Category Archives: Uncategorized

VM fails to join Domain during Azure Windows Virtual desktop deployment

Azure Windows Virtual Desktop

WVD or Azure Virtual Desktop has become popular these days during the COVID-19 Virus where everyone started working from home. Companies wanting to adapt to the situation started deploying WVD and so I started to test this feature to keep up with the technology around.

Deployment

I tried using different scenarios during the deployment of Azure WVD, I am going to list them down and explain where did I get my problem exactly.

1- Deploying using Azure Gallery VM.

2- Deploying using a VM Image (This scenario)

3- Deploying using uploaded VM.

My first deployment was using Azure Gallery and in that deployment the machine was deployed without an issue although the domain error has occurred.

In the second Scenario, When you try to use the Github link that has the ARM template

clip_image001

Error 1

{

“status”: “Failed”,

“error”: {

“code”: “ResourceDeploymentFailure”,

“message”: “The resource operation completed with terminal provisioning state ‘Failed’.”,

“details”: [

            {

“code”: “VMExtensionProvisioningError”,

“message”: “VM has reported a failure when processing extension ‘joindomain’. Error message: \”Exception(s) occured while joining Domain ‘moh10ly.local’\”\r\n\r\nMore information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot

            }

        ]

    }

}

Error 2

clip_image001[6]

{“code”:”DeploymentFailed”,”message”:”At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.”,”details”:[{“code”:”Conflict”,”message”:”{\r\n \”status\”: \”Failed\”,\r\n \”error\”: {\r\n \”code\”: \”ResourceDeploymentFailure\”,\r\n \”message\”: \”The resource operation completed with terminal provisioning state ‘Failed’.\”,\r\n \”details\”: [\r\n {\r\n \”code\”: \”VMExtensionProvisioningError\”,\r\n \”message\”: \”VM has reported a failure when processing extension ‘dscextension’. Error message: \\\”DSC Configuration ‘CreateHostPoolAndRegisterSessionHost’ completed with error(s). Following are the first few: PowerShell DSC resource MSFT_ScriptResource failed to execute Set-TargetResource functionality with error message: User is not authorized to query the management service.\\nActivityId: ef602cd9-7efd-474d-bc70-ccfd340ecb08\\nPowershell commands to diagnose the failure:\\nGet-RdsDiagnosticActivities -ActivityId ef602cd9-7efd-474d-bc70-ccfd340ecb08\\n PowerShell DSC resource MSFT_ScriptResource failed to execute Set-TargetResource functionality with error message: WVD-Host-Pool01 Hostpool does not exist in CagriandMoh10ly Tenant The SendConfigurationApply function did not succeed.\\\”\\r\\n\\r\\nMore information on troubleshooting is available at https://aka.ms/VMExtensionDSCWindowsTroubleshoot \”\r\n }\r\n ]\r\n }\r\n}”}]}

Solution:

Original Setting

clip_image001[10]

Change To

  1. Domain to join needs to reflect your Active Directory domain not AD Connect Public Domain.
  2. The Credentials must be for a domain user that has the privileges’ to join any PC to the domain

clip_image001[8]

The Tenant Admin UPN must reflect a user who is allowed to Create a WVD tenant

image

After this, In the Tenant Admin UPN or Application ID use one of the Tenant creator account and you’ll get the below result.

Don’t forget to change the Virtual Network’s DNS to point to your DNS Server whether it is on Azure or On-premises network which must have VPN to access if there.

clip_image001[12]

clip_image001[14]

clip_image002

https://docs.microsoft.com/en-us/azure/virtual-desktop/tenant-setup-azure-active-directory

https://docs.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-set-up-issues

Moving users between Online and on-prem in Hybrid scenario–Part 3

When deploying Skype for business, you might want to deploy a Hybrid deployment where users are hosted on both on-premises servers and on Office 365 Skype for business.

In this case You’ll need to make sure that integration is working and that you can move users directly from the SfB Control panel without even needing the use of Powershell.

Although sometimes it’s easy but problems could rise anytime like the one below.

Error

HostedMigration fault: Error=(507), Description=(The user could not be moved because he or she has not been an assigned a Skype for Business Online license. Users must be licensed before they can be moved to Skype for Business Online.)

clip_image001

Cause:

In case you wanted to move a user from on-prem s4b to Online and you get this error … then most likely you didn’t assign the user a license after you have used DirSync or Azure AD connect to sync this user.

