Reinstate Missing BitLocker recovery tab in ADUC

Chiyo OdikaWINDOWS SERVERLeave a Comment

Quick fix for reinstating BitLocker recovery tab for locating and viewing BitLocker Drive Encryption (BDE) recovery passwords stored in Active Directory Domain Services (AD DS). The tab is enabled by the Active Directory BitLocker Recovery Password Viewer tool, which is an optional feature that is part of the BitLocker Drive Encryption Administration Utilities component of the Remote Server Administration Toolkit (RSAT). You can enable this feature manually through server manager or via PowerShell:

If you’d also like to install the manage-bde and repair-bde command line tools for BitLocker Drive Encryption, you can install the BDE Administration utilities.

Once the feature is enabled, you can view recovery passwords for computer objects and search for recovery passwords across your domain(s).

Chiyo OdikaReinstate Missing BitLocker recovery tab in ADUC

Migrating from Mixed Mode AD FS to a Full Windows Server 2016 AD FS Farm

Chiyo OdikaADFS, WINDOWS SERVERLeave a Comment

I recently designed a solution to provide AD FS high availability for a client, using Azure IaaS and PaaS. This necessitated deploying Windows Server 2016 AD FS servers to a Windows Server 2012 R2 farm in order to align with desired DR testing plan, and accommodate downtime schedules. This article will review the specific steps for making the cutover from a mixed mode AD FS environment to a full Windows Server 2016 AD FS farm. It will not go into detail about installing the AD FS roles.  At the time of writing this article, adding Windows Server 2016 AD FS servers to a Windows Server 2012 R2 farm in a so-called “mixed-mode” scenario is fully supported, and you can subsequently … Read More

Chiyo OdikaMigrating from Mixed Mode AD FS to a Full Windows Server 2016 AD FS Farm

SCOM 2016 Certificate Errors. Event ID 20049

Chiyo OdikaSCOM, WINDOWS SERVERLeave a Comment

In this article, I’ll review SCOM Certificate Event ID 20049. This error event can be seen during an attempt to initiate mutual authentication across untrusted boundaries such as in a gateway or workgroup boundary scenario. In SCOM, certificates will need to be used for mutual authentication between the management servers and any gateway servers/ agents when Kerberos-based mutual authentication is not possible. If there’s an issue with the certificate, mutual authentication will fail, and one of the errors you could likely encounter is as shown below: The event detail reads:  “The specified certificate could not be loaded because the key Usage specified does not meet OpsMgr requirements. The certificate must have the following usage types: Digital Signature, Key Encipherment.” This … Read More

Chiyo OdikaSCOM 2016 Certificate Errors. Event ID 20049

Create a Certificate Template from a Server 2012 R2 CA

Chiyo OdikaWINDOWS SERVER7 Comments

In order to export the private key for a certificate, you will need to base the certificate on a template that has that option enabled. While this task can be easily accomplished using PowerShell, I’ll document a step by step using the GUI to show what this entails. Open Server Manager in your CA, click Tools, select Certificate Authority Select your CA, select and right-click Certificate Templates, and right-click Manage In the Certificate Templates Console, select the relevant Template Display Name (Web Server in my case), right-click and select Duplicate Template In the resulting Properties of New Template window, leave the default compatibility settings for backward compatibility with older clients Click on the General tab, and enter the Template display … Read More

Chiyo OdikaCreate a Certificate Template from a Server 2012 R2 CA

Certificate Private Key Error

Chiyo OdikaWINDOWS SERVERLeave a Comment

While working with certificates today, I stumbled upon an error that indicated something was amiss with my CA certificate templates. Ordinarily I make only certificate templates with exportable private keys available in my CA web enrollment pages, and I’d explicitly requested and installed the certificate with the thumbprint shown in the error below.   So I donned my sleuth knickers, and decided to delve a little deeper. An attempt to manually export the certificate with its private key from the certificate store indicated that there was no private key to be exported, as that option was greyed out     I identified the certificate template from which the certificate was created in the MMC | Certificates snap-in, and then reviewed … Read More

Chiyo OdikaCertificate Private Key Error

Monitoring Azure IaaS with OpsMgr 2012 – Part 2


In the first part of this article, I introduced the concept of monitoring Azure IaaS VMs with OpsMgr, and briefly reviewed the prerequisite steps for setting up connectivity from your corpnet to the Azure network. In this part of the article, I will demonstrate the necessary configuration steps for monitoring the Azure VMs with OpsMgr. Recall that my lab is comprised of a AD domain, a OpsMgr Management group, and a Microsoft PKI, and that I have configured cross-premises connectivity to my Azure virtual network which contains my Azure VMs. We also confirmed that the test Azure VM, AppSrv2, can connect to the OpsMgr Management Server in my lab. The Azure VM is outside of the trusted environment of the … Read More

Chiyo OdikaMonitoring Azure IaaS with OpsMgr 2012 – Part 2

Monitoring Azure IaaS with OpsMgr 2012 – The basics


A customer recently posed a question, and it was one that coincided with a subject I had been meaning to write about for some time. Can virtual machines (VMs) running applications in Microsoft Azure be monitored with OpsMgr and if so, how does one configure this monitoring?  Yes, a VM running in Windows Azure IaaS is essentially a VM running an OS, and as such the VM and any applications that reside on it can be monitored with OpsMgr just like you would monitor any other on-premise VM. There are however two important considerations for the monitoring of the VMs in Azure. Cross-premises connectivity would have to be configured between your corporate network and the Azure network in order for … Read More

Chiyo OdikaMonitoring Azure IaaS with OpsMgr 2012 – The basics