TechShizz | All posts tagged 'Error'

RDP Error "CredSSP Encryption Oracle Remediation"

Problem

 Unable to RDP to Machine: CredSSP Encryption Oracle Remediation

Cause

 Windows Update: https://support.microsoft.com/en-gb/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

Solution

The fix is to open your local group policy settings and do this.

Computer Configuration -> Administrative Templates -> System -> Credentials Delegation--Encryption Oracle Remediation

enable and set to 'vulnerable'.

If Windows Home edition reg key change...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters] "AllowEncryptionOracle"=dword:00000002

I had to create the CredSSP key, then the Parameters key, then the dword value as none of them existed.

Reference, Links and Imges

 https://blogs.technet.microsoft.com/mckittrick/unable-to-rdp-to-virtual-machine-credssp-encryption-oracle-remediation/

https://support.microsoft.com/en-gb/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

Error: "The security certificate has expired or is not valid" in Outlook

After migrating companies from on-premises exchange to Office 365, user may see the following error. 

"The security certificate has expired or is not yet valid"

This is because the local exchange server, although switched off still runs the IIS portion of exchange. The OWA is pointing users Outlook to look the the previous certificate that was used, not Microsoft's servers.

To fix this we need to amend the AutoDiscoverServiceInternalUrl value. 

1. Log on to the old on-premeises exchange and start the Exchange Power Shell

2. Check current value by running:

Get-ClientAccessServer -Identity "[SERVERNAME]" | Format-List

I would recommend screen taking a screen shot of this in case you need to revert back. Next, ping your office 365 autodiscover record and verify it's correct. E.g.

Ping autodiscover.domain.com

If all is OK you need to update as follows:

Set-ClientAccessServer -Identity "MBX-01" -AutoDiscoverServiceInternalUri "https://mbx01.contoso.com/autodiscover/autodiscover.xml"

Once this is done, clear the DNS server cache and restart the DNS service. Then on the client machines flush dns:

ipconfig /flushdns

This should resovle the error

Ref: https://technet.microsoft.com/en-us/library/bb125157(v=exchg.160).aspx

Outlook wont Load stuck on profile loading: Error: X-AutoDiscovery-Error: LiveIdBasicAuth:FederatedStsUnreachable: and failed logon error - STSFailure

We have an Office 365 Single Sign on environment where users were having issues starting outlook. The application would hang on loading profile. Users could not launch outlook, nor create a new profile. Users COULD log in to OWA (Office 365) and authenticate against the ADFS. 

No changes were made to the network on the on-prem nor the Office 365 environment.

We tried the Microsoft Support and Recovery Assistant for Office 365 but this tool is not supported for Single Sign on environments. 

We ran the following tests on https://testconnectivity.microsoft.com:

Single Sign on - Passed

DNS Tests - Passed

Outlook Connectivity Tests - Failed due to Autodiscover failure

Autodiscover - Failed with the following code:

A Web exception occurred because an HTTP 503 - ServiceUnavailable response was received from Unknown.
HTTP Response Headers:
Retry-After: 30
request-id: 8adf642c-4dac-4a66-972f-5963d53f2381
X-CalculatedBETarget: vi1pr0701mb3005.eurprd07.prod.outlook.com
X-AutoDiscovery-Error: LiveIdBasicAuth:FederatedStsUnreachable:<X-forwarded-for:40.85.91.8><ADFS-Business-682ms>failed logon error - STSFailure - '<s:Fault xmlns:s="http://www.w3.org/2003/05/soap-envelope"><s:Code><s:Value>s:Sender</s:Value><s:Subcode><s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value></s:Subcode></s:Code><s:Reason><s:Text xml:lang="en-GB">An error occurred when verifying security for the message.</s:Text></s:Reason></s:Fault>'<FEDERATED><UserType:Federated>Logon failed "firstname.secondname@our-domain.com".;

 

We confirmed connectivity to ADFS with:

https://sts.our-domain.com/adfs/services/trust/2005/usernamemixed

We were a little stuck at this point so we contacted Microsoft for assistance.

After several hours the problem was part resolved by enabling the Modern Authentication Process.

Reference: 

https://blogs.office.com/2015/03/23/office-2013-modern-authentication-public-preview-announced/

 

https://support.office.com/en-us/article/Enable-Modern-Authentication-for-Office-2013-on-Windows-devices-7dc1c01a-090f-4971-9677-f1b192d6c910?ui=en-US&rs=en-US&ad=US

 

https://social.technet.microsoft.com/wiki/contents/articles/32711.exchange-online-how-to-enable-your-tenant-for-modern-authentication.aspx

 

https://blogs.office.com/2015/11/19/updated-office-365-modern-authentication-public-preview/

 

We still have the Autodiscover errors, but this got the users working. 

 

The fix was to connect to Microsoft Exchange Online via PowerShell and run the follwoing:

Set-OrganizationConfig -OAuth2ClientProfileEnabled:$True

 

Update!!:

Issue has now been fully resolved. After much messing around and hours of Microsoft Sernior technicians, I spotted that the TIME on the ADFS server and the time on the ADFS Proxy server were out by 7 minutes. Each machine was on a different physical host.

I configured a tursted time source on each physical host, re-tested the testconnectivity.microsoft.com and the problem was resoved!

The difference in time (+5 minutes) was the cause.

Internet Explorer 11 Default Web Browser button greyed out

Found this resolution to this irritating problem:

IE prompts which browaser should be default and locks up the browser until the prompt is answer, but your unable to continue because the button is grayed out. 

System Restore resolves as this occured after a windows update:

Also tried this:

1. Re-assert Internet Explorer as the default Browser in the CUSTOM (<=important!) section of Set Program Access and Computer Defaults (ignore the "Use my current brower" option).

 

2a. Right-click on the following link & select SAVE TARGET AS... to download/save the file to your desktop:http://www.slipstick.com/doit/chromehtml.reg [1]

 

2b. Double-click on the file you saved in #2a above & accept the prompt to MERGE the data with the Registry.

 

3. IMPORTANT - DON'T SKIP THIS STEP! => Open Internet Explorer (only!) tohttp://support.microsoft.com/kb/923737 & run a Reset.

 

Tip: For optimal results, check the Delete personal settings option

 

4. Reboot & test.


Shortcuts on Desktop keep disappearing on Windows 7

Found this resolution for the problem.

Windows has a built in component that cleans up 'broken' shortcuts'. It's possible that it is removing the shortcuts if connectivity to shared location is lost. 

To disable the System Maintenance troubleshooter, follow these steps:
  1. Click Startstart button, and then click Control Panel.
  2. Under System and Security, click Find and fix problems.
    Note: If System and Security is not displayed you will need to change how you are viewing Control Panel. To change your view, click the down arrow in View by and select CategoryView by is located in the top right corner of the Control Panel.