31 C
Dubai
Thursday, May 1, 2025
Home Blog Page 42

Work Folders Failed to create a user folder for a sync share 0x80070005 Access is denied

Satheshwaran Manoharan
-
0
Work Folders Failed to create a user folder for a sync share 0x80070005 Access is denied

Work Folders users can store and access work files on personal/Enterprise computers and Corporate devices. Users gain a convenient location to store work files, and they can access them from anywhere syncs to the servers just like One Drive. Organizations maintain control over corporate data by storing the files on centrally managed file servers, and optionally specifying user device policies such as encryption and lock-screen passwords.

image

image

Group Policy Settings

image

Some Users started getting Access Denied Issue all of a sudden. Where new configurations doesn’t seem to work.

Gpupdate started failing as well.

The Following Warnings were encountered during user policy processing: Windows failed to apply the work folder settings. Work folders settings might have its own log file. Please click on the “More Information” link.

For More detailed information . review the event log or run GPRESULT /H GPReport.html from the command line to acces information about group policy results.

image

image

There was a problem retrieving a user attribute from Active Directory Domain Services. This can occur if this server could not reach a domain controller or if the attribute has not been set.
No action is required unless you deployed Work Folders with multiple sync servers, want users to automatically discover their sync server, and the msDS-SyncServerUrl user property is listed below.
User: Sathesh; User property: msDS-SyncServerUrl; Error code: (0x80c80036) ECS_E_AD_PROPERTY_NOT_FOUND

image

Failed to create a user folder for a sync share. Sync share: workfolders; Folder path: \\?\W:\workfolders\sathesh; User: Sathesh; Error code: (0x80070005) Access is denied.

_

Created an Empty Group with a dummy user

image

Added to Sync Access Applied. It reset the permissions of Work Folders.

Access Denied Users were able to create folders and sync them without any issues.

image

Windows Server 2016 Activation via Phone

Satheshwaran Manoharan
-
0
Windows Server 2016 Activation via Phone

Install Product Key

slmgr.vbs /ipk "XX9RK-3XXXX-CKXXX-WXXXW-XXX67"

image

Create Installation ID –

Cscript.exe %windir%\system32\slmgr.vbs /dti

Split the digits like 3765111 1729914 6850651 4457015 8812126 3111161 6707490 6912232 1111105

Enter into the Windows Activation Phone system.

Enter the Confirmation ID Like below –

slmgr.vbs /atp 165442309031851983177574428991337991025874692202

image

Anonymous Application relay connectors in Exchange 2016

Satheshwaran Manoharan
-
4
Anonymous Application relay connectors in Exchange 2016

Lets see how to create an Anonymous Application relay connectors in Exchange 2016. Every Application needs to have relay permission when they need to send out email using Exchange server.

Like ticketing systems ,Monitoring servers to CRM applications.

Relaying in simple terms –

Email relaying is using an email server to send out emails which does not originate on the
email server.Most Commonly used for fax servers, CRM , Email Routing from different forests etc..

Powershell –

New-ReceiveConnector -Name "Relay" -RemoteIPRanges ("10.128.57.54","10.128.57.55") -TransportRole "FrontendTransport" -Bindings ("0.0.0.0:25") -Usage "Custom" -Server "Servername.azure365pro.com"
Set-ReceiveConnector -Identity "Servername\Relay" -PermissionGroups "AnonymousUsers"

image

Get-ReceiveConnector "Servername\Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

GUI – 

Step 1 –

Login to Exchange Control Panel – Mail Flow – Receive Connectors – Click “+”

Choose “FrontEnd Transport”

image

image

Remove the whole range. Enter the required IPs which needs to be allowed for relay.

image

Double click on created connector – Security – Choose Anonymous users –

image

 

Step 2 –

Giving permission to the Receive connector to accept any recipient

Get-ReceiveConnector "Servername\Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

image

Step 3 – TESTING

lets test the same from an windows machine using simple telnet – Assuming the relay ip which i added is a windows machine

Open Server Manager – Manage – Add Roles and Features

image

Next and Finish to install

Open Powershell –


telnet Exch2016D.dubai.com 25
Helo
MAIL FROM: cloud@Application.com
RCPT TO: info@domain.com
DATA
"SUBJECT:My Subject"
Test
.

image

As i received the email – The relaying works without any issues.

Securing these connectors are very important . Lets say its a buggy application sent out 2000 emails. Exchange can be overloaded with Logs etc. .

Recommendations to Secure these Connectors – 

  • Validating Application configurations using valid SMTP domain.
  • Enable Verbose Logging in these Relay Connectors Properties to see the connectors activity logs (Server Level Only).
  • Setting Proper Banner on Relay Connectors useful while troubleshooting 
    Set-ReceiveConnector EXCH2016\RELAY -Banner "220 Exch 2016 Relay for Authorized Applications"
  • Setting Rate Limit on Relay Connectors – 200 Messages Per Minute for Example 
    Set-ReceiveConnector EXCH2016\RELAY -MessageRateLimit 200
  • Blocking Telnet.exe in Application servers using anti-virus. Prone to Mail worms/Storming Exchange Servers.
  • Add Logging to Verbose to See Logs with Source IP information
Set-ReceiveConnector EXCH2016\RELAY -ProtocolLoggingLevel Verbose

Logging Location –

Get-FrontendTransportService EXCH2016 | fl *Receive*

Default Location –

C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive

Note that any applications you are allowing should use a valid domain to send out emails as there is a risk of IP getting blacklisted when huge junk emails are sent out using applications. Its always recommended to set a message rate limit on anti-spam servers as well.

