Monday, March 13, 2017

I've been setting up ADFS on Windows 2016 (server core) in my home lab for the first time and had some problems near the end.

All the directions I've been following state that to test your ADFS deployment once completed you can go to:

https://<FQDN>/adfs/ls/idpinitiatedsignon

I was able to access the site, BUT was receiving a fairly unhelpful error "An error occurred":


Looking at the ADFS event logs, it stated (in abbreviated form):


Microsoft.IdentityServer.Web.IdPInitiatedSignonPageDisabledException: MSIS7012: An error occurred while processing the request. Contact your administrator for details.

Long story short, apparently there is an ADFS property (EnableIdpInitiatedSignonPage) that by default is set to False.  It took me a while to figure out, hopefully this will help someone else.

To check it, open Powershell and run:

  1. Get-AdfsProperties
  2. Check to see if EnableIpdInitiatedSignonPage is set to False: 
  3. If it is, run: Set-AdfsProperties -EnableIdpInitiatedSignonPage $true
  4. Test your ADFS web page again (no need to restart): 
  5. You should be able to sign on now (hopefully).

Tuesday, February 5, 2013

Add an IP address to Internet Explorer's Local Intranet or Trusted Site Zone



  • Open Registry
  • Navigate to:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
  • Create Key named "Ranges" if it doesn't exist.
  • Create sub-key with any name (Range1 works).
  • Inside that key create new String Value.
  • Give it the name ":Range".
  • Give it the value of whatever IP you're trying to add.
  • Create a new DWORD value.
  • Give it the name "http" (or https).
  • Give it the value 1 (for Local Intranet or 2 for Trusted Sites Zone).
  • Close IE, reopen, try to access the site again.

Disable (via registry) Internet Explorer Automatic Configuration Proxy

I had a server that was receiving proxy configuration for Internet Explorer via group policy.  The policy was configuring the "Automatically detect settings" option and not allowing me to change it (it was grey'd out).

You can modify this setting via the registry:

  • Open Regedit
  • Navigate to: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  • Modify the "DefaultConnectionSettings"
  • The 9th bit of this key controls the setting.  The possible values of this that I'm aware of are:
    • 01 - Nothing is checked ("Automatically detect settings" or "Use automatic configuration script")
    • 05 - Only "Use automatic configuration script" is checked
    • 09 - Only "Automatically detect settings" is checked
    • 0d - Both are checked
  • Close Internet Explorer and open it again to verify the change has taken effect.

Monday, December 31, 2012

Proxy configuration from CMD line

How to set the proxy for the server from the CMD line.

Windows 2003

  1. Open a CMD prompt
  2. Type: proxycfg -p proxy.fqdn.com:8080, *.microsoft.com
    • Everything after the comma is for anything you want in the bypass proxy list.
  3. Hit ENTER
Windows 2008
  1. Open a CMD prompt, type:
    • NetSH
    • WinHTTP
    • Set Proxy proxy-server="PROXY.COM:8080" bypass-list="SERVER.COM"
    • Show Proxy

Kill a Terminal Server Session from the Command Line

How to Kill a Terminal Services Session from the Command Line

  1. Open a CMD prompt
  2. To query for current sessions, type:
    • qwinsta.exe /server:<servername>
  3. To kill a session, type:
    • rwinsta.exe /server:<servername> <session id>

How to delete an Outlook Calendar item that causes Outlook to crash

We had a customer who was trying to delete an Outlook calendar entry, but it wouldn't delete no matter what we tried or who tried to delete it.  We used the following steps to delete it:

  1. Download the MFCMAPI tool.
  2. Run the downloaded too
  3. Go to Session->Logon and Display Store Table
  4. Select your profile
  5. Select Mailbox
  6. Expand "Root Container"
  7. Right click "Reminders" and select "Open Contents Table"
  8. New Window Launches with Title Reminders
  9. Select all the reminder items listed there, Right click and select "Delete Message"
  10. Close MFCMAPI
Reopen Outlook and see if the problem entry is gone.

IIS 6.x - Encrypt Web.Config

Steps for IIS 6.x to encrypt web.config
  1. Create a custom RSA key container (MyKeys can be replaced with any name).
    • Open a CMD prompt
    • Navigate to: c:\windows\microsoft.net\framework\v2.0
    • Run the following command:
      • aspnet_regiis.exe -pc "MyKeys" -exp
    • Hit the ENTER key
  2. Find out what the identity of your ASP.NET application is running as.
    • Open Notepad
    • Paste in the following:
    • <%@ Page Language="C#" %> 
      <% 
      Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name); 
      %>


    • Save the file as "identity.aspx" somewhere within your website where you can access from a browser
    • Access this identity.aspx file from a browser.  Make note of the account it displays to you
  3. Grant the identity access to the RSA key container (created in Step 1).
    • Open a CMD prompt (if not already opened)
    • Navigate to: c:\windows\microsoft.net\framework\v2.0
    • Run the following command:
      • aspnet_regiis.exe -pa "MyKeys" "NameOfASP.NETaccountReturnedAbove"
    • Hit the ENTER key
  4. Specify an instance of a Protected Configuration provider in the web.config.
    • Open your web.config in Notepad or some other editor.
    • Make sure you have a <connectionStrings> section in your <configuration> section.
    • Add a <configProtectedData> section.  "MyProvider" can be replaced with any name.
      • Example:
        <configuration>
           <configProtectedData>
              <providers>
                 <add name="MyProvider"
                      type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
                            Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,
                            processorArchitecture=MSIL"
                      keyContainerName="MyKeys" 
                      useMachineContainer="true" />
              </providers>
           </configProtectedData>
         
           <connectionStrings>
              <add name="SqlServices" connectionString="Data Source=localhost;Integrated Security=SSPI;Initial Catalog=Northwind;" />
           </connectionStrings>
        </configuration>
        
  1. Encrypt the actual web.config.
    • Open a CMD prompt (if not already opened)
    • Navigate to: c:\windows\microsoft.net\framework\v2.0
    • Run the following command.  "MyApplication" should be replaced with your actual .NET application name:
      • aspnet_regiis.exe -pe "connectionStrings" -app "/MyApplication" -prov "MyProvider"
      • Or if using a UNC path:
      • aspnet_regiis.exe -pe "connectionStrings" "\\path\path\to\.net\directory -prov "MyProvider"
More information from Microsoft.