Have you ever gotten this annoying error when trying to open old control panel settings from the new settings app? This usually occurs in a domain environment.
You can fix this by creating a Domain policy or locally through secpol.msc > Local Policies > Security Options > User Account Control: Admin Approval Mode for the Built-in Administrator account:
References:
https://martinsblog.dk/windows-server-2016-systemsettingsadminflows-exe-error/
Azure AD App Proxy allows you to publish an internal website to the internet. It is easy to set up and does not require inbound firewall rules. Traditionally, you would publish a website with the help of a reverse proxy, for example with Citrix Netscaler/ADC, KEMP Loadbalancer or F5.
In the Azure AD Portal (aad.portal.azure.com) open Application Proxy and firstly install the software on a server in the corporate network. Domain join is not a requirement, but is needed if you use Kerberos authentication.
You will need to log in with your tenant admin (or a M365 user that has the appropriate role).
After the installation, you should see the server in Azure AD App Proxy:
To then publish your site, select + Configure an app
Provide the internal URL along with the protocol (HTTPS or HTTP). You could select Azure AD in Pre Authentication and work with conditional access policies and require MFA for example. This example is using Passthrough Authentication.
Also some basic settings can be changed. To publish the site, hit + Add
After a few minutes, your site should be available:
You can also configure custom domains by verifying your domain(s) in Microsoft 365 by uploading your public certificate with the private key (pfx) and configuring the appropriate DNS record. For detailed information, check out the Microsoft docs below.
References:
https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy
After updating Exchange 2013/2016/2019 you might get an error when trying to open OWA or ECP. This happens because of an expired OAuth certificate.
Open Exchange Powershell and check if the certificate has expired:
Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint
If the certificate has expired, create a new one (do not forget to change the domain name):
New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName “cn=Microsoft Exchange Server Auth Certificate” -FriendlyName “Microsoft Exchange Server Auth Certificate” -DomainName “ajni.it“
Set the new certificate for OAuth:
Set-AuthConfig -NewCertificateThumbprint <ThumbprintFromStep1> -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig –PublishCertificate
Set-AuthConfig -ClearPreviousCertificate
Restart the Exchange IIS App Pools:
Restart-WebAppPool MSExchangeOWAAppPool
Restart-WebAppPool MSExchangeECPAppPool
If you still get the error in OWA/ECP, you either have to wait a couple of hours (some people have reported that they had to wait for up to 6 hours) or change the time zone of the Exchange server to UTC (Universal Coordinated Time).
References:
If you are having problems with Citrix Studio and Storefront being very slow on load, this article might help.
On Studio/Storefront startup, Windows tries to verify code integrity by checking the certificate revocation list (CRL) on the internet. If the server has no internet connection, this will result in the MMC being basically unusable. To fix this, CRL checking can be unchecked in the Internet Settings (intetcpl.cpl):
References: