For some time now I’ve been using the Microsoft Exchange Online Powershell Module that supports Azure multi-factor authentication (MFA) , but for an unknown reason it stopped working
When trying to connect to Exchange Online PowerShell using the code below with a global administrator account, I was getting an access denied error:
Connect-EXOPSSession -UserPrincipalName admin.bjorn@mydomain.nl
New-ExoPSSession : Create PowerShell Session is failed using OAuth
At C:\users\admin\adppdata\local\Apps\2.0\84VE2AT5.PKO\HHYLAA32.DC7\micr..tion_c3bce3770c238a49_0010.0000_90fa60bba125a33a\CreateExoPSSession.ps1:179 char:22
+ ... PSSession = New-ExoPSSession -UserPrincipalName $UserPrincialName -C ...
+
+ CategoryInfo : NotSpecified: (:) [New-ExoPSSession], Exception
+ FullyqualifiedErrorID : System.Exception,Microsoft.Exchange.Management.ExoPowerShellSnapin.NewExoPSSession
For me the solution was to install the Microsoft Exchange Online Powershell Module through Programs and then reinstalling it.
For more information about the new Exchange Online PowerShell module that supports Azure multi-factor authentication (MFA) see: https://technet.microsoft.com/en-US/library/ms.exch.eac.EXORPSMFAModuleLearnMore(EXCHG.150).aspx?v=15.1.860.4&l=1&s=BPOS_S_E15_0
Like this:
Like Loading...
Tags: Connect-EXOPSSession, Create PowerShell Session is failed using OAuth, Exchange online, Exchange Online PowerShell, MFA, multi-factor authentication, New-ExoPSSession, Office 365, outlook.office365.com, Powershell
When trying to connect to Exchange Online PowerShell using the code below with a global administrator account, I was getting an access denied error:
$usercredential = get-credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri<span class="Apple-converted-space"> </span>https://outlook.office3
65.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
New-PSSession : [outlook.office365.com] Connecting to remote server outlook.office365.com failed with the following
error message :
[ClientAccessServer=VI1PR08CA0018,BackEndServer=,RequestId=1c6b263f-08cf-4885-937c-e9c9808ddf89,TimeStamp=1/12/2017
2:46:41 PM] Access Denied For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
gTransportException
+ FullyQualifiedErrorId : -2144108477,PSSessionOpenFailed
I was able to succesfully logon to https://login.microsoftonline.com/ so the credentials were correct.
Also I had not enabled Multi-factor authentication because I knew this could be a problem.
I tried clearing credentials / cookies in browsers and credential manager.
Since this did not solve the issue, I started to search online for answers. The first result was : https://support.microsoft.com/en-gb/kb/2905767 which suggested I entered the wrong username/password or that I didn’t have the correct permissions (organization administrator).
Both where not the case.
I then came across this post where someone apparently had to reset the password: https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_manage/exchange-online-remote-powershell-access-denied/b91205bf-3419-4251-badc-4181af701d4f , but this was also not the case for me.
So I tried using the new Exchange Online PowerShell module that supports Azure multi-factor authentication (MFA) and the Connect-EXOPSSession cmdlet which did seem to work.
As it turns out, I accidentally tried to logon using <domain>\username instead of using my User Principal Name (UPN). When using my UPN it worked perfectly.
As a bonus though, now I have no excuse anymore to start testing with MFA
For more information about the new Exchange Online PowerShell module that supports Azure multi-factor authentication (MFA) see: https://technet.microsoft.com/en-US/library/ms.exch.eac.EXORPSMFAModuleLearnMore(EXCHG.150).aspx?v=15.1.860.4&l=1&s=BPOS_S_E15_0
Like this:
Like Loading...
Tags: Access Denied, Connect-EXOPSSession, Exchange online, Exchange Online PowerShell, MFA, multi-factor authentication, Office 365, outlook.office365.com, Powershell
OneNote is one of my favorite note taking applications. I use it on a large number of devices and platforms and like always having my notes available and up-to-date no matter what because they are stored synced to on OneDrive.
