in the last recent days i was handle with iis permissions issue,
while trying to send http request from iis application (windows server 2012 r2 IIS 8.5) - I get an exception 401 unauthorized. (SSL Client Certificate Authentication)
when i try to simulate it with different OS (2008 R2 IIS 7.5) - I get 200 OK & everything goes as expected.
after a little research we reached to obtain a local admin to the application pool user to check if the following scenario related to a permissions field .
and guess what? it's works as we verified - application pool user identity needs...
The Azure Security team strives to provide the right level of audit logs as it relates to your subscription and your Azure Active Directory tenant. Audit events are logged in a consistent schema and are monitored to prevent tampering and loss hence providing a robust logging system.
This guide outlines basic steps used to troubleshoot Group Policy application errors using the Group Policy Service Debug logs (gpsvc.log).
A basic understanding of the logging discussed in the link below:
Last week at February 18th , Microsoft released Fix for text quality degradation after security update 3013455 (MS15-010) is installed.
Follow the link below:
Last week I was asking for reset azure user account password in a specific VM, the following describes how to implements it in azure PowerShell ISE:
Connect PowerShell to your Windows Azure subscription
1. Set the Windows PowerShell script execution policy to RemoteSigned:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
2. Import the Windows Azure PowerShell module:
3. Download the Windows Azure Publish Settings file for your Windows Azure subscription. When you run this cmdlet, a web browser launches and asks you to sign in. Sign in with the same user name and password credentials that you used when you activated your Windows Azure subscription.
4. Import the downloaded...
Yesterday I came across issue problem of a permissions on
Third-Party Root Certification Authorities store with an Access Denied .
The following exhibiting the issue problem and the resolution:
1. Event 4110, CAPI2
Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
2. Process Monitor = Capture Access Denied on Registry:
3. Resolution - Check for "NT SERVICE\CryptSvc" Group existing:
In the last recent weeks I've handle with a gpo issue while trying to figure out how can i fix the event below:
Warning event 1202 - Security policies were propagated with warning. 0x5 : Access is denied.
2. After Gpupdate /force or Rsop.msc , winlogon.log file point on smcservice with Access is denied
3. System Services By GPO – Configured & defined on Symantec services – Cause the Problem
Don’t define any of Symantec’s services to automatic/manual running by GPO, because the service must be run from smc.exe file mandatory.
When another process run a service request the error message will be “the service already...
In the last recent days I've worked on ADFS troubleshooting and understanding to well known with web server and with ADFS's XML struct configuration.
At the next steps we are about to understand the logic of web server and ADFS configuration.
1. Import FederationMetadata.xml file for Add Relaying Party Trust:
The FederationMetadata.xml file created from Fedutil wizard which point to FederationMetadata.xml file that existing in ADFS server.
2. Use an existing STS browse to AD FS server's URL metadata: https://adfs.domain.com/federationmetadata/2007-06/federationmetadata.xml
3. The FederationMetadata Folder and files created:
In the next post i'll Talk about WAP (Web Application Proxy) Architecture
In the last Recent days I've handle with CSP issue in ADFS environment
When i got this error message at the end of the ADFS wizard:
The certificates with the CNG private key are not supported. Use a certificate based on a key pair generated by a legacy Cryptographic Service Provider
The problem occurred because of "next generation" template's CSP certificate.
Creating new template (2003) and pick for :
Microsoft DH SChannel Cryptographic Provider
Microsoft RSA SChannel Cryptographic Provider
As mentioned here:
Creating new certificate and import it to ADFS's local machine store.
Try running ADFS's Wizard again.
To be able to add url or address , Separate multiple addresses with a semi-colon .
The following scenarios would causes internet connection problem in IE Exceptions:
1. Blank space
2. Missing data with . Or *
3. Addresses beginning with "
Client Registry get new data from GPO Server:
Displays on IE Proxy Settings: