Microsoft – Absoblogginlutely!

Last week I passed my “Microsoft Certified: Azure Administrator Associate” exam. This is actually a transition exam to catch up my previous Azure certification to the state of Azure as of 2019. I had passed the original “Implementing Microsoft Azure Infrastruct Solutions” exam back in 2015 and Microsoft have now retired that certification and replaced with the Administrator associate classification. I don’t know about you, but I think the previous qualification sounds more official and impressive than just being an Associate.

The other interesting thing is that I received an email from Microsoft after passing to say I can claim my badge from Acclaim – a company I have never heard of. Nowhere in the email did it mention LinkedIn. Considering Microsoft purchased LinkedIn, I would have expected them to be pushing this platform as the place to show off the new certifications.

Not only that, but when I logged into LinkedIn, it is no longer possible to order the certifications (so the new one shows up at the bottom of the list under more…) and it doesn’t announce to LinkedIn followers that you’ve passed a certification exam.

To make matter worse, attempting to sign up for Acclaim with Chrome fails as the page does not allow you enter any password (but it works with Edge). The account also is created with my work email address rather than my personal email address that my Microsoft certifications are tied to.

By using Edge I was able to create an account. It is then possible to go into the account settings and add my Microsoft account as the primary email address, copy/pasting the confirmation link into Edge each time.

Once logged into Acclaim, it is recommended to activate 2FA under the Password section but make sure you change the description of the website to Acclaim in your 2FA app rather than leaving it as the default which is your email address.

Microsoft Work

Install telnet from the command line

By Andy on Tuesday, January 21, 2014

pkgmgr /iu:"TelnetClient"

Wait a bit for the install to finish.
I do wish that pkgmgr would actually wait until the install has finished before coming back to a dos prompt as it’s annoying that you have no idea when the install has actually completed. On my machine it takes about 30 seconds.
I’m finding it hard to believe that my laptop did not have telnet on it – as I use it all the time. However whenever I install telnet from the dos prompt I always have to look up the syntax (and it’s still quicker than going into add/remove programs.
Hopefully this blog post will hit the search engines and therefore the syntax will be displayed on the first page rather than having to open a Microsoft page, scroll down and then view the syntax.

Microsoft Technet

Sometimes it’s nice to see Microsoft add my information to their knowledge base.

By Andy on Wednesday, May 29, 2013

This morning I was working on a Sites and Services issue for a client and part of the troubleshooting process was to run the Best Practice Analyzer on the domain controller. One of the results was to enable client fallback to the local netlogon and sysvol share after the local domain controller comes back online again. This reduces traffic across the network. I’m not quite sure why this is not enabled by default.

The BPA points to the technet article DFS-N: Client failback should be enabled for the Netlogon and SYSVOL folders on domain controllers. Scrolling through the page I was pleasantly surprised to see my avatar at the bottom with a comment on improving the documentation with the actual registry keys that needed changing. Not only was my comment on the page, the original web page had been updated to include the information.

It’s nice to see content updated based on user feedback. It’s not nice to see that I had this problem 3 years ago 😉

Microsoft Technet Work

Fixed:MDOP download on Technet

By Andy on Thursday, February 9, 2012

One of the advantages of a Technet subscription is access to the (MDOP Microsoft Desktop Optimization Pack) software including the Diagnostics And Repair Toolkit (DART). Unfortunately it took me a while to find it under the downloads today as MDOP does not appear under the list of downloads. However searching for Desktop Optimization Pack finds it. (You need to log into the Subscriber Downloads for this link to work). You’d be surprised how inaccurate the Google results for MDOP download on Technet results are.

Microsoft SBS Training Work

Quickly download the SBS 2011 training from Microsoft.

By Andy on Sunday, February 13, 2011

There are several short videos available from Microsoft that cover the new features in SBS2011, but unfortunately Microsoft decided to make you download each one individually. However if you right click and download this
List of SBS 2011 Training videos file, you can use wget to download all of the files in a batch file.
Assuming you have wget installed on your machine and it is in the path (if not then why not? It is incredibly useful for downloading files from a command line – Get it from Sourceforge’s wget page), just run with the following in a command prompt window.

for /F %i in (sbstraining.txt) do wget %i

You should end up with 38 files totalling 241MB.
Update: See comments for assistance in downloading a copy of wget without needing all the extra gnu stuff

DNS Microsoft windows7 Wireless

Fixed – wifi not resolving dns on laptop with Windows7

By Andy on Wednesday, November 3, 2010

I had a strange case the other day at work when all of a sudden my laptop would fail to resolve dns queries for my wireless connection only – my wired card was not affected. Changing dns entries to another server did not fix the issue. Eventually I tried disabling the Microsoft Virtual Wifi Miniport Adapter (from device manager) and immediately I was able to resolve dns again. Once I discovered this fix I remembered something similar with this adapter. Looking back through my previous notes we had an issue with Shrewsoft’s vpn software – with the Microsoft Virtual Wifi Miniport Adapter enabled we were unable to get a vpn session working to a Cisco client.
So far, disabling this adapter does not seem to have caused any issues – apparently it’s purpose is to allow you to connect to more than one wireless connection at the same time – an unlikely requirement in most business situations.