Recently I found it out that OneNote is freely available for many platforms at : https://www.onenote.com/download
After installing it I had some trouble getting it to work because a logon window appeared and quickly disappeared, not allowing me to access my notes.
For me the solution was as simple as opening OneNote’s web version on http://www.onedrive.com and asking it to open in OneNote. After that it kept working. I’m not sure why it happened and the solution is simple, but unfortunately it can take a while before you discover this simple workaround.
I hope this will save others the hassle.
Like this:
Like Loading...
Tags: disappears, Free, login, logon, OneNote
As some of you might know already, the Microsoft Ignite 2015 conference has started where Microsoft talks about where they’re going and what they’re doing. I watched the keynote, took many notes and added other relevant information which I’m sharing with you. Since so much was told and shown it’s certain I’ve missed stuff. As time goes by I will update the information in this post so it can be used as a reference.
I hope it’s useful. If you find any errors or have other useful resources or feedback, please leave a comment.
Update log:
-05-05-2015: Created Initial version including the keynote and additional information.
-
General information:
-
Enterprise Mobility Suite
-
SQL Server 2016
-
Windows Server 2016
-
System Center 2016
-
Operations Management Suite
-
Windows 10
-
Enterprise
-
Trustworthy
-
Security is #1 concern
- Balance between empowerment and security must be the goal
-
Modern architecture high level:
- Key security principles: Apply defense in depth and assume you have been breached
- Mobile device management and Mobile Apllication Management can help increase security, simplify management and improve the end-user experience.
-
Secure in an integrated way: Devices, Apps, Files, Identities
-
Windows 10
-
Many applications have been enhanced with:
- Mobile Application Management through Intune
-
Conditional Access
- Data Leakage Protection (DLP) on iPad: Not being able to copy/paste corporate data from a corporate app to a non-corporate/peronal app (by example Twitter), while allowing it between corporate apps like Outlook (version with these capabilities coming in Q2) and Word.
- Policy in Windows 10 can be configured to warn about copying data from corporate app to non-corporate app, but still allow it and logging the event.
- Supports multiple identities while still enforcing security and not allowing to copy corporate data between them.
- For more info: https://technet.microsoft.com/en-us/library/dn818907.aspx
- Azure RemoteApp can be used to easily enable people to use apps
-
Outlook : Protect a file that you share by email by using the Rights Management sharing application
- Uses Azure AD RMS
- Access (attempts) can be tracked including showing times and geographic locations using Azure RMS Document Tracking Public Preview
-
For more info:
-
Azure AD/EMS Cloud App Discovery
-
Insights available regarding access
-
Microsoft Azure Stack
-
Nano Server
- Nano Server is a remotely administered server operating system optimized for hosting in private clouds and datacenters. It is similar to Windows Server in Server Core mode, but markedly smaller. Also, there is no local logon capability, nor does it support Terminal Services. It takes up far less disk space, sets up significantly faster, and requires far fewer restarts than Windows Server.
-
More info:
-
Containers
-
Multi-cloud and hybrid cloud will become increasingly important
-
-
Content (co-)creation and sharing using Office, Skype For Business, HoloLens, etc
-
Azure
Like this:
Like Loading...
