.0 then to 7.1, 7.2, 7.3 and finally 7.4 in order to avoid disruptions, but in my case this is a lab ENV so I’ve jumped two version at one of the times.

It’s a long process indeed but it prevents down time which totally worth it.

Now, after noting all the needed versions we need to download the proper files, for all the brocades its basically the same firmware if downloaded from any vendor but its recommended to use your vendor’s firmware, in my case it’s EMC so I will show screenshots from EMC’s site.

Downloading the firmwares

Login to: https://support.emc.com/downloads

Search and select: “Connectrix – Brocade”

clip_image006[4]

Then select your switch from the list and download the proper versions, pay attention to the checksum link and verify each downloaded file’s MD5 check some after download to verify that the downloaded file is full (I use “http://implbits.com/products/hashtab/” to generate the MD5 of the files)

clip_image008[4]

Now we have the zip files, after unzipping and sorting the directories it should look like this:

clip_image009[4]

*not all brocades versions share the same sub-versions of the Fabric OS so if you plan to update more then one brocade type you should look for the proper sub-versions for each one, in my case I had three different versions and to avoid mistakes and also save some download time (each file is between 800MB to 1.2GB) I searched all the versions for shared sub-versions, that way I’ve downloaded each major version only once.

Next step is to backup our current configuration:

Login to the switch and run these commands:

“cfgsave”

“configupload”

clip_image011[4]

Now I have a file called “config.txt” on the root of my FTP server, in case of a problem that will cause my switch to lose its configuration I will be able to restore the old configuration by using the “configDownload” command, this is a disruptive action and will require to run the “switchDisable” command before it can be run:

clip_image012[4]

The error that you see: “configDownload: Edge Hold Time (0) is out of range (80..500)”

Mentions that the config.txt file that I’ve generated in the previous step contains an invalid configuration at the “Edge Hold Time” or “EHT” section of the config.txt file, I’ve opened the file with notepad, searched for “edgeHoldTime” and noticed that in my file it was configured to: “0”.

Depending on your switched current version you should change the value from “0” to either 220 or 500:

clip_image014[4]

You can refer to this table for the proper value:

clip_image015[4]

After changing the value to 220 and saving the file I was able to download the configuration back to the switch:

clip_image016[4]

And also run the “switchenable” command again to start working again.

Now lets start the update process:

You should use the “firmwaredownload” command and supply all the information it asks, its very straight forward and easy to understand and it looks like this:

clip_image018[4]

Connecting to the switch right after it boots up and running firmwareshow a few time returned the following output which shows the progress of the update:

clip_image020[4]

And I’m done with the first update, now you should repeat the same thing with all the other versions until you reach your final version.

A few examples of things you should not do and how do they look like:

Trying to update from 7.0.X straight to 7.4.X generates the following error:

clip_image022[4]

Trying to update from 7.0.X straight to 7.3.X generates the following error:

clip_image024[4]

Now when I run the same try but with adding the “-s” flag I get the following warning:

clip_image026[4]

In my case because it’s a lab ENV I did upgraded using this way but if you don’t want down time you shouldn’t use this option.

A few examples of special cases:

Running “firmwareshow” after jumping two versions using the “-s” flag, and then running “firmwareCommit”:

clip_image027[4]

Running “configdownload” without running the “switchDisable” command first:

clip_image028

Posted in Brocade | Tagged , | Leave a comment

Installation of exchange server 2010 SP3 UpdateRollup Failed with event log 1023 Eventvwr

“Update Rollup 17 for Exchange Server 2010 Service Pack 3 (KB4011326) 14.3.352.0′ could not be installed. Error code 1603”

:After searching the web I’ve found a way to run the setup with verbose log redirected to a file

“Exchange2010-KB4011326-x64-en.msp /lxv*! c:\Rollup.log”

And this is the log that I’ve got

clip_image001

Searching the c:\Rollup.log file didn’t helped me at all,

Finally I’ve deleted the folder: “C:\ExchangeSetupLogs”

And ran the setup again,

After the installation failed I saw that inside of “C:\ExchangeSetupLogs” folder there were 3 new files, one of them was “ServiceControl.log”

Researching this file I’ve located the following error:

“[Error] System.Management.Automation.ParseException: At C:\Program Files\Microsoft\Exchange Server\V14\Scripts\ManageScheduledTask.ps1:462 char:5”

Then I’ve opened the file in the mentioned location using PowerShell ISE, navigated to line 462 and saw that there was an error: “Flow of control cannot leave a Finally block.”

clip_image002

I backed up the file before changing that line to: “Write-Verbose $success”

clip_image003

Then rerun the setup and it completed successfully!

