SSL Certificate Template not showing up on Active Directory Certificate Services web page

In a previous Post I mentioned an issue that I had with a Certificate template on my Internal Enterprise CA not showing up when I tried to request a certificate.

After doing some digging I discovered that I had it set the template to "Build from this Active Directory information" when it should have been "Supply in the request" to make it show up in the list. 

So what you need to do is open the Certificate Template Console on your CA, and double click on the template that you need to have show up. Go to the "Subject Name" tab you will see this

Select Supply in the request and click OK.

If the template is already being served on your CA you will need to Delete it from the Certificate Template folder and re-add it in the same folder. 

Lync 2013 - Internal Certificate issue.

Over the last week I have been working on a certificate issue with Lync 2013. This has effected mobile clients and remote Windows and Apple machines. After Checking the event log on my Lync Front End Server I discovered that I was getting event log errors like this:

And as you can tell from the next picture they were showing up pretty regularly.

So I started googling and I found a few articles online and discovered that this is a known issue that MS Support is aware of but has not permanent fix. They are only offering workarounds at this time. The first one that I found said that the problem is caused by .NET Framework 4.6 and 4.6.1 being installed at the same time and required adding a registry key of the Front End Server which looked like this:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"RequireCertificateEKUs"=dword:00000000

This actually made things worse as it doubled the amount of errors I was getting in the event log.

So I moved on to this lovely technet article I found which worked for me and after reading it I discovered why the first method did not work.

https://blogs.technet.microsoft.com/uclobby/2017/05/24/lyncsfb-server-event-41026-ls-data-mcu-after-may-2017-net-framework-update/

 You see because I did not install Lync in the standard location (meaning the C: Drive) the registry key fix would not work. I actually ended up having to regenerate my internal certificates and modify my CA to issue a new certificate template which merges the Webserver Client and Server template.

I am not going to go into further detail on this as the above URL fixed my issue and has very good step by step instructions. I will however probably do a follow post on what happened when I tried to issue a certificate with that template the first time and what I had to do to fix that issue.

How to add vMA to Windows AD Domain

While working in my lab at work I wanted to see about adding my vSphere Management Assistant (vMA) to our lab Active Directory so it would be easier for me to connect to resources. After going through the process I decided to make a guide on the steps I took to get it working.

Just an FYI I was working with vSphere Management Assistant version 5.5.0.4 at the time of taking these screenshots so I am sure things may have changed in later versions... or not.

First you will need to get to the console of the machine.

Select the option to login

and log in using the vi-admin account

Once you are logged in you are presented with a command prompt. You will need to use the following command to add your appliance to a Windows domain.

Sudo domainjoin-cli join <domain.name> <Domain User Name>

You will then be prompted for the vi-admin password

Once your Appliance is added to the domain you will see a screen like this.

Once the reboot has been completed you will can verify that you are on the domain by running this command:

sudo domainjoin-cli query

and you will be presented with a response something line this

Now your appliance is on the domain and you will now have an easier time connecting to resources in your VMware environment.  

Exchange 2016 - Powershell Virtual Directory not working

So one of the projects that I have been working on lately is to setup a Mobile Device Management (MDM) solution for my company. One of the requirement to get email to Sync for the mobile devices was to connect the MDM server to our internal Exchange 2016 server using PowerShell.

One of the issues that I had been running into for a few days was that the MDM was not able to authenticate to our Exchange Server. I went through everything I could think of to fix this issue and to get it working (Check Firewall ports, SSL Certificates, User Permissions) but nothing was working. Then I remembered back to an post I did on here before about Active Sync and how I had to use a PowerShell command to recreate the Virtual Directory with the correct URL at the time of creation otherwise it will cause PowerShell to fail when you try to connect to it externally.

Well the funny thing about this whole situation is that during my troubleshooting I had to remove the PowerShell virtual directory in order to recreate it. Well... It turns out when you remove the PowerShell directory it also disconnects your PowerShell session to the Exchange server. Now fortunately I have a second Exchange server on the same Domain so I was able to run the command to create a new PowerShell Virtual Directory on that server and after turning off the Require SSL check box I was able to connect to the server again. Also my connection to the MDM Server was working as well!!!

Here is the command s that I should have used to create the PowerShell Virtual Directory.

To Remove the PowerShell Virtual Directory:

Remove-PowerShellVirtualDirectory “Powershell (Default Web Site)”



To Create the New Virtual Directory:

New-PowerShellVirtualDirectory -Name Powershell -RequireSSL:$False



To Reset IIS

IISRESET /noforce