Skip to main content

Posts

Attack Surface Reduction Rules (ASR) reporting using Microsoft 365 Security Center

This is my forst post since very long time I have decied to come back and blog about some of my findings. If you have an E5 License you can use the Microsoft 365 Security portal (security.microsoft.com) to access reports for ASR configuration and detection. As far as I remember last time I want to access the reports they were in a different placce , it took me a while to figure out where they are locate , so I thought to blog about this. To access the ASR report , From the home page of  security.microsoft.com , scroll down use the navigation pane on the left and select Reports Then under General click on Security Report Scroll down till you find the Attack Surface reduction rules section, click on the title and it will tack you  to a another page to view more details From the configuration tab you can get an overview of  the configuration and which machines has ASR rules off,  enforced or in audit mode. If you click on the name of a specific machine it will sho...
Post a Comment
Read more
Recent posts

(A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

I was deploying a Lync Server Director in a Multi-Tenant configuration after i assigned the certificate a went to start the services, the Front-End services couldn't start with the following errors Log Name:      Lync Server Source:        LS Protocol Stack Date:          3/12/2013 1:52:06 PM Event ID:      14397 Task Category: (1001) Level:         Warning Keywords:      Classic User:          N/A Computer:      Lync Director FQDN Description: A configured certificate could not be loaded from store. The serial number is attached for reference. Extended Error Code: 0x800B0109 (A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.). Event Xml: http://sch...
Post a Comment
Read more

SQLServerAgent could not be started (reason: Unable to connect to server 'ServerName\Instancename'; SQLServerAgent cannot start).

Hello, At one of the environments i faced a very strange issue, i was working on SQL Server cluster that was working fine, but for some reason i have to perform a failover, all the resources and services were restarted successfully except for the SQL Server Agent service... looking at the system logs of the vent viewer i found the following error, Event ID 103 " SQLServerAgent could not be started (reason: Unable to connect to server 'ServerName\Instancename'; SQLServerAgent cannot start)." Log Name:      Application Source:        SQLAgent$InstaceName Date:          3/20/2013 3:29:58 PM Event ID:      103 Task Category: Service Control Level:         Error Keywords:      Classic User:          N/A Computer:      ServerNa...
Post a Comment
Read more

the networkmanager has not yet been initialized

I faced a very strange case with Exchange DAG, I was doing a site resiliency test I failed over to the DR site successfully and then I failed back to the main site, after failing back I found that the DAG was in a state that looks like split brain syndrome although the DAG was running in DAC mode. the symptoms were as follows: From the DR mailbox server: Cluster Console only showed this node while the active nodes were not present. From EMC the copies on the DR server were healthy. From the Main site mailbox servers: Cluster console showed the three nodes but the DR node was stopped, and the option to start it was grayed out. From EMC the copies on the DR server were failed. The fix was as follows:  run the following command: Cluster       /forcecleanup Then run the following: Start-DatabaseAvailabilityGroup "DAGname" -MailboxServer  "DRNodeName" After the first command you will find that the DR node can see the oth...
Post a Comment
Read more

No static address matched networks "Cluster Network Name" . Specified static addresses: x.x.x.x

While I was working on a DAG with separate MAPI and Replication Networks whenever I  make any changes to DAG like running start-DatabaseAvailabilityGroup or Set-DatabaseAvailabilityGroup I get the following warning message: "No static address matched networks "Cluster Network ". Specified static addresses: x.x.x.x". The Cluster Network was the Replication Network whose subnet is different than that of the DAG IP addresses. Seems that Exchange wanted to utilize this network for MAPI traffic. Although When I run the command get-DatabaseAvailabilityGroupNetwork I find that MAPIEnabled is false on the replication network. when I compared the cluster networks of this DAG with another healthy DAG I found that the checkbox "allow clients to connect through this network" was checked. when I uncheck it, it gets checked by itself again  !. The reason was that one of the DAG members had the "register this connection's address in dns" che...
1 comment
Read more

Outook 2010 Ribbon diappeared after installing and uninstalling of office 365 on demand

I had a very strange issue, i  installed Microsoft office 365 on demand and then uninstalled it, after that i found that the ribbon completely disappeared from Outlook 2010, reparing or re-installing Outlook 2010 didn't help, after a bit of googling i found this TechNet forum post, http://social.technet.microsoft.com/Forums/en-US/outlook/thread/8578021b-f34b-4d2f-9f7a-fa15674aa998/ all you have to do is as follows: 1. Close Outlook 2. Go to Start-Run type in Regedit 3. Navigate to HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} 4. Right click on the 2.5 and 2,7 regkeys and choose Export. Save this export to your desktop for now so we have a backup. 5. Now once that is backed up right click on the 2.5 and 2.7 regkeys and choose delete. 6. Launch Outlook, outlook will start in repair mode after that Outlook should work well and the ribbon should appear !
Post a Comment
Read more

sharing failed to connect due to network issues. Try again later.

I faced an issue with Lync Application Sharing and File Transfers, where on of the users was Internal and the other was external, the sharing failed with the following message (sharing failed to connect due to network issues. Try again later.) After investigation this was found to be caused by a firewall on the client, it was caused by Kaspersky Internet Security, so always make sure to turn off any firewall on the client computer.
1 comment
Read more