Just to be on the safe side, after the installation finished successfully I’ve returned the backed up script

Posted in Exchange 2010 | Tagged , , , , , | Leave a comment

Microsoft Teams Update announcement – February 14, 2017

 

Microsoft Teams has been in preview for several months. We hope that you had the opportunity to evaluate it for your organization. As we communicated in December, in MC89318, Microsoft Teams is currently off by default at the tenant level. Later this quarter, Microsoft will begin enabling Microsoft Teams to be on by default at the tenant level, for all eligible users with the appropriate license assignment. IT admins can continue to manage user access to Microsoft Teams via license assignments. This message is associated with Office 365 Roadmap ID 61652.

How does this affect me?

When we make this change, the ‘Turn Microsoft Teams on or off for your entire organization’ setting in ‘Settings > Services and Add-ins > Microsoft Teams’, will go from a default value of “off” to a default value of “on”.

Microsoft Teams will then be available to all eligible users with the appropriate license assignment. Once we turn Teams on-by-default, it will become available to those users. IT admins can continue to manage user access to Microsoft Teams via license assignments. Microsoft Teams will be rolled out gradually to all eligible Office 365 users later this quarter. Microsoft Teams is available in the following Office O365 commercial suites: Business Essentials, Business Premium, and Enterprise E1, E3, and E5 plans. Microsoft Teams will also be available to existing E4 customers who purchased E4 before its retirement. Microsoft Teams is not available to Education and Government customers at this time.

What do I need to do to prepare for this change?

If you do not rely on this setting to govern user access to Microsoft Teams, there is no action you need to take. Learn more by going to

 http://teams.microsoft.com.

If you currently rely on this setting to govern user access to Microsoft Teams, please migrate over to managing access via user licensing. Please click Additional Information to learn more, including how to use license assignments to enable or disable user access through Office 365 Admin center and PowerShell.

Posted in Office365 | Tagged , | Leave a comment

SCCM 2012 R2 – Collection Query for Internet Explorer

First you need to make sure that Asset intelligent is configured and enabled

Click on Asset and Compliance > Asset Intelligence  – Ensure that the following settings are show
1. Asset Intelligence Component : Enabled
2. Asset Intelligence Synchronization point status: Sync Point Deployed

image

image

2.  Configure Client Settings 

Go to Administration >  Client Settings –> Right click on Default Client Settings –>properties

image
select Hardware Inventory and ensure it is turned on.

 image

click on Set Classes…

image
Select Software ShortCut from the list  – Asset Intelligence (SMS_SoftwareShortCut) and make sure that everything is checked including File Version

image

Click on OK.

Now you are ready to create a query:

Open Configuration Manager on your Primary Site Server – >  Monitoring >  Right click on Query > Select new Query

image

Name : Computers with Internet Explorer
Click on Edit Query Statement
Click on Show Query Language
Copy and Past the following query:

Entire IE inventory in your IE environment

select distinct SMS_R_System.NetbiosName, SMS_G_System_SOFTWARE_SHORTCUT.FileVersion from  SMS_R_System inner join SMS_G_System_SOFTWARE_SHORTCUT on SMS_G_System_SOFTWARE_SHORTCUT.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SOFTWARE_SHORTCUT.Description like “%Internet Explorer%”

For Specific Versions:

Internet Explorer 9

select distinct SMS_R_System.NetbiosName, SMS_G_System_SOFTWARE_SHORTCUT.FileVersion from  
SMS_R_System inner join SMS_G_System_SOFTWARE_SHORTCUT on SMS_G_System_SOFTWARE_SHORTCUT.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SOFTWARE_SHORTCUT.FileVersion like "%9.00%"