Group Policy Microsoft

Fixed – Group Policy settings show “An error occurred while generating report: An unknown error occurred while the HTML report was being created.”

By Andy on Thursday, August 5, 2010

Whilst doing some troubleshooting work for a client’s group policy settings that were not being applied to a vista machine I launched the Group Policy Management Console (gpmc) and when I went to view the Resultant Set Of Policy (RSOP) of a client machine and when I tried to view the default domain policy I received the message “An error occurred while generating report: An unknown error occurred while the HTML report was being created.” All other group policies appeared fine – it was just the default domain policy – arguably the most important one and not an easy one to restore. My first step was to use a DC that did not have the gpmc installed to use the native group policy tools within the Active Directory Users and Computers snapin. Fortunately this tool worked and I could see the settings…..lots of them.
As I knew the group policy did not seem to be corrupt I then went back into gpmc and attempted a backup of the group policies. All but the default domain policy backed up successfully.
The error message almost looked similar to issues when trying to view web pages on a server with the enhanced ie security enabled but it didn’t really make sense that it was only affecting one group policy.

After a few minutes of digging I found an entry on tek-tips (a site I don’t like to use due to the popups and nag screens) but in this case the answer worked. From Roadki11’s posting on tek-tips.com:-

Cause:
Seems to be something with importing IE security settings.

Solution:
Edit install.ins inside: {GUID of Policy}\user\MICROSOFT\IEAK

[Security Imports]
ImportSecZones=1

Set it back to “0”

Using gpmc I obtained the guid of the policy by right clicking the policy and choosing properties then I connected to c:\WINDOWS\SYSVOL\sysvol\domain\Policies\{guid}\user\Microsoft\ieak
First I made a backup and then edited install.ins, set ImportSecZones to 0 and was then able to edit the policy in gpmc.
Hopefully the background information and the instructions on how to connect to the correct file helps others.
Whilst you are in the gpmc make sure you go down to Group Policy Objects, right click, Backup All, select a location, enter the date and time stamp for the description and back those policies up. Document where the backups are stored so that if you need to restore them they are easily accessible – even on another computer.
I’ve now added the backup to our checkup and system documentation instructions so at a minimum we will have monthly backups of the group policies and a documented location for where this information is kept. In an ideal world, printing off the settings would also be a good way to document the information too.

Exchange / Outlook exchange2007 Hosting Microsoft Work

Cost for bulk uploading to Microsoft’s Exchange Hosted Archive

By Andy on Wednesday, July 14, 2010

As part of our investigations into hosting mail online using Microsoft Exchange Hosted services I have spent several hours on the phone with several companies to obtain prices and quotes. A couple of companies are out of the running as they didn’t bother to return my calls and although Microsoft were helpful, they just did not get it.
One of their offerings is email archiving. Every email sent and received, both internally and internally is copied to the archive service which is then searchable for ediscovery or just in case you can’t find that one email you know you received way back when. The only downside with this is the old email currently sitting on the exchange server that would not be searchable. However according to the Buy Microsoft Exchange hosted Services, “”You may bring historical data into the archive for a one-time charge, which is priced per GB”
As you can purchase the standard archive service from Microsoft and the same page contains prices for this service, it makes sense that Microsoft would be able to provide costs for this data import. About 2 hours on the phone later I realised that Microsoft unfortunately do not have a clue and nobody was able to give me a straight answer or even a ballpark figure. I was bounced around to several departments until eventually someone said that this service is purchased through the reseller channel. This doesn’t really make sense as the BPOS service itself can basically be purchased direct so why not the data import?
Our reseller is Ingram Micro, but their price list is only available to people with an account – useless for a tech like me who is trying to get some data together. However, CDW came to the rescue and this service is available by purchasing the “Microsoft Exchange Hosted Archive Historical Data Load at a cost of $60 per user (not per GB as in the original Microsoft documentation). The part number is 74P-00053. If you have an Enterprise Select agreement the part number is 74P-0059 but the price is still the same.

