Renew Apple MDM Push Certificate for Microsoft Intune Apple Enrollment


When you configure Apple enrollment on Microsoft Endpoint admin center (, you must have configured Apple MDM Push certificate which is a prerequisites for configuration of Apple enrollment for Microsoft Intune. The Apple MDM Push certificate expiry is normally 365 days and when its near its expiry date you get notified 30 days and then 10 days before. If you are looking to Configure Apple MDM Push Certificate from scratch, you can click on the link below: If you do not renew the certificate and it gets expired then a new certificate will need to be generated and installed which will require all the apple devices to get re-enrolled. Therefore, …

Read more

Unable to change the Coexistence mode from Islands to Teams Only

Microsoft Intune

If you have upgraded your Skype for Business users to Teams and want to update the Teams co-existence mode to “Teams Only” so that users can only use Teams but still join meetings hosted in Skype for Business. To change the coexistence mode. Open Teams Admin Portal -> Org-wide settings -> Teams upgrade Change the co-existence mode to “Teams only”. You may get below error as we see in the below screenshot. There is not much information on this portal to troubleshoot this issue. However, we will try using powershell to set the co-existence mode to “Teams only” mode to see if we get more information on the console. Using …

Read more

How to download Certificate from NetScaler in PFX Format

Once the certificate has been uploaded on the NetScaler in .crt and .key. Its very easy to download it back in the PFX format from the NetScaler. Please follow the below steps and download the certificate along with Private Key. Once Exported, you can save the Password Protected PFX in a secure location. Steps:

Exchange 2010 or Exchange 2013: Event ID 2142: Process STORE.EXE (PID=6276). Topology discovery failed, error 0x8007077f.

Issue Description Unable to start the Exchange 2010 or Exchange 2013 Services and it just gets stuck at the Starting status. You restart the Server multiple times but the status is still the same. Also, when you try to connect to the exchange management console, you are unable to connect and when trying from Exchange Management Shell you get below error in the screenshot. Well, your clue to fix the issue is in below screenshot as well which i have highlighted with yellow box which says 1. “The computer is not in a site.” 2. “WARNING: No Exchange servers are available in the Active Directory site. Connecting to exchange server in another …

Read more

Office 365 User Provisioning Issue [Unable to create user’s mailbox]

Issue Description When a new user is created in On-Premise active directory which is then synced to Azure AD and a license has been assigned to the user, you get the error: This user’s on-premises mailbox hasn’t been migrated to Exchange Online. The Exchange Online mailbox will be available after migration is completed. Also, you see that the Mailbox is not created for this user in Exchange Online(EXO). Solution: a) Remove msExchMailboxGuid  attribute value from the On Premise Active Directory User. b) Remove msExchRecipientDisplayType attribute value. c) Remove msExchRecipientTypeDetails attribute value. d) Move the user to an OU in Active Directory which is not getting synced to Azure Active Directory and run Delta Sync. e) After …

Read more

Excel cannot access BloombergUI.xla. The document may be read-only or encrypted.

Excel cannot access BloombergUI.xla

Issue description: When you launch Microsoft Excel 2016 you get below error message: ‘BloombergUI.xla’ cannot be accessed. The file may be corrupted, located on a server that is not responding, or read-only Excel cannot access ‘BloombergUI.xla’. The document may be read-only or encrypted. When Excel is Opened -> Bloomberg Tab -> When you click on Refresh then below error is displayed: Troubleshooting For troubleshooting this issue, you can perform below steps: Make sure C:\blp and its subfolders are excluded from Anti-virus Scanning. For SentinelOne, Add the folder to exclusions in Interoperability mode as shown below: Exclude c:\blp folder from Windows Defender Scanning using below commands on PowerShell window on the …

Read more

Copy Files between ESXi Hosts by using SCP (Secure Copy) Command / SCP Copy Stalled Fix

scp allows files to be copied to, from, or between different hosts. It uses ssh for data transfer and provides the same authentication and same level of security as ssh. Enable SSH on ESXi Hosts First make sure the Port 22 is open between source and destination ESXi host . If its not, the you can fix it using below steps: On source and destination ESXi hosts make sure TSM-SSH Service is in Running State. Make sure SSH Client in ESXi Networking Firewall rules is Enabled on both source and destination ESXi hosts in Networking -> Firewall rules -> SSH Client. Click on Actions and then Enable. Test Port 22 Connect to …

Read more

Unable to delete Azure resource tag from few resources like Microsoft insights using Azure Portal

Recently worked on an issue where I was not able to remove resource tags from couple of resources using azure portal. The specific resource type was microsoft.insights\scheduledqueryrules. Selecting the resource and clicking on the three dots -> click Edit tags -> try to remove the tag, you will get a notification saying that its successfully deleted but when you check the tags on the resource its not removed. I had a ticket logged with MS product team for this issue and they suggested below workaround. To delete the tag from microsoft.insights\scheduledqueryrules when its not getting deleted using azure portal. Please follow below steps: GET the resource output in Json Code …