Internet Explorer 10

select distinct SMS_R_System.NetbiosName, SMS_G_System_SOFTWARE_SHORTCUT.FileVersion from  
SMS_R_System inner join SMS_G_System_SOFTWARE_SHORTCUT on SMS_G_System_SOFTWARE_SHORTCUT.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SOFTWARE_SHORTCUT.FileVersion like "%10.00%"

Internet Explorer 11

select distinct SMS_R_System.NetbiosName, SMS_G_System_SOFTWARE_SHORTCUT.FileVersion from  
SMS_R_System inner join SMS_G_System_SOFTWARE_SHORTCUT on SMS_G_System_SOFTWARE_SHORTCUT.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SOFTWARE_SHORTCUT.FileVersion like "%11.00%"

 

Good luck סמיילי

Posted in SCCM 2012, SCCM 2012 R2 | Tagged , , , | Leave a comment

password never expires

<#

This script find all the users whose passwords never expire and send a report to mail.
Idit Bnaya

#>

Import-Module activedirectory
$date=Get-Date
$date1 = $date.ToShortDateString()
$date2 = $date1.Replace("/","_")
$FolderPath = ‘c:\temp’
 
Get-ADUser -filter * -Properties PasswordNeverExpires | where {($_.PasswordNeverExpires -eq $true)}  |select name,SamAccountName,DistinguishedName,PasswordNeverExpires |Export-Csv $folderpath\"passnerverexpired"’  ‘$date2.csv

$smtpServer = "SMTP Address"
$smtpFrom = "ReportPasswordneverexpired@idit.com"
$smtpTo = "idit.bnaya@iditbnaya.com"
$messageSubject = "PasswordNeverExpired "+" "+$date

Send-MailMessage -To $smtpTo -From $smtpfrom -SmtpServer $smtpServer -Subject $messageSubject -BodyAsHtml -Attachments $folderpath\"passnerverexpired"’  ‘$date2.csv

Posted in PowerShell | Tagged , | Leave a comment

Who am I – VB Script

‘ This script returns the following details on the local computer:

1. IP address

2. Computer name

3. Last reboot time

4. user name

image

I compiled it to exe and push it to all the workstations using GPO

It looks like this

image

Copy and save as vbs file:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

 

Function WMIDateStringToDate(dtmBootup)
WMIDateStringToDate = CDate(Mid(dtmBootup, 5, 2) & “/” & _
Mid(dtmBootup, 7, 2) & “/” & Left(dtmBootup, 4) _
& ” ” & Mid (dtmBootup, 9, 2) & “:” & _
Mid(dtmBootup, 11, 2) & “:” & Mid(dtmBootup, _
13, 2))
End Function
Dim NIC1, Nic, StrIP, CompName, objWMIService, colOperatingSystems, dtmBootup,  dtmLastBootupTime

Set NIC1 = GetObject(“winmgmts:”).InstancesOf(“Win32_NetworkAdapterConfiguration”)

For Each Nic in NIC1

if Nic.IPEnabled then

StrIP = Nic.IPAddress(i)

Set WshNetwork = WScript.CreateObject(“WScript.Network”)

CompName= WshNetwork.Computername
end If

Next

Set objWMIService = GetObject(“winmgmts:” & strComputer & “\root\cimv2”)
Set colOperatingSystems = objWMIService.ExecQuery(“Select * from Win32_OperatingSystem”)
For Each objOS in colOperatingSystems
dtmBootup = objOS.LastBootUpTime
dtmLastBootupTime = WMIDateStringToDate(dtmBootup)

MsgBox “IP Address: “&StrIP & vbNewLine _
& “Computer Name: ” &CompName & vbNewLine _
& “Last Reboot Time: “&dtmLastBootupTime & vbNewLine _
& “User Name : “& WshNetwork.UserName
‘MsgBox “Last Reboot: ” & dtmLastBootupTime
‘MsgBox “The current user is ” & WshNetwork.UserName

wscript.quit
Next

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Good luck סמיילי

Posted in Profile, Scripts | Leave a comment

Define new topology for a clean Skype for business server environment

Topology Builder is used to create, adjust, and publish your topology.
Topology Builder also validates your topology before you begin server installations.
When you install Skype for Business Server 2015 on individual servers, the servers read the published topology as part of the installation process, and the installation program deploys the server as directed in the topology.
When you publish the topology, Skype for Business Server 2015 places the topology in the Central Management Database, which is created at this stage if it does not already exist. Then, when you install Skype for Business Server on each server in your deployment, the server reads the topology from the Central Management database and installs a replica copy of the Central Management Database into a new local SQL Server Instance.
Whether you use the Planning tool or Topology Builder to define the topology, you are required to publish the topology by using Topology Builder before you install Skype for Business Server 2015 on servers.
Using Topology Builder to plan and publish a topology is a mandatory step. You cannot bypass Topology Builder and install Skype for Business Server 2015 individually on the servers in your deployment.

