Stefanos Cloud

Case(s) You face an issue with Group Policy Objects (GPO) processing and application in your Windows environment. As always, running a Root Cause Analysis to determine the root cause of the issue is of paramount importance before proceeding further with group policy troubleshooting. Solution First you need to have a basic understanding of the GPO underlying execution engine in Windows operating systems. You can refer to this article for details on the components and operations of Windows Group Policy (group policy engine and client-side extensions). If the issue(s) are related to domain group policy , the following steps must be followed: - Before anything else, you need to be 100% certain that your underlying GPO execution engine and your AD domain controllers are running without issues. This means running dcdiag, repadmin and other tools to ensure that your AD replication and DNS resolution is working ok. - Make use of gpmc.msc (mmc-based Group Policy Management Console) and/or the...

Introduction There is an increasing number of customers around the globe in need of migrating to the Cloud. Implenting a migration project can be challenging and planning/designing the proper migration approach is of paramount importance. Microsoft can offer free solution assessment consulting services to its partner organizations implementing a migration project. Solution assessment as a Microsoft service If you are a Microsoft partner in the CEE region (Central and Eastern Europe) you can submit the Solution Assessment as a Microsoft Service | CEE Partner Nomination Form to nominate your migration customer and request a free consultation service from Microsoft in your migration project. Microsoft is utilizing the CSAT software to collect security and infrastructure data and then compile insightful reports using Power BI. With the CSAT, the time you spend on Cybersecurity analysis for your customer is shortened and it increases the value you deliver. It’s a very good solution to coll...

Case You are attempting to provision a a new Azure Active Directory Domain Services (AD DS) instance in your Azure subscription and you hit the following error: Cannot modify resource with id '/subscriptions/afa3233c-df36-4f69-93b7-b35d8b41ba88/resourceGroups/Authentication/providers/Microsoft.AAD/domainServices/fermoritepoc.onmicrosoft.com' because the resource entity provisioning state is not terminal. Please wait for the provisioning state to become terminal and then retry the request. After subsequent attempts to re-deploy the instance you may come across additional errors in the Azure activity log. If finally the provisioning process moves forward, you end up with a stale deployment stuck in the following state: Solution This is an Azure backend related issue. After contacting Azure technical support team, they informed me that this was caused by a recent patch applied by the Product Group (PG) team. This was only affecting new AD DS instances and not existing ones. Afte...

Case You have the following case: - After a resource group move operation from Subscription A to Subscription B, you notice that you cannot edit or perform any sort of write operations on any or some of the resources in the source or target resource group - Write operations on the target resource group where thrown into error with status “Conflict – Resource is still being updated and cannot perform this operation” - The above behavior can continue to exist even after 4-6 hours since the resources were moved One such example error is shown in the screenshot below. Other error message could be something along the lines of "Operation cannot be performed because there is resource move in progress". Solution In most of the cases this is an expected and transient issue. The root cause analysis (RCA) shows that the Azure Geomaster Databases which contain meta data information regarding the status of the Azure resources can be out of sync and it takes some time for these Geomaster D...

Case When performing a Microsoft 365 tenant to tenant migration, i.e. when migrating Microsoft 365 service data, including Exchange Online and Sharepoint Online, there is a silent assumption that the target tenant already has a working subscription and required licenses. But what if you simply need to move existing licenses from the source tenant to the target tenant? Solution As per Microsoft documentation the following information applies. It is  not possible  to transfer licenses between 2 organizations (tenants). If you're a Volume Licensing customer, contact the  Volume License Service Center . Otherwise, follow these steps: - If you're no longer planning to use the tenant that you'd like to transfer from, you can  cancel the subscription  and  purchase a new  (target) tenant. For some subscriptions, you can only cancel during a limited window of time after you buy or renew your subscription. If the cancellation window has passed, turn off recurring billing to cancel t...

In this post, we will be reflecting on legacy Internet protocols. Some of these protocols are now completely deprecated and have become obsolete, while others continue to survive and are regarded as retro-style Internet services. This type of information belongs to what is widely referred to as retrocomputing . For any users out there who have had an early engagement with the Internet as hobbyists, this summary serves as a nice memoir of the non-graphical terminal-based Internet times. Let's summarize the most prominent Internet protocols, as documented by the World Wide Web consortium (w3.org). Legacy internet protocols The below list is not inclusive of all possible protocols of the Internet but rather includes these legacy protocols which became the defacto standards of their times and gained momentum amongst Internet users and administrators. Usenet/NNTP The main news service and public discussion forum, uses the NNTP protocol. Mailing lists Also called Listservers , after an...

The Microsoft virtual datacenter experience According to Microsoft , “the cloud is a globally interconnected network of millions of computers in datacenters around the world that work together to store and manage data, run applications and deliver content and services.” Microsoft have created a virtual demonstration and training experience which immerses the public audience into the look and feel of a real Azure datacenter. Azure datacenter spawn the globe in a hierarchy of geographies and regions. By visiting the Microsoft Virtual Datacenter Experience , you will experience visual and audible materials on the following datacenter areas: - Power resources - Server rooms - Network - Operations Each datacenter is part of the global Azure infrastructure and more specifically it is part of an Azure geography , region and availability zone . Each zone can comprise one or more datacenters. Microsoft is at the forefront of cloud innovation. The company continually seeks to improve the secu...