Read more

Export Users DisplayName, UsageLocation, UserPrincipalName, MFA Status, StrongAuthInfo, DefaultAuthMethod from office 365 / Azure AD using PowerShell in CSV

You can export Office365 users DisplayName, UsageLocation, UserPrincipalName, MFA Status, StrongAuthInfo, DefaultAuthMethod using powershell. The exported data will be in a CSV File which will list these details. Default MFA Method is useful when you want to know who in your company is using which MFA method to authenticate to office365 services. For example, this data is also useful when you are planning to move the users from SMS based method to Phone App Method which is more secure. The PhoneAppNotification method means when users will get notification in MS Authenticator App and they tap on approve to confirm sign-in. First you need to download / Install MSOnline powershell module …

Read more

Outlook and Teams not launching, Error code 80090016. Your computer’s Trusted Platform Module has malfunctioned.

Error code 80090016

When you launch Outlook and Teams on Windows 10 workstation, you may receive the below error: Your computer’s Trusted Platform Module has malfunctioned. If this error persists, contact your system administrator with the error code 80090016.More information: Microsoft Office Version being used Microsoft 365 MSO 16.0.13127.21062 (Microsoft 365 Apps for enterprise) Screenshot: Solution for Error code 80090016 Logoff current user. Login on the workstation using administrator account. Go to C:\users\<user account having issue>\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy Rename Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy to Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy.old Log off from the administrator account and Login as the user. Launch Outlook and Teams, it should work fine this time. OneDrive may have been signed out as well, you can sign …

Read more

How to configure Azure Site Recovery, perform test failover and invoke disaster recovery failover – Part 3

In the previous post How to configure Azure Site Recovery, perform test failover and invoke disaster recovery failover – Part 2 – TechPress we have seen how to perform Test Failover using Azure Site Recovery. Also, we have seen how to clean up the test failover after verification of the application services on the server. We had noted down the RPO (Recovery Point Objective) and know how much time it takes to bring up the Server during DR (RTO). If you are following along via the previous posts, you know that our primary site is UK South and disaster recovery site is UK West. During Outage in Primary Site, we …

Read more

How to configure Azure Site Recovery, perform test failover and invoke disaster recovery failover – Part 2

In the last post How to configure Azure Site Recovery, perform test failover and invoke disaster recovery failover – Part 1 – TechPress i had explained on how you can configure Azure Site Recovery and configured the Virtual network for Test Failover and Failover. When you initiate Test Failover, Site Recovery Service will use that network to start the protected servers in DR site. If you have never performed a test failover or the last test failover was failed. A warning message will be shown but you can proceed with Failover by accepting the risk and continue with the failover. However, Its recommended to perform a Test Failover before performing …

Read more

How to configure Azure Site Recovery, perform test failover and invoke disaster recovery failover – Part 1

Site Recovery service is a BCDR (Business continuity and disaster recovery) solution which keeps your azure workload running during outages. You can configure this service to replicate the workloads to secondary site. Secondary site could be referred to as DR site as well. Its a region other than your primary site. For Example, if your Azure Workload is in Azure UK South Region, you can configure UK West to be your secondary region / DR Site. You can also replicate your on-premise servers to azure via ASR and have azure as your DR site. At the time of outage, just failover to secondary site to keep your application services / …

Read more

Step-by-Step Implementation of Azure AD Application Proxy

Azure Active Directory’s Application Proxy service provides secure remote access to on-premises web applications. After a single sign-on to Azure AD, users can access both cloud and on-premises applications through an external URL or an internal application portal. For example, Application Proxy can provide remote access and single sign-on to Remote Desktop, SharePoint, Teams, Tableau, Qlik, and line of business (LOB) applications. Implementation of Azure Application Proxy is easy and provides secure access to your on-premise web applications without the need to open any inbound ports on the firewall. You can also integrate the solution with Multi Factor authentication like DUO or MS authenticator and Conditional Access Policies to secure …

Read more

Exchange Online / Exchange 2010 useful PowerShell Commands

Export the Access Rights / Permissions assigned to All user mailboxes in Office365. Export the Access Rights / Permissions assigned to All Shared Mailboxes in Office365 Export the Access Rights / Permissions assigned to All Shared Mailboxes in Office365 (Another Variation to Export only relevant information) List the Access Rights / Permissions for a user on all other mailboxes (Below command will list the full mailbox permissions which user1 have on all other mailboxes) Export the Access Rights / Permissions for the Calendar Folder of all User Mailboxes. Another way to List Calendar Permissions You can filter the Calendar Folder Permissions to only list it for a particular user e.g. John. …

