In a previous post, I outline the steps for deploying Hybrid cloud print. Here are some noteworthy issues and errors you may encounter when deploying/ testing this solution through either of the supported pre-authentication methods, and some ways to remediate them. Publishing permissions. This error indicates that you do not have permissions print server management permissions or permissions to modify the Mopria database file. Address this by following steps #2 and #8 of the referenced post above. Read and Sign-in Authorization for Native client or web apps This error indicates that required permissions are missing on Native client or Web apps it further indicates that you’ve not delegated permissions to the app for required APIs, as outlined in steps #10 … Read More
Migrating from Mixed Mode AD FS to a Full Windows Server 2016 AD FS Farm
I recently designed a solution to provide AD FS high availability for a client, using Azure IaaS and PaaS. This necessitated deploying Windows Server 2016 AD FS servers to a Windows Server 2012 R2 farm in order to align with desired DR testing plan, and accommodate downtime schedules. This article will review the specific steps for making the cutover from a mixed mode AD FS environment to a full Windows Server 2016 AD FS farm. It will not go into detail about installing the AD FS roles. At the time of writing this article, adding Windows Server 2016 AD FS servers to a Windows Server 2012 R2 farm in a so-called “mixed-mode” scenario is fully supported, and you can subsequently … Read More
ESD Decryption Update KB3159706 Breaks WSUS on Server 2012 R2
Microsoft recently released an update KB3159706 that enables WSUS for Windows Server 2012/R2 to natively decrypt certain feature updates which are staged in encrypted packages. This is great, especially because this update supposedly fixes an issue with a previous update KB3148812. This update has however been found to break WSUS in Server 2012 R2. I was able to replicate this behavior in my lab environment. My lab environment features a simple WSUS installation integrate with ConfigMgr Software Update Point (SUP). As seen below, after the update is installed the WSUS service crashes and fails to restart, and this adversely affects the SUP role in ConfigMgr. I also determined that uninstalling the update addressed the issue, but a … Read More
Create a Certificate Template from a Server 2012 R2 CA
In order to export the private key for a certificate, you will need to base the certificate on a template that has that option enabled. While this task can be easily accomplished using PowerShell, I’ll document a step by step using the GUI to show what this entails. Open Server Manager in your CA, click Tools, select Certificate Authority Select your CA, select and right-click Certificate Templates, and right-click Manage In the Certificate Templates Console, select the relevant Template Display Name (Web Server in my case), right-click and select Duplicate Template In the resulting Properties of New Template window, leave the default compatibility settings for backward compatibility with older clients Click on the General tab, and enter the Template display … Read More
Certificate Private Key Error
While working with certificates today, I stumbled upon an error that indicated something was amiss with my CA certificate templates. Ordinarily I make only certificate templates with exportable private keys available in my CA web enrollment pages, and I’d explicitly requested and installed the certificate with the thumbprint shown in the error below. So I donned my sleuth knickers, and decided to delve a little deeper. An attempt to manually export the certificate with its private key from the certificate store indicated that there was no private key to be exported, as that option was greyed out I identified the certificate template from which the certificate was created in the MMC | Certificates snap-in, and then reviewed … Read More