This topology builder guide is a basic step by step guide for creating a new topology for Skype for business 15
The following are the high-level steps to publish your topology by using Topology Builder:

1. Open the topology builder tool

  • Lunch a new instance
  • Select New topology

image

2. Save the file

image

3. Add the sip domain

image

  • If you want to support any additional SIP domains you can add them (you can add them later)

4. Define the first site – this is the actual name of the central site in the topology builder itself

image

  • Specify the site details if you desire

5. Create you frontend pool

image

6. What type of pool would you like to create

  • Choose the pool you need for your environment and give it a name

image

7. Add the computers that will be part of this pool

image

8. If there any roles you would like to collocate

image

9. choose whether if not you want to use an edge

image

10. Define a SQL store

image

image

11. Define a file store – define a new file store for an existing share

image

12. Specify the web services URL 

image

13. Click FINISH

image

14. Publish The topology – this will publish the configuration in to the central management store

image

Good luck! סמיילי

Posted in Skype for buiness | Tagged , , | Leave a comment

ADSync error – OnlineIdentityException–0x8023134a–Last name was changed

I recently dealt with an issue with Office 365 and the "Directory Synchronization service manager" where two of the users who had been previously syncing to Office 365 with no problems started to receive the error "OnlineIdentityException "

The Error Description was:

"The cause of the error is not clear. This operation will be retried during the next synchronization. If the issue persists, contact Technical Support.

Tracking Id: 8a1fee60-18d9-4a4c-83d2-b17fbc074b20
ExtraErrorDetails:

image

After looking at all the old and new Attribute of the users under :Pending export" I notice that the last name was changed

image

This environment  is  Exchange online environment -  where all mailboxes are in the cloud.

I removed the old user Using "Windows Azure Active Directory Module for Windows PowerShell":

 

1. Connect to Office 365 via Powershell

2. Download and Install the "Windows Azure Active Directory Module for Windows Powershell" (available here)

3. Run the following commands (make sure you have the credentials for a global administrator for the Office 365 subscription)

Import-Module MSOnline

Connect-MsolService

get-msoluser -UserPrincipalName   "Useroldlastname@domain.com" |Remove-MsolUser

Check that the user is deleted from the cloud

get-msoluser -UserPrincipalName   "Useroldlastname@domain.com"

run the export stage again from the "Synchronization service manager"   and the problem was solved!

image

image

 

* Please notice – The Remove-MsolUser command is used to remove a user from the  cloud This command will delete the user, their licenses, and any other associated data. 

Enjoy סמיילי

Posted in Azure AD Connect, Dirsync, Office365 | Tagged , , , , | Leave a comment

SCCM – Adding driver package to a task sequence

1. First we need to create a folders and copy the Network, Display, Chipset, Audio, Modem, SATA drivers in to it.

For example OptiPlex3020Win7X64

2. Create a driver package in SCCM Console:

Give the package a name matching the folder name

Note: When you create a new driver package you must provide a network share that is not in use by other driver packages.

Distribute your driver package to DP’s

image

 

3. Add the  driver package to a task sequence

First we need to get the model name from the existing machine by Opening CMD on the Machine and type:  WMIC CSProduct Get Name

image

In task sequence “Apply driver package” task

 

image

Choose the Driver package you created

In the options tab, enter a task sequence variable of model equals "model name"

image

you can also use a WMI query instead such as

Select * from Win32_computersystem where model like "%OptiPlex 3020%"

 

Good luck סמיילי

Posted in SCCM 2012, SCCM 2012 R2, SCCM2007, System Center | Tagged , , , | Leave a comment