New-Object PSObject Problem with Azure Automation

Microsoft Azure

I found a weird behaviour in Azure automation, if you use “New-Object PSObject” it runs perfectly fine when the script is executed directly (via the portal or the Powershell command “Start-AzureRmAutomationRunbook”). However if you try and do an inline call from another workbook it fails and errors out with something like:

the code i used initially was (snippet):

It seems like this command is no longer supported or runs correctly when the child workbook is called by another workbook. To get around this i recommend using the Powershell v3 method which works perfectly:

 

Google Domain Verification Azure DNS

Microsoft Azure

Before you can use your domain with G Suite/Google Cloud, you need to verify that you own it. This can be achieved simply by adding a txt verification record to your domain’s settings. Although Google do provide instructions for a lot of DNS providers such as AWS, GoDaddy etc…However I did notice that Azure was not included in this list.

For convenience I have outlined steps below if you are using Azure to manage the DNS Zone.

Get Verification Code

  1. Open a new browser window or tab, and sign in to your Google Admin console.
  2. Select the option to Verify Domain.
  3. Select Other from the provider list
  4. Select the Add a domain host record (TXT or CNAME) verification method.
  5. Copy the complete contents of the Value/Answer/Destination field. The contents should have “google-site-verification=” at the beginning. This is the verification record that you will submit to your domain host.

Add Verification Record to Azure DNS

  1. Open a new browser window or tab, and sign in to your Azure Portal.
  2. Open up DNS Zones
  3. Select the Domain
  4. Click add Record Set
  5. It will already prefix with your domain, so either leave blank or use @. However if you are using a subdomain enter the subdomain such as test.contoso.com. Although the @ should cover the complete domain, I noticed the google verification process was looking for the exact subdomain record
  6. Select TXT from the Type dropdown
  7. Leave TTL as 1 Hour
  8. In the Value field paste the google site verification string
  9. Click Ok to create the record

Now return back to google and finish the verification process. It may take up to 72hr for some changes to take effect.

Using nslookup, you can verify to see if the TXT record is returned.

From command prompt:

nslookup
set type=txt
subdomain.yourdomain.com

 

 

 

Azure Public and Internal Load balancer for the same availability set

Microsoft Azure

This is one people keep asking me which Microsoft hasn’t published officially. Currently Microsoft Azure allows you to have a public and private load balancer in front of the same availability set.

You can also link both load balancer to the same machines in the availability set. This will enable your servers to have a load balanced private and public IP, which comes in real handy.

You can also link the public to some of the machines and the private to other machines in the availability set.

 

Web Application Proxy Event ID 12019 – (0x8007007b)

Windows

For anyone that has received the below WAP error, especially in Server 2016, please make sure that the published application name does not have any forward slashes “/”.

It seems to like other characters like: “wqe.()-_\sdfds123″££$%%” but not forward slashes.

 

OMS and Power BI Integration Schedule

Microsoft Azure

This is more of a gotcha than anything else but when you’re setting up a schedule to export OMS queries/logs to Power BI please be aware that the initial schedule you setup will also be the historical data it retrieves. What I mean by that is, if I setup a schedule for 24 hours (which is currently the max) in its initial sync it will export the data from that point back 24 hours. So don’t be surprised if you only have the last x amount of data, once the schedule is running it will keep exporting every x hours or minute whatever you have setup so your data over time will grow beyond the schedule you initially setup.

This does raise some concerns and questions:

  • What happens if the sync fails, most likely you will lose some data and it will not be consistent
  • How do I export all the data and sync I? For the moment you can export it to CSV and then import it in PowerBI.
  • You could cheat and set a schedule for 24 hours let it sync and then change it to an hour, this will at least get you the 24 hours rather than just an hour of historical data
  • Is this going to change as this feature is still in preview?

Intune Remote Wipe for Mac OS X

Microsoft Azure

As i couldn’t find this information anywhere online and had to get confirmation from Microsoft i am posting it here. As of writing this article and most likely for at least the next 3 months Microsoft Intune does not support Remote wipe, both Full and Selective for OSX (macOS). So take this into account when plaing your deployments.

Intune does however support Windows, Android and the ISO as described here https://docs.microsoft.com/en-gb/intune/deploy-use/use-remote-wipe-to-help-protect-data-using-microsoft-intune

Microsoft Dynamics NAV 2015 Wildcard Certificate Problem

Windows

I had a problem the other day trying to get Dynamics NAV 2015 to work with a wildcard certificate.While the server started ok, clients couldn’t connect and the error message at the end of this post appeared. The problem seem that you need to define the DnsIdentity on all clients, seems like the client application can’t recognize wildcard dns names automatically and you need to define it yourself. The down side of this is that all clients need to make this modification, while using normal certificates connect clients automatically. So if you do decide to go down this route be aware of this. The fixes are defined below.