I’m not sure why Microsoft can’t give this price in the original web page and say to contact your normal reseller for more information.
Once the order has been placed there are more hoops to go through to get the data sent to Microsoft. The data can apparently be ftp’d to Microsoft – I’m hoping this is actually secure ftp – but as most users are going to have many Mb’s or Gb’s of data the normal scenario is to put the data onto a USB drive. I was pleased and also surprised to see they support Truecrypt. For more details of the process, continue to read the rest of the entry.

Email Exchange / Outlook Microsoft

BPOS active Directory Synchronization does not work on 64bit or domain controllers.

By Andy on Friday, July 2, 2010

Thinking about BPOS to host the exchange mail for your small office? – I discovered a small gotcha this afternoon but first a couple of thoughts in our recent experiences between Google Apps and Microsoft BPOS.

We’ve had several requests from clients to host their email in the cloud using services like google apps or Microsoft Hosted Exchange. Our first deployments were with google apps due to the lower cost per year, but as we’ve found out the support from Google is severely lacking. We had a peculiar issue where one users email sent through outlook would get marked as spam all the time, yet if they used the gmail web interface and sent exactly the same content the mail would get sent with no problems. The service that marks the destination mail as spam is postini – now owned by Google so it should really be a simple matter of turning over the problem to Google to investigate. Unfortunately Google’s response so our request was basically “thanks – if we feel like getting back to you, we might do – in a couple of days”. As it turned out, the issue was resolved by deleting the google sync profile and recreating it again.

Contrast this to a Microsoft issue which started off as a pre-sales technical call to get a user id setup and ended up with the gtlv owa issue I blogged about earlier. I had several calls from Microsoft within an hour to work on the issue. They worked really hard to ensure my problems were solved and it almost felt like they were harassing me as they kept following up for a status even though I’d told them a couple of times that I was happy for the case to be closed – I even got a call at 5pm on Saturday afternoon from support – something I’ve not experienced (at least from a end user experience!)

So, after singing Microsoft’s praises – the gotcha. Microsoft’s Hosted Exchange service has a directory sync service that synchronises AD information to the cloud ready for newly created users and distribution lists to appear in the hosted exchange environment. Unfortunately, according to the Directory Synchronization prerequisites the server needs to be running 32bit AND not be a domain controller. Unfortunately for small companies just starting out from a peer to peer network and getting their first server (but don’t want SBS2008 for some reason), this first server is very likely to be 64bit (crazy not to nowadays) and also a domain controller – possibly/probably even THE domain controller. Installing a 32bit member server is totally out of the question. It’s not *that* big a deal as all the information can be created online, but it’s twice the amount of data entry along with the possibility of typos but also every AD change of membership and user creation/deletion now needs to be duplicated online. For large organizations this is not going to be a problem as they’ll likely have extra servers lying around, but for small businesses this is very unlikely. For very large organizations (ie Universities hosting mail through live.edu) it seems that the AD sync program actually requires extra software functionality with the Identity Lifecycle Manager (ILM) package (however I’m not too familiar with these details just yet)

This is the second flaw in Microsoft’s online feature list that extols the virtues of Microsoft vs Google that I’ve found – Active Directory synchronization is not always possible and the other is the benefit of not having to download an application to synchronize data from outlook to the cloud/google – fair enough a client doesn’t have to be downloaded for that application but instead a single signon client needs to be downloaded to prevent the various Microsoft apps asking for the password multiple times. I did think that was the whole point of the “save password” option is for in the outlook and browser applications!

I was also really surprised that the Exchange online is not running Exchange2010 – the Outlook Web App is so much nicer in 2010 compared to 2007 – as I run Outlook 2010 at home and Exchange2010 in the office I’m spoilt (but I still need Office 2010 on the work laptop – thats hopefully coming real soon)

Exams Microsoft SBS Windows 2008 Work

Small Business Specialist certification upgraded to 2008

By Andy on Sunday, April 25, 2010

I finally got around to taking 70-653 on Friday and passing it. It was an interesting experience as I had to take a survey before the exam that asked questions about my experience with the product and what I thought were my strengths and weaknesses. If I didn’t know the exams were downloaded overnight, it would make me very suspicious – if I answered that I didn’t know remote access very well, would I get lots of questions on vpn configuration or would Microsoft be kind and avoid that area? Although I passed it would have been nice to also get a comparison with my answers from the survey and my final test results. Funnily enough my weakest area was user management – I’m pretty sure that is because I’m so used to doing things in AD and I know to do things with the wizard but I don’t pay attention to EXACTLY what the wizard is called.
Now that I’ve passed I’ve got another Technical Specialist under my belt and this should also upgrade my SBSC to 2008 status (although the SBSC doesn’t appear on Microsoft transcripts as this certification is “awarded to companies rather than individuals” (which I think is a big mistake on Microsoft’s part))