Read more

How to create Azure Policy to enforce resource tags

As we discussed management of azure resource tags using GUI and PowerShell in this post , we have updated the resource tags on existing resources. However, its a best practice to update the resource tags at the time of resource creation. You can create policies in azure and apply it to the root management group which contains the subscription. Azure Policy enforces organization standards by evaluating resources and comparing to the policy definitions. Please find below screenshots which shows step by step how to create Azure Policy to enforce resource tags. Search for Policy on Azure Portal and Click on it to proceed Click on Definitions to create Policy Definition …

Read more

How to apply Tags on all Azure resources using PowerShell

You can use the tags to logically organize all the resources in Azure. Tag in azure is a name and value pair which can be applied using GUI or by using PowerShell. You can take the approach of GUI if there are not too many resources where you have to manage the tags. In that case, you can click on each resource and then click Tags (as shown in below screenshot) on the left hand side pane and fill the details for Name/Value Pair. While this method is manual and also requires a lot of time if the number of resources where the tags needs to be populated increases from …

Read more

Volume Shadow Copy Troubleshooting, Delete existing shadow copies on windows server using command line , vssadmin command examples, use of diskshadow command

Volume shadow copy service

Vssadmin command A quite useful built-in command which you can use as a starting point while troubleshooting the Shadow Copies is Vssadmin. Lets run this command with different parameters and check the results. There are different switches / commands which can be used with vssadmin. To show / list the different commands, Open Powershell as Administrator or Command prompt as an Administrator and type vssadmin Command Description Availability Vssadmin add shadowstorage Adds a volume shadow copy storage association. Server only Vssadmin create shadow Creates a new volume shadow copy. Server only Vssadmin delete shadows Deletes volume shadow copies. Client and Server Vssadmin delete shadowstorage Deletes volume shadow copy storage associations. Server …

Read more

Create Group Policy to Lock User’s Workstation after 20 minutes of inactivity (Windows 10)

Its a best practice to lock the workstation whenever you are stepping away from the desk, whether its for few minutes or few hours. But, we know that this practice is not 100% followed leaving the workstation not secured / exposed for information leak. Therefore, you can create a Group Policy to automatically lock users workstation after X minutes of inactivity. X can be any value between 1 second to maximum of 86,400 Seconds (24 hours). Lets see how it can be configured. Create a new Group Policy e.g. Workstation_AutoLock_Policy. Edit the Group Policy -> User Configuration -> Policies -> Administrative Templates -> Control Panel -> Personalization Configure the settings: …

Read more

When Sending an email from another mailbox /shared mailbox (where user has sendAs permission), emails are being saved in Sent Items folder of main mailbox but not in the shared / another user’s mailbox sent items folder

Recently i have been reported an issue where one of the user with SendAs permission on a shared mailbox tries to send an email from that shared mailbox, the email’s sent are being stored in Sent Items folder of main user mailbox instead of sent items folder of shared mailbox. Create a DWORD Entry DelegateSentItemsStyle and set the value to 1 in the registry under below Path. Registry Path: HKEY_CURRENT_USER\Software\Microsoft\Office\x.0\Outlook\Preferences (The x.0 placeholder represents your version of Office (16.0 = Office 2016, 15.0 = Office 2013, 14.0 = Office 2010). Close and Re-Open the outlook to test by sending an email from the shared mailbox. if there are a number of machines …

Read more

How to set the password to never expire for all the users on office365

There could be a requirement when you want to set the users password to never expire on office365. The setting for In-cloud accounts is controlled using Set-msoluser command. Please make sure before you set the password for the users to never expire, all users are enabled for Two Factor Authentication (2FA). You can create a conditional access (CA) policy which requires 2FA when anyone access the Cloud resources which will protect the user accounts. First you should check PasswordNeverExpires attribute for the users before you make any changes to it. Also, you will need to connect to connect-msolservice using Global Administrator account or the account which has the rights to …

Read more

Add an Active Directory user to the Local Administrators Group using Group Policy (GPO)

In this post, I will show you how to add a user to the Local Administrators Group on the machines using GPO. Point to note that this procedure is not limited to adding a user to local Administrators group. You can use the process to rename, create or delete a Local Group (by selecting different Action in the GPO setting). We will choose Update Action as we are updating Local Administrators Group. We will be using Group Policy Preferences (GPP) to complete this task. You can use Restricted Groups GPO setting as well, but using Restricted Groups you cannot add users to the Local Groups. For adding a user to …

Read more

How to decommission Exchange Server 2010 after Office 365 Migration

Exchange Server 2010

Scenario Organization has moved all their mailboxes to the Exchange Online from On-Premise Exchange 2010 server. MX Record is cutover to office365 (inbound and outbound mail flow is moved to office365). Active Directory Synchronization is being used for Syncing the users to Azure Active Directory using Azure AD Connect. Requirement Decommission Exchange 2010 server from the environment while keeping the Active Directory Synchronization through Azure AD Connect active / running. Procedure You may have used Hybrid Configuration Wizard (HCW) or Third party Tools to migrate the mailboxes to the cloud or you may have moved to higher version of exchange. Most of the steps given in this article will remain …

Read more