Integrating various systems with Authentication on Exchange Server

Satheshwaran Manoharan
-
0
Integrating various systems with Authentication on Exchange Server

Securing all the sources of Exchange servers with Authentication is a more significant challenge. But Securing it makes like a lot easier when accounts get compromised. Only One particular email gets compromised.  Also, when the application team wishes to move to authentication, there should not be any changes from the exchange side when they add or remove applications. That’s why submitting a message on 587 becomes handy with IMAP, where you don’t need any additional configuration on the Exchange server.

Default IMAP Settings for Outlook on Exchange Server. Make sure Outlook works well before testing with any Application with Authentication. I wish to have most of the common applications in the same article.

image
.

Lets see how to integrate Oracle service-oriented architecture (SOA) with IMAP Integration to Process and notify users via emails

Always use Specified Send Address if you use the default address. It will try to Send As for all the workflow specified.

Note: Recommended to use separate mailboxes for each workflow.

image
.

Message Folder INBOX

Note: We are just using the default IMAP Settings of the exchange server. No Addition configuration is required on the exchange server. Just the initial IMAP has to be appropriately configured with SSL.

image
.

Lets see how to Configure Manage Engine Service Desk Plus with IMAP Authentication.

image
.

Using HP Printers with Authentication

.

Force Expire the password using Change Password at Next Logon

Satheshwaran Manoharan
-
0
Force Expire the password using Change Password at Next Logon

There are so many Scenarios if you wish to force users to change password.

  • Precautionary measure to Secure the accounts after an attack
  • Any Sort of infection found in the network. its always recommended to reset the users password.
  • Mitigating phishing attached if multiple users shared the credentials on an unknown link.

To Set Change Password at next logon for a Specific Organizational Unit (OU) using PowerShell

Get-ADUser -Filter * -SearchBase "OU=0000-000,OU=01 Users,DC=adp,DC=ae" -Properties * | Set-ADUser -ChangePasswordAtLogon $true –Verbose

image

To Skip the users who changed the password in the last two days . Use the Current day and the last day.

Get-ADUser -Filter * -SearchBase "OU DISTINGUISHED NAME" -Properties * | Where-Object{($_
.PasswordLastSet -notlike "10/24/2018*") -and ($_.PasswordLastSet -notlike "10/25/2018*")}

image

To Skip the users who changed the password in the last two days . Use the Current day and the last day. also skipping the users who have password at next logon already checked

Get-ADUser -Filter * -SearchBase "OU DISTINGUISHED NAME" -Properties * | Where-Object{($_ .PasswordLastSet -notlike "10/24/2018*") -and ($_.PasswordLastSet -notlike "10/25/2018*") -and ($_.pwdlastset -notlike "0")}

Note : If Password next logon is checked – pwdlastset will be set to “0”

image

To Skip the users who changed the password in the last two days . Use the Current day and the last day. also skipping the users who have password at next logon already checked

Also skipping the users where password never expires is checked.

Note : We cannot apply Changed Password at next logon on Accounts where password never expires is set to true

Get-ADUser -Filter * -SearchBase "OU DISTINGUISHED NAME" -Properties * | Where-Object{($_ .PasswordLastSet -notlike "10/24/2018*") -and ($_.PasswordLastSet -notlike "10/25/2018*") -and ($_.pwdlastset -notlike "0") -and ($_.passwordneverexpires –notlike "$true") }

image

To List Users where Password Never Expires is Checked on a Specific Organizational Unit

Get-ADUser -Filter * -SearchBase "OU DISTINGUISHED NAME" -Properties * | Where-Object{$_.passwordneverexpires –like "$true"}

image

Finding Distinguishedname for an OU using Active Directory Users and Computers

image

image

.Net 4.7.1 Offline Installation

Satheshwaran Manoharan
-
0
.Net 4.7.1 Offline Installation

.Net 4.7.1 Offline Installation in a secure environment.

https://www.microsoft.com/en-us/download/details.aspx?id=56116

clip_image001

Blocking Issues:

The Update corresponding to KB2919355 needs to be installed before you can install this product on Windows 8.1 or Windows Server 2012 R2.

https://www.catalog.update.microsoft.com/search.aspx?q=kb2919355

image

Install rest of the patches then install KB2919355 707 MB file . so that it will install.

image

Now .net 4.7.1 Installation will Proceed.

image

1...414243...113Page 42 of 113

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

ABOUT ME

Satheshwaran Manoharan - Microsoft MVP - Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Contact : Info@Azure365Pro.com

FOLLOW US

© Azure365Pro.com

× How can I help you?