Resolution:

Login to your O365 Portal and assign the user a license or subscription that includes Office 365 Skype for Business Online … then try to move the user

clip_image002

I assigned a license

clip_image003

For changes to take effect, I will go to Dirsync and force the user to be synced..

clip_image004

clip_image005

clip_image006

clip_image007

If the moved user that was moved is logged on, it will log off and try to login with Skype for business Online

clip_image008

clip_image009

clip_image010

Moving users from cloud to on-prem.

Moving user at 4:05PM Exactly. The client disconnected automatically and kept on trying to connect again.

clip_image011

It took the client about 2.5 minutes to connect back to the user after he was successfully moved back to on-premises

clip_image012

clip_image013

UserAtHost,TenantId,RoutingGroupId,TargetPool,StartTime,TimeTaken,TimeTakenForMoveUserPrep,TimeTakenForResolveUserInterfaces,TimeTakenForUcsRollback,TimeTakenForBeginMoveAway,TimeTakenForMoveUserConferenceData,TimeTakenForSetMoveResourceData,TimeTakenForCompleteMoveAway,Status,ErrorMsg,PostMoveCleanupRequired,CleanupUserDB,RollBackStatus

sip:Adeo2@moh10ly.com,00000000-0000-0000-0000-000000000000,a7ba6e0a-bb11-5772-a075-fcc5f0adb0cc,s4bfe01.moh10ly.com,03/12/2016 14:04:41,31304.5612,15.3197,0,0,0,0,0,0,0,Success,0,0,0

clip_image014

Exchange 2013 OWA,Async,And OA error MsExchange BackEndRehydration event id 3002

I have deployed an exchange server 2013 and a colleague of mine was deploying EMS and RMS on the Exchange server but he probably have done some changes which I am not aware of that causes the system to get messy. Users can’t access their mailboxes from anywhere as they get the error in the screenshot.

Related errors are 3002, 3005

 

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 7/29/2015 11:10:57 AM
Event time (UTC): 7/29/2015 8:10:57 AM
Event ID: 6f94ea40e3964fb1a05d9fc48ffb4299
Event sequence: 38
Event occurrence: 2
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/ROOT/owa-2-130826309519814020
Trust level: Full
Application Virtual Path: /owa
Application Path: C:Program FilesMicrosoftExchange ServerV15FrontEndHttpProxyowa
Machine name: EX2K1301
Process information:
Process ID: 19348
Process name: w3wp.exe
Account name: NT AUTHORITYSYSTEM
Exception information:
Exception type: NullReferenceException
Exception message: Object reference not set to an instance of an object.
at Microsoft.Exchange.Clients.Common.UserAgent.HasString(String str)
at Microsoft.Exchange.Clients.Common.UserAgent.get_Layout()
at Microsoft.Exchange.Clients.Common.UserAgent.get_LayoutString()
at ASP.auth_logon_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.Page.Render(HtmlTextWriter writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Request information:
Request URL: https://mail.Domain.com:443/owa/auth/logon.aspx?url=https://mail.Domain.com/owa/PowerShell-LiveID&reason=0
Request path: /owa/auth/logon.aspx
User host address: 10.16.0.172
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITYSYSTEM
Thread information:
Thread ID: 67
Thread account name: NT AUTHORITYSYSTEM
Is impersonating: False
Stack trace: at Microsoft.Exchange.Clients.Common.UserAgent.HasString(String str)
at Microsoft.Exchange.Clients.Common.UserAgent.get_Layout()
at Microsoft.Exchange.Clients.Common.UserAgent.get_LayoutString()
at ASP.auth_logon_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.Page.Render(HtmlTextWriter writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Custom event details:

 

OWA PAGE

exchange2013

 

433959

 

Solution:

On Exchange servers, Make sure that Exchange servers are not members of Organization Management group and if they are then remove them and run this cmdlet anyway on all Exchange Servers then restart the Servers.

 

Get-ClientAccessServer | Add-ADPermission -AccessRights ExtendedRight -ExtendedRights “ms-Exch-EPI-Token-Serialization”, “ms-Exch-EPI-Impersonation” -User (Exchange Server name)

 

Hope this helps  Smile

del.icio.us Tags:

Creating Custom attributes on On-Prem AD for Exchange Online users on O365

I have came across some interesting scenario where Exchange Server doesn’t exist however some attributes might be still required or used on Office 365 for Exchange online users which are Synced with Azure Active Directory Sync tool.