Tags: "Microsoft Ignite", #MSIgnite, Active Directory, Azure, Azure Active Directory, Azure AD RMS, Azure Stack, Cloud, Conditional Access, Cortana, Delve, device guard, EMS, Enterprise Mobility Suite, HoloLens, hybrid cloud, Hyper-V, Ignite, Intune, MAM, Microsoft Azure Stack, Microsoft Edge, Microsoft Hello, Microsoft Intune, Microsoft Passport, Mobile Application Management, MS Ignite, multi cloud, Nano, Nano Server, nested virtualisation, nested virtualization, Office 365, Office Delve, Office Sway, OMS, Operations Management Suite, Power BI, Project Spartan, RemoteApp, RMS, SCCM, Secure boot, SharePoint Server 2016, Spartan, SQL Server 2016, Sway, System Center 2016, Technical Preview 2, universal app, Windows 10, Windows Server 2016, Windows Update, Windows Update For Business
Today I helped a colleague troubleshoot a couple of systems were unable to activate using Key Management Service (KMS). Basically for this situation it boiled down to this:
Determine for the KMS service
- Which server is hosting the KMS service.If an SRV record has been added for KMS DNS auto discovery, run from CMD: nslookup -type=srv _vlmcs._tcp
- If the server hosting the KMS is functioning correctly:
- Check if the server is up and running.
- Check if the “Software Protection” service (sppsvc) is running.
- Verify if the KMS service is listening on port 1688: telnet localhost 1688
- Verify the KMS status. Run from CMD: slmgr.vbs /dli
- Verify if a KMS key is installed and activated.
- Verify if the minimum threshold for activation is being met.
- Verify if other clients are able to activate using KMS. Even though the output of “slmgr.vbs /dli” gives you an indication, you can use the “Volume Activation Management Tool” (VAMT) for more insight and functionality.
- Verify that a VLK key is being used.
For clients that are not able to activate
- Verify if the correct KMS server can be resolved correctly:
nslookup -type=srv _vlmcs._tcp
- Verify if the KMS can be contacted:
telnet <KMS FQDN or IP> 1688
- If this is not the case, perform a traceroute to determine potential causes. Reasons could include:
- No default gateway configured on the client to reach the KMS.
- No route configured on the client to reach the KMS.
- Firewall on the client is blocking the traffic.
- Firewall on the server is blocking the traffic.
- If it is a VM, the virtual network might be misconfigured.
- Routing on the network is not correct.
- Firewall on the network is blocking traffic.
- Clear any previous (mis)configuration: slmgr.vbs /ckms
- Attempt activation: slmgr.vbs /ckms
NOTE: If you have lots of systems where you need to clear configuration and then attempt activation, you can also perform slmgr.vbs on remote computers using:
slmgr.vbs TargetComputerName [username] [password] /parameter [options]
Additional information
If you haven’t been able to resolve the issue, you might want to take a look here:
Like this:
Like Loading...
Tags: 1688, CMD, command, command prompt, DNS, ICT, Key Management Server, Key Management Service, Key Management Services, KMS, Microsoft, nslookup, Office, slmgr, slmgr.vbs, VAMT, Volume Activation Management Tool, Windows, _vlmcs, _vlmcs._tcp
For some time now, I’ve been playing indoor soccer with friends and colleagues on a weekly basis. To do so, we rent a location and split the costs. Because the people and the number of people vary, it is tedious work to keep track of who needs to pay how much. Especially because not everyone can/will pay at the same time.
Since I’m lazy, I’ve created an Excel spreadsheet to help with that:
http://bjornhouben-web.sharepoint.com/Lists/Files/DispForm.aspx?ID=18
Here’s what it looks like (click for full image):
It is easily customizable, so I hope it is useful to you as well.
Like this:
Like Loading...
Tags: calculate, cost, Excel, indoor soccer, Office, soccer, spreadsheet
On a regular basis Microsoft and its partners host Free IT Camps. In the past I’ve blogged about them because I really think they’re a good way to quickly get up-to-date on products and technologies. Besides that it’s also a good way to get to know other people.
On the Microsoft Events website you can see which future events are available and not just IT Camps events.
Also should you not be able to attend an IT Camp, for Server 2012 you can also use IT Camps On-Demand.
Like this:
Like Loading...
Tags: Event, Events, Free, IT Camp, IT Camps, IT Camps On-Demand, Learning, Microsoft, Microsoft Events, Microsoft IT Camp, Microsoft IT Camps, MS IT Camp, MS IT Camps, study