To fix it on the client side:

modify the “C:\Users\username\AppData\Roaming\Microsoft\Microsoft Dynamics NAV\80\ClientUserSettings.config” to include the proper certificate name for DnsIdentity :

To fix it on the Nav Server Web Instance:

you can modify the web.config of your Nav web instance for example “C:\inetpub\wwwroot\Mynav” to include the proper certificate name for DnsIdentity :

You can also run the powershell command from Navs powershell:

 

The error on the Nav Web Instance or Client:

How To Install Oracle Instant Client v12 For Xampp v7, v5.5 & v5.6 (Windows)

Windows

Below you will find the instructions on how to configure/install and enable the Oracle Instant Client for XAMPP v7, v5.5 and v5.6.

  1. Download and install XAMPP from https://www.apachefriends.org/download.html
  2. Modify the php.ini in “C:\xampp\php”
    • Uncomment the following line “;extension=php_oci8_12c.dll  ; Use with Oracle Database 12c Instant Client”
    • Restart Apache
  3. Download the 32 bit (PHP is 32 bit so no need to 64) Oracle Instant Client from http://www.oracle.com/technetwork/topics/winsoft-085727.html
    • You need both Instant Client Package – Basic and Instant Client Package – SDK
    • Unzip both in “C:\php-sdk\oracle\x86\instantclient_12_1″ and “c:\php-sdk\oracle\x86\instantclient_12_1\sdk” respectivly
  4. Add the directory “C:\php-sdk\oracle\x86\instantclient_12_1″ to the windows path veritable
    • Under system Properties click Environment Variables
    • system-properties
    • Edit the Path variable
    • environment-variables
    • You need to reboot windows
  5. (Optional)If you want to specify the oracle connections in the tnsnames.ora file:

Thats it 🙂

 

ADFS 3.0 Cancel Button Redirection and Password Change Link

Windows

ADFS 3.0 Cancel Button Redirection

I got asked the other day if i can get the ADFS cancel button on the Update Password page (Expired Password) to redirect back to the original page. After some searching i found a lot of people asking for this feature but no solutions. So below is my own coded solution to solve this problem all you need to do is add it to the end of onload.js, instruction are below the code.

The code will work with:

  • All java enabled browsers
  • Will work with any domain
  • Will work with expired password redirection
  • Will work with all endpoints
    • /adfs/ls/idpinitiatedsignon.aspx
    • /adfs/oauth2/authorize
    • /adfs/ls/

Use the following steps when customizing the onload.js for the AD FS service (Note these steps are taken from: https://technet.microsoft.com/en-us/library/dn636121.aspx).

Customizing onload.js for the AD FS Service

  1. To add your custom logic to onload.js, you need to first create a custom web theme. The theme that is shipped out-of-the-box is called Default. You can export the default theme and use it so that you can start quickly. The following cmdlet creates a custom web theme, which duplicates the default web theme:

  2. You can then export the custom or default web theme to get onload.js file. To export a web theme, use the following cmdlet:

    You will find onload.js under the script folder in the directory that you specify in the export cmdlet above and add your custom logic to the script (see use cases in the Example section below).

  3. Make the necessary modification to customize onload.js based on your need.

  4. Update the theme with the modified onload.js. Use the following cmdlet to apply the update onload.js to custom web theme:

  5. To apply the custom web theme to AD FS, use the following cmdlet:

Password Change Link

So with the above implementation (which works great for expired passwords) we also needed to modify our password change link for any users wanting to change there password via ADFS before it has expired as show in the below screen shot:

adfs-password-change-link-screen

The below code will give you exactly that ability, implementation instruction are located below. You only need to modify the text in the <p> </p> tags to whatever suits your needs. Please leave the link section “<a onclick=”RedirecToPSChange()” href=”#”>” as is or the script will not work.

The above code can be loaded easily by running the Set-ADFSGlobalWebContent and passing the whole code. Tip you single quotes as shown below:

adfs-password-change-link

ADFS 3.0 default login domain

Windows

The below script is a modification of the Microsoft script found here: https://technet.microsoft.com/en-us/library/dn636121(v=ws.11).aspx. I have added some extra feature missing from the original as well as the ability for default login domain to work in the change password dialog as well. The script below will give you the following benefits:

  • The ability to set a default domain for ADFS both on the login page and in the change password page.
  • Other users can still specify a domain or a UPN in which case the script will not append the domain to the front
  • Works on any Java enabled browser

You only need to change the “MYDOMAIN” in the two places below and that’s it the script is ready. Then just add it to the end of onload.js, you can use the instructional on https://technet.microsoft.com/en-us/library/dn636121(v=ws.11).aspx for instructions on how to load it.