TechShizz | All posts by rich

HTTP Error 503 when Single Sin On redirecting to ADFS Server After Re-Enabling Single Sign On

Problem

An Office 365 single sign on environment has been disabled (due to server being offline for an extended period of time) and on trying to re-enable Single Sign on is not working. Specifically, when being re-directed from the Office 365 portal to the federated server sts.domain.com you get a http 503 error.  Also you may have noticed the token signing certificates in ADFS have exired.

Cause

The proxy trust certificate is a rolling certificate valid for 2 weeks and periodically updated. If the servers are offline for more than two weeks the ADFS server will lose its trust relationship with the ADFS Proxy server. 

Solution

The certificates that had expired needed to be re-newed. To do this we simply ran the Azure AD Connect tool on the ADFS server. Once this was run, we noticed the expired certificates has been renewed.

Second, we need to install the new ADFS certificate thumbprint in the ADFS Proxy Server (Web Appication Proxy). To do this, on the ADFS server we ran:

Get-ADFSSSlcertificate

and noted the thumprint for the new certificate

On the ADFS Proxy Server (Web Application Proxy) we ran:

Install-WebApplicationProxy -CertificateThumbprint "22121D02DCBF80F440B5E26D52B92BC255D59F95" -FederationServiceName "sts.domain.com"

We then had to enter the DOMAIN credentials. 

Reference, Links and Imges

https://blogs.technet.microsoft.com/rmilne/2015/04/20/adfs-2012-r2-web-application-proxy-re-establish-proxy-trust/

https://www.fastvue.co/tmgreporter/blog/how-to-solve-web-application-proxy-and-ad-fs-certificate-issues-general-error-code-0x8007520c

https://support.microsoft.com/en-gb/help/3079872/troubleshoot-ad-fs-issues-in-azure-active-directory-and-office-365

Customise Office 365 Encrypted Email Notification

Problem
You need to customize the Encrypted email notification that is sent to the recipient of an encrypted email so suit the company's branding/image.
Solution

Connect to the Office 365 Tenant via the Azure PowerShell Module. Use these commands

#Header:
Set-OMEConfiguration -Identity "OME Configuration" -EmailText "Encrypted message from CompanyName secure messaging system."

#Disclaimer:
Set-OMEConfiguration -Identity "OME Configuration" -DisclaimerText "This message is confidential for the use of the addressee only."

#Text that appears at the top of the encrypted mail viewing portal:
Set-OMEConfiguration -Identity "OME Configuration" -PortalText "CompanyName secure email portal."

#Logo:
Set-OMEConfiguration -Identity "OME configuration" -Image (Get-Content "C:\Users\%username%\Desktop\logo.png" –Encoding byte)
#Supported file formats: .png, .jpg, .bmp, or .tiff
#Optimal size of logo file: less than 40 KB
#Optimal size of logo image: 170x70 pixels

#Background color:
Set-OMEConfiguration -Identity "OME Configuration" -BackgroundColor "#ffffff"

One Drive character limit | PowerShell to find file path character length | File Path Character Limit

Problem

One Drive will not sync files with more than 400 charactes in the file path

Cause

Limitation

Solution

Use this script and execute to create a list of all files and their number of characters. Address by shortening folder and file names. 

 $pathToScan = "C:\APP1-Data\SharePointData\MW\MW - Documents" # The path to scan and the the lengths for (sub-directories will be scanned as well).
$outputFilePath = "C:\temp\PathLengths.txt" # This must be a file in a directory that exists and does not require admin rights to write to.
$writeToConsoleAsWell = $true # Writing to the console will be much slower.

# Open a new file stream (nice and fast) and write all the paths and their lengths to it.
$outputFileDirectory = Split-Path $outputFilePath -Parent
if (!(Test-Path $outputFileDirectory)) { New-Item $outputFileDirectory -ItemType Directory }
$stream = New-Object System.IO.StreamWriter($outputFilePath, $false)
Get-ChildItem -Path $pathToScan -Recurse -Force | Select-Object -Property FullName, @{Name="FullNameLength";Expression={($_.FullName.Length)}} | Sort-Object -Property FullNameLength -Descending | ForEach-Object {
$filePath = $_.FullName
$length = $_.FullNameLength
$string = "$length : $filePath"

# Write to the Console.
if ($writeToConsoleAsWell) { Write-Host $string }

#Write to the file.
$stream.WriteLine($string)
}
$stream.Close()


Custom bullet points / Unordered Lists HTML

If we want to use a custome image for bullet points in html we can make this work with a bit of CSS.
CSS
ul.myclass {
list-style-image: url('/images/custom_bullet.jpg');
}
HTML
<ul class="myclass">
<li>List item 1</li>
<li>List item 2</li>
<li>List item 3</li>
</ul>

URL Rewrite rule to remove .php from URLs

URL Rewrite rule to remove .php from URLs 

<rewrite>
  <rules>
    <rule name="Redirect .php extension" stopProcessing="false">
      <match url="^(.*).php$" ignoreCase="true" />
    <conditions logicalGrouping="MatchAny">
      <add input="{URL}" pattern="(.*).php$" ignoreCase="false" />
    </conditions>
      <action type="Redirect" url="{R:1}" redirectType="Permanent" />
    </rule>
    <rule name="hide .php extension" stopProcessing="true">
      <match url="^(.*)$" ignoreCase="true" />
    <conditions>
      <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
      <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
      <add input="{REQUEST_FILENAME}.php" matchType="IsFile" />
    </conditions>
      <action type="Rewrite" url="{R:0}.php" />
    </rule>
  </rules>
</rewrite>