The attributes might be used for different purposes but sometimes it’s very necessary so I will go ahead and demonstrate how to create a custom attribute which is normally created by default with Exchange servers deployed on-prem.

 

First I will run the Schema console

 

On one of the DC servers which are synced with Office 365 Launch  CMD as Administrator

Run the following Command

regsvr32 schmMgmt.dll

clip_image001

Run MMC

Click on File -> ADD /Remove Snap in

clip_image002

clip_image003

Right Click on Attributes -> Create Attribute…

clip_image004

clip_image005

Click on Continue

clip_image006

Click OK

Go to Attributes, Navigate to Custom attributes and double click on it and tick the boxes below then click apply

clip_image007

clip_image008

Now go to Classes

Find and double click on User

clip_image009

clip_image010

Click on Add and add the Custom Attribute

clip_image011

clip_image012

Click Apply

Now go back to CMD on DC Server and replicate changes across all servers

clip_image013

Open ADUC and check users attributes

clip_image014

 

Hope this helps Smile 

 

del.icio.us Tags: ,,

About me

I’m a Microsoft Communication and Messaging Consultant, I do deployment, configuration and migration of Lync Standard and Enterprise 2010/2013 as well as Enterprise Voice integration with various types of VoIP Gateways such as Sonus, Patton and Cisco.

Exchange On-premises and Hybrid Technology 

I provide consultancy for Hybrid deployments for Exchange 2007/2010 and 2013 with Microsoft office 365. as well as migration from On-premises to Cloud. 

VoIP & Unified Communication
Having done various Lync Server deployments and integration with Exchange either on-premises or on cloud. I also provide consultancy in the previously mentioned along with configuring Lync with other soft based PBXes e.g. (Snom PBX, Brekeke, 3CX). 

Network Infrastructure

I setup networks and provide consultancy in network infrastructure for small-medium business size companies! I provide deployment, configuration for firewalls (Pfsense, Sonicwall, TMG, Untangle, IP Tables).

Hope you enjoy taking a look at my website. Please follow me on twitter to learn about the latest posts and articles.

Thanks

Find out which user is logged in to which computer

 

While I was doing a cross forest migration in a customer’s environment I had to make sure that of some computers’ logged in users before starting the migration process due to the customer’s policy how Computer hostnames are used.

There was about 500 computers, most of these computers don’t use their users’s names but company’s name and then a number e.g. (PC5123).

 

Luckily Mark Russinovich has provided the great PSTOOLS for administrators to work remotely and find out everything about user’s computers in domain without having to go physically or interact with the users.

So I had to download the tools from this link and use the following command to get the logged in user.

 

wmic /node:”smart0498″ ComputerSystem GET UserName

image

 

Hope you find this useful

EXPORTING AND IMPORTING GROUP POLICY OBJECTS – WINDOWS SERVER

EXPORTING AND IMPORTING GROUP POLICY OBJECTS – WINDOWS SERVER 2008

 

There may be times when it is useful to use an existing Group Policy Object (GPO) as a template for a GPO on another server, or perhaps you just need to perform a GPO backup and restore. Here is how to export and import GPOs from the command line.

Starting the Group Policy Cmdlet in Powershell

Firstly, from the command line start powershell and import the Group Policy Cmdlet:

powershell

import-module
grouppolicy

Exporting a GPO

Check that the backup directory you wish to use exists. If not, create it.

Powershell command:

Backup-GPO
-Name
<GPOName>
-Path
<BackupDirectoryPath>

Example: to backup a GPO called “Example GPO” to the directory “C:GPOBackup”

Backup-GPO
-Name
"Example GPO"
-Path
"C:GPOBackup"

Importing a GPO

Keeping the same GPO Name

Powershell command:

Import-GPO
-BackupGPOName
<GPOName>
-CreateIfNeeded
-Path
<BackupDirectoryPath>

Example: to import a GPO called “Example GPO” from the directory “C:GPOBackup”

Import-GPO
-BackupGPOName
"Example GPO"
-CreateIfNeeded
-Path
"C:GPOBackup"

Renaming the GPO

Powershell command:

Import-GPO
-BackupGPOName
<GPOName>
-TargetName
<NewGPOName>
-CreateIfNeeded
-Path
<BackupDirectoryPath>

Example: to import a GPO called “Example GPO”, renaming it to “New GPO”, from the directory “C:GPOBackup”

Import-GPO
-BackupGPOName
"Example GPO"
-TargetName
"New