Differences – IIS 8.5 — IIS 7.5 – Permissions Field

Wednesday, November 30, 2016

Hey, in the last recent days i was handle with iis permissions issue, while trying to send http request from iis application (windows server 2012 r2 IIS 8.5)  - I get an exception 401 unauthorized. (SSL Client Certificate Authentication) when i try to simulate it with different OS (2008 R2 IIS 7.5) - I get 200 OK & everything goes as expected. after a little research we reached to obtain a local admin to the application pool user to check if the following scenario related to a permissions field . and guess what? it's works as we verified  - application pool user identity needs...
no comments

Azure Active Directory Audit logs

Monday, June 15, 2015

Hey The Azure Security team strives to provide the right level of audit logs as it relates to your subscription and your Azure Active Directory tenant. Audit events are logged in a consistent schema and are monitored to prevent tampering and loss hence providing a robust logging system.     Read More: http://blogs.msdn.com/b/azuresecurity/archive/2015/06/11/azure-active-directory-audit-logs.aspx  
no comments

GPSVC Log Analysis

Saturday, April 18, 2015

Hey This guide outlines basic steps used to troubleshoot Group Policy application errors using the Group Policy Service Debug logs (gpsvc.log).   A basic understanding of the logging discussed in the link below: http://blogs.technet.com/b/askds/archive/2015/04/17/a-treatise-on-group-policy-troubleshooting-now-with-gpsvc-log-analysis.aspx  
no comments

Resetting Azure VM user Account Password through PowerShell ISE

Friday, February 20, 2015

Hey , Last week I was asking for reset azure user account password in a specific VM, the following describes how to implements it in azure PowerShell ISE: Connect PowerShell to your Windows Azure subscription 1. Set the Windows PowerShell script execution policy to RemoteSigned: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned 2. Import the Windows Azure PowerShell module: Import-Module Azure 3. Download the Windows Azure Publish Settings file for your Windows Azure subscription. When you run this cmdlet, a web browser launches and asks you to sign in. Sign in with the same user name and password credentials that you used when you activated your Windows Azure subscription. Get-AzurePublishSettingsFile   4. Import the downloaded...
no comments

Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Thursday, December 11, 2014

Hey Yesterday I came across issue problem of a permissions on Third-Party Root Certification Authorities store with an Access Denied . The following exhibiting the issue problem and the resolution:     1. Event 4110, CAPI2 Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied. 2. Process Monitor  = Capture Access Denied on Registry: 3.  Resolution  - Check for "NT SERVICE\CryptSvc" Group existing: ______________________________________________________________

Security policies were propagated with warning. 0x5 : Access is denied

Monday, November 3, 2014

Hey In the last recent weeks I've handle with a gpo issue while trying to figure out how can i fix the event below:   Warning event 1202  - Security policies were propagated with warning. 0x5 : Access is denied.     2. After Gpupdate /force or Rsop.msc  , winlogon.log file point on smcservice with Access is denied     3. System Services By GPO – Configured & defined on Symantec services – Cause the Problem   Solution: Don’t define any of  Symantec’s services to automatic/manual running by GPO, because the service must be run from smc.exe file mandatory.   When another process run a service request the error message will be “the service already...
one comment

ADFS Claims Aware Application Architecture – Struct Configuration

Thursday, October 9, 2014

Hey In the last recent days I've worked on ADFS troubleshooting and understanding to well known with web server and with ADFS's XML struct configuration. At the next steps we are about to understand the logic of web server and ADFS configuration. 1. Import FederationMetadata.xml file for Add Relaying Party Trust: The FederationMetadata.xml file created from Fedutil wizard which point to FederationMetadata.xml file that existing in ADFS server.   2. Use an existing STS browse to AD FS server's URL metadata: https://adfs.domain.com/federationmetadata/2007-06/federationmetadata.xml   3.  The FederationMetadata Folder and files created:     In the next post i'll Talk about WAP (Web Application Proxy) Architecture  Enjoy! Shuki Noy.
no comments

CNG private key are not supported – ADFS

Tuesday, September 23, 2014

Hey In the last Recent days I've handle with CSP issue  in ADFS environment When i got this error message at the end of the ADFS wizard: The certificates with the CNG private key are not supported. Use a certificate based on a key pair generated by a legacy Cryptographic Service Provider The problem occurred because of  "next generation" template's CSP certificate. Creating new template (2003) and pick for : Microsoft DH SChannel Cryptographic Provider Microsoft RSA SChannel Cryptographic Provider As mentioned here: Creating new certificate  and import it to  ADFS's local machine store. Try running  ADFS's Wizard again. Enjoy!
no comments

Understanding Proxy Settings Exceptions By GPO

Thursday, September 11, 2014

To be able to add url or address , Separate multiple addresses with a semi-colon . The following scenarios would causes internet connection problem in IE Exceptions: 1. Blank space 2. Missing data with . Or * 3. Addresses beginning with    "   Client Registry get new data  from GPO Server: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride Displays on IE Proxy Settings:
one comment