Introduction Azure database for MySQL is a fully managed cloud service which includes some basic backup operations. These include taking full backup of all databases and the MySQL instance itself so that it can be restored to any available point in time within a maximum 35-day retention window. When restoring the MySQL backups taken by the managed service, the full MySQL instance is restored into a new Azure database for MySQL resource, along with all its databases. Azure offers an additional MySQL storage (twice as much as the original storage utilized by the databases) for backup purposes. So if you pay for 100 GB of MySQL database data, you are entitled to another 100 GB for MySQL backups at no extra cost. Also Azure offer an automatic storage auto-increment feature, which increases the MySQL data quota if the initial quote is reached. Storage quota can only be increased and cannot be decreased by design. Details on the Azure database for MySQL restoration process can be found at: ...

Case You have a custom TLS certificate from a Certificate Authority (CA) in PEM, CER, CRT or other compatible format. You need to convert this certificate to PFX format also known as PKCS12 format. Solution The PFX/PKCS12 format includes the certificate private key. In order to convert your original certificate to PFX format you need the following files: - Your original TLS certificate as provided by your CA. - Certificate private key file (.txt or .key format) - Your CA certificate authority intermediate certificate (in per or cer/crt format). In order to identify what your CA intermediate certificate is, there are basically two options: - If your original certificate is in CER/CRT format, you can easily import this certificate in the Windows/Linux/MacOS certificate store and inspect the certificate chain. - If your original certificate is in PEM format you should use a tool such as GNU Kleopatra to open the pem file and inspect the certificate hierarchy as in the example below. Afte...

Azure pre-migration assessment tools When designing a new Azure infrastructure (either green field project or a migration from an existing infrastructure) it is of paramount importance to plan ahead and be proactive. Planning is always almost the 60-70% percent of the work and deployment/execution is the remaining 30-40%. A solid high level and low level (detailed) design should encompass the physical and logical aspects of the architecture as well as assess whether a hybrid and/or multi-cloud approach should be taken. Also the design must meet the customer's requirements and follow Microsoft Azure best practices in the following areas: - Functionality (Azure service features and end user/client accessibility of the infrastructure) - Non-functional aspects, such as security and performance - Pricing To properly size and design an Azure infrastructure with the above design aspects in mind, the following tools and procedures should be used throughout the design process, where applic...

Introduction to Azure monitoring and alerting baselines Azure Monitor offers the following monitoring and alerting options in all Azure services: - Alerts . Alerts use the notion of action groups, which offer various options for alerting communications, such as email and sms. You can alert on metrics and logs, as described in the monitoring data sources article . Signals include but aren't limited to:- Metric values - Log search queries - Activity log events - Health of the underlying Azure platform - Tests for website availability - Metrics - Logs - Diagnostic settings . Diagnostic settings define which metrics and logs are distributed to which possible targets. Examples of a diagnostic settings target is a log analytics workspace, an event hub and a storage account. - Alerts, metrics, logs and diagnostic settings are available in all Azure services. All these options are available under the Monitoring section in Azure management portal. Each Azure service may feature its service-...

Case You are using Microsoft Outlook client (or any other Microsoft 365 application such as Excel) and you receive the following popup message "Contacting the server for information". Solution This occurs because the Microsoft Outlook client er Microsoft 365 application such as Excel) is trying to contact a remote resource and there is an issue with contacting the remote location. The remote resource can be a file repository, an email server, a printer, or an Internet location. You should consult the following Microsoft support article for all possible solutions and workarounds: https://support.microsoft.com/en-us/office/why-am-i-getting-the-message-contacting-the-server-for-information-973c8d98-4d22-49b5-bc66-0d9d87783f99?ns=outlook&version=90&syslcid=1033&uilcid=1033&appver=zol900&helpid=141277&ui=en-us&rs=en-us&ad=us . Also if your Microsoft Outlook client performance and responsiveness is persistently slow, you should review the following ...

Citrix ADC security vulnerabilities description A new security vulnerability with ID CVE-2021-22955 (Unauthenticated denial of service) has been discovered in Citrix ADC, which affects the following Citrix products and firmware versions: - Citrix ADC and Citrix Gateway 13.0 before 13.0-83.27  - Citrix ADC and Citrix Gateway 12.1 before 12.1-63.22  - Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.23  - Citrix ADC 12.1-FIPS before 12.1-55.257  Also a new security vulnerability with ID CVE-2021-22956 (Temporary disruption of the Management GUI, Nitro API and RPC communication) has been discovered in Citrix ADC. To mitigate this vulnerability, a configuration change is required in Citrix ADC. This configuration change is supported in the following Citrix products and firmware versions: - Citrix ADC and Citrix Gateway 13.1-4.43 and later releases  - Citrix ADC and Citrix Gateway 13.0-83.27 and later releases of 13.0  - Citrix ADC and Citrix Gateway 12.1-63.22 and later releases of 12...

Introduction Microsoft 365 security score is a consolidated security score based on Microsoft best practice security configurations for Microsoft 365 tenants. The higher the score the higher theoretically your overall Microsoft 365 tenant security levels. The score comprises a list of improvement actions based on your current security posture. Not all improvement actions may be appropriate for all tenants, since individual designs and security policies may dictate a different approach or configuration for some of the security improvement actions Microsoft 365 secure score top 10 improvement actions The following are the top 10 most important improvement actions in Microsoft Secure Score. Carrying out these improvement actions will get you the most points and significantly increase the Secure Score and your overall Microsoft 365 security posture. - Require MFA for administrative roles. Requiring multi-factor authentication (MFA) for all administrative roles makes it harder for attackers...