Posts

Setting preferred-language on ADDS/AAD account

If you need to set the preferred language on an account to stop the issue with the date being USA when in the UK which can cause issues with PowerApps and PowerBI and Teams then you need to update an attribute, to complete this you will need the correct command for the type of account. If the command is a cloud only account then you can use this: Get-MsolUser  -UserPrincipalName <UPN>  | Set-MsolUser -PreferredLanguage "en-GB" If you wish to target all cloud accounts then you can use this: Get-MsolUser -ResultSize Unlimited | Set-MsolUser -PreferredLanguage "en-GB" However if you get this error: Set-MsolUser : Unable to update parameter. Parameter name: PREFERREDLANGUAGE. At line:1 char:66     + CategoryInfo          : OperationStopped: (:) [Set-MsolUser], MicrosoftOnlineException     + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.PropertyNotSettableException,Microsoft.Online.Administration.Automation.SetUser This means the user is synced

NPS and Server 2019 "rejection" issues with PEAP/EAP

 I had an issue where the RADIUS authentication requests on the server were not working as they should and rejecting devices, mainly Windows 10 devices, this was caused by two issues, so lets go though them now.... The error Authentication Type: PEAP EAP Type: - Account Session Identifier: 39363033333243354442323838323931 Logging Results: Accounting information was written to the local log file. Reason Code: 23 Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors. Step 1 : Windows Updates Ensure you have the latest serving stack installed, a couple of people reported that they installed Windows Updates then were unable to connect, upon inspected the NPS servers were rocking the older serving updates and did not have updates installed. Please, keep your NPS servers up to date, before your try the options below....... Step 2 : Server NPS configuration On Windows

Logitech Devices and inTune with Teams

Image
Preface Right if you are using Logitech Devices with Teams and you are also using an MDM solution to manage these devices then you need to ensure you are reading the correct articles to get the correct picture 1. Create Rooms Account We have an environment where we have hybrid Exchange, this means the rooms account need to be created locally in Exchange, so to complete this lets create a room accounts from ECP using the "New Room" option Once in ECP, navigate to the resources tab then click on the "Add" icon Once you click Add choose the Room Mailbox option: The rest of the screens are creating a room account, so you need a name and an alias, no images required, also fill in location and capacity, I have also manually placed this account on a different database but that is not required. Once this account is created, you have a local room mailbox which is not that helpful to the Logitech system as it really need to be in Office 365, our configuration as its hybrid wi

Rebuild BCD when server does not boot

Image
I got a sever that did not boot, it should have booted off the local storage, but it told me "no bootable media found" and then tried to start a PXE boot, which is great, but we do not use PXE boot, so that is a clear sign that there is issue with the boot volume manager......... First, this command should get stuff back online, this will write the boot files back and once complete the server should then be able to get it boot files and start-up as normal. c:\windows\system32\bcdboot.exe c:\windows Easy right, but no, I got this error which means there is something a little more sinister going on here as this says it cannot copy the boot files to the volume....... Failure when attempting to copy boot files The error message seems to be caused by one primary reason i.e the system partition is set as inactive. If you are deploying an image into different computers at once, you will have to make sure that the system partition is set as active or else the bcdboot command will pro

Exchange : Transaction Logs taking up all the disk space.....

 If you find your Exchange transaction logs are taking up all the space on the drive, which if it fills up will cause a dismount of your Exchange DB and need to backup quick this can save you.... You can enable circular logging but unless you have good backups that is a horrible idea, but if yuou wish to this is how  you do it: PS C:\> get-mailboxdatabase DB01 | fl *path* EdbFilePath : C:\ExchangeDatabases\DB01\db\DB01.edb LogFolderPath : C:\ExchangeDatabases\DB01\logs TemporaryDataFolderPath : MetaCacheDatabaseVolumesRootFolderPath : C:\EDB\ MetaCacheDatabaseRootFolderPath : C:\EDB MetaCacheDatabaseMountpointFolderPath : C:\EDB\DB01 MetaCacheDatabaseFolderPath : C:\EDB\DB01\DB01.mcdb MetaCacheDatabaseFilePath : C:\EDB\DB01\DB01.mcdb\DB01-mcdb.edb PS C:\> Get-MailboxDatabase DB01 | select circ* CircularLoggingEnabled ---------------------- False PS C:\> Set-MailboxDatabase DB01 -CircularLoggingEnabled:$true WARNING: Circular logging parameter change will not be applied on this

intune SCEP NDES 500 Error

Image
If the relevant certificates are in an expired state, were deleted, or revoked from the issuing CA for any causes, the NDES service will fail to start resulting in the Intune SCEP HTTP Error 500 – Internal Server Error. This is what expired on our SCEP server: The certificates were the CEP Encryption and the Exchange Enrolment Agent, now the renewal can be a little bit of fun depending on how you have our certificates templates setup, both of these certificates need to be valid in order for SCEP to work. CEP Encryption This certificate will need to be generated as a local computer certificate, so brose the certificate authority on the MMC and connect to the CA giving the CA for you, once there right click on the "Certificate Template" option and choose manage Once that loads find your certificates which is this case is "CEP Encryption" Once you have this certificate you will need to right click and choose properties, if then then pop on to the security tab you will

AD-Connect from PHS to PTA

Image
Firstly if you domain is federated this method will take precedence over the any methods you select here, the option your select in the user sign-in will only affect users if you moved from Federated to Managed - if you need to move from Federated to Managed you only need one command: Set-MsolDomainAuthentication -Authentication Managed -DomainName <domain name> To check these settings navigate to your ADConnect blade management in Azure by using this link: https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/AzureADConnect Once you are here you will notice that under the user sign-in option you will have a breakdown of your federated domains. the options below show we have Federation and SSO enabled and PTA Disabled for now....... You need to decide if PTA is correct for your domain, this can be assed in details using the FAQ https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-faq Furthermore the decision tree flowchart will h