Microsoft XDR (Defender) - How to export - Advanced Hunting - Custom Detection Rules
Hello everyone, Our team is trying to export the Custom Detection Rules. We have more than 50 rules, so we need an automated process that allows us to export and import the rules. Currently, we see that the API function that allows this is still in beta:…
Defender for Identity - gMSA error
Hi All, Need your kind advice We are trying to configure Defender for Identity using gMSA account since its currently configured using service account and sensor working fine. When we change to gMSA, the sensor connection fails and get below error. All…
New AD CS 2022 Issuing won't start because the revocation server is offline, but all troubleshooting steps have passed successfully.
Hello, I'm currently in the process of standing up a Root CA and an Issuing CA in Windows Server 2022. The Root CA setup went fine, and I have both CA server publish their certificates and CRLs to an IIS server as per Microsoft’s documentation, but…
SMS deprecation July 2023
So my understanding is that in July 2023, user accounts that have MFA enabled will no longer be able to use SMS for MFA. You will not be able to add users to an exemption group that will allow them to still use SMS after July 2023. Microsoft will no…
Kerberos authentication with one-way forest trust
Hi together, We are trying to achieve the following setup: In "prod.local" domain, we have an IIS application running with domain service account as application pool user This service account will initialize some DCOM access…
Finding the reason for account lockout after password change krbtgt
Hello. We changed the password for the krbtgt account at 21:00 yesterday. Today at 13:30 we had accounts that were connected to one of the Exchange servers locked out for 15 minutes. 5 servers in DAG. On the domain controller I can see: Kerberos…
Root CA missing in CDP folder in Active Directory Sites and Services
Hello, In my 2-tier PKI my offline root CA isn't showing in CDP folder. When I executed those commands in PowerShell as administrator it showed no errors: certutil.exe -dspublish -f "C:\CertData\ADDB Labs Certificate Authority.crt"…
EnableCertPaddingCheck
Hello, The WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) recently started appearing on my Windows 10 machines. I've read that the solution is to add the following to the registry …
Unable to View Process Command Line for Event 4688 in Windows Server
There is an issue viewing the process command line in Process Information in Event Properties for Event 4688 in Windows Server, even after enabling the following settings in the local group policy: Computer Configuration > Policies >…
Why was the server reboot caused by installing the update ?
Hello. My server has been rebooted. I have determined why, but can't figure out the cause. Get-EventLog -LogName System -After (Get-Date).AddDays(-3) |? {$_.EventID -in (6005,6006,6008,6009,1074,1076)} | ft TimeGenerated,EventId,Message -AutoSize…
windows updates error
Hi All i am unable to update one of my windows server 2016, i am getting error(Error 0x80071a91) please guide me how to fix this.
+92 country code not supported
Hi microsoft support i am unable to add my number for Two step verification against my microsoft ID
How to unlock my school laptop
I factory reseted my laptop without changing the school email now I can't log in
How to verify what casued the event ID 4717 and, is it health?
We have received a alert from security event monitoring system that the Windows Security event ID 4717 is logged. However I am no idea to find the root cause of this event. I try my best to: Asked all account owners that no any action as that period. …
How to reschedule the exam which is now get started because of some protection in laptop
I have launched the OnVue application and went through all the verification and space testing activities after that one of your assistance call me and verify again the surrounding and he said the exam will start after 2 min but exam not get started then…
WS2022 IIS SMTP Server doesn't find TLS cert
We use an IIS SMTP server to relay emails from older scanners that don't support TLS to MS365 anonymous relay, which requires TLS. We're replacing an existing WS2012R2 server with SMTP with a new WS2022 server with the SMTP feature installed. The…
Multi-Provider Router (MPR) notifications
I need help on two GPOs. If I disable the policy below, will there be any impact besides issues with mapped network drives? Policy: Enable MPR notifications for the system --> Disabled Location: Computer Configuration\Policies\Administrative…
MS Security Baseline GPO Import Warning
Hello, I am running a Hyper-V test environment here. All devices (Hyper-V host as well as the VM's) are running under Windows Server 2022 Standard (with German interface). There is an AD DC as a VM via which I would like to distribute the MS Security…
Does NDES service support shadow certificate renewal via SCEP ?
I have a Standalone CA Server configured with NDES role service to support SCEP. Certificate enrollment from Cisco routers work fine with SCEP. Cisco is using a process named shadow renewal tied to CA cert rollover : Rollover is a special case where the…
How do I enter a GMAIL app password into Outlook 365?
I have had my gmail.com email account configured in Outlook for years. It just stopped working, and I guess "less secure apps" are no longer supported by Google and/or Microsoft (appears to have died end of 3Q24). Anyway, I have successfully…