Search This Blog

Sunday, April 5, 2020

OneDrive client log location

As part of troubleshooting OneDrive Known Folder Move, I was trying to find location where OneDrive stores its log files.
The path for OneDrive logs is this one %LocalAppData%\Microsoft\OneDrive\logs

Unfortunately, as discussed in this forum post the logs are stored in .edl and .odl format and only Microsfot Support can analyze the logs.

Office 365 ProPlus will be rebranded to Microsoft 365 Apps

Microsoft recently announced that Office 365 Pro Plus will change their name to Microsoft 365 Apps. Some other Office 365 products will also be renamed, see https://www.microsoft.com/en-us/microsoft-365/blog/2020/03/30/new-microsoft-365-offerings-small-and-medium-sized-businesses/


Friday, April 3, 2020

How to solve Intune enrollment errors 0x80180026 and 0xcaa90014

Windows device management with Intune becomes more common, so we need to enroll (and autoenroll) devices in Intune.
One of the ways to enroll devices in Intune is to hybrid join them to Azure AD and then use group policy to autoenroll them to Intune.

In one of my projects I did exactly that, but for around half of devices autoenrollment failed. The first thing to check when autoenrollment fails is the DeviceManagement-Enterprise-Diagnostics-Provider Event Log.

There were two errors reported there:
Auto MDM Enroll: Device Credential (0x0), Failed (Unknown Win32 Error code: 0x80180026)

Auto MDM Enroll: Device Credential (0x0), Failed (Unknown Win32 Error code: 0xcaa90014)





As it turned out the problem was that for these Windows 10 devices old SCCM agent was running, after uninstalling the SCCM agent devices shortly appeared in Intune (autoenroll scheduled task tries to enroll to Intune every five minutes).

Saturday, March 7, 2020

How to solve SCCM client install error 0x87d0027e

In  a new SCCM environement I was installing SCCM client on a single computer, but the install failed, the SCCM client install log (C:\Windows\ccmsetup\Logs\ccmsetup.log) reported error 0x87d0027e.

As this was a new environment, it was not configured completely. I created a boundary for that network and then boundary group.
For the boundary group, select Properties, then References and "Use this boundary group for site assignement". After that retry SCCM client install and installs successfully.


Thursday, February 20, 2020

How to list attached ISO files to all Hyper-V machines

The event log for one of my Hyper-V hosts was full of "Failed to get disk information" errors, saying that it could not find attached ISO file. So I needed a command to list all VMs and their attached ISO files. To list all attached ISO files you just simply run this Powershell command:

Get-VMDvdDrive -VMName *

Thursday, February 13, 2020

How to clear local GPO cache

Group Policy is a very mature technology and it works near 100% of time. Recently I had one of these rare case when there were Group Policy issues.
The policy was removed from computer but the settings were left on the computer, gpupdate /force also did not help.
The solution was to clear local computer GPO cache. To do that, first you need to run Powershell as administrator and then execute this command:

Remove-Item "$env:windir\system32\GroupPolicy" -Force -Recurse

Tuesday, February 11, 2020

What is Configuration Manager baseline version?

If you hear the term Configuration Manager "baseline version" and don't know what it is, then here is a short explanation:

Configuration Manager baseline version can be used for new Configuration Manager installations, but non-baseline versions cannot. For example, if you want to install new Configuration Manager 1910 site, the you first need to install Configuration Manager 1902, which is a baseline version and then use in-console updates to upgrade to version 1910.

The updated list of Configuration Manager baseline versions and terminology is here https://docs.microsoft.com/en-us/configmgr/core/servers/manage/updates

There will not be a separate Windows 10 ADK version for build 1909

Windows Assessment and Deployment Kit (ADK) is a toolkit for assisting in Windows operating system deployment. So far Microsoft had released ADK for each Windows 10 build.
This has changed for Windows 10 v1909 as there will be no ADK for v1909, so version v1903 remains the latest at the moment and you can use it to deploy Windows 10 v1909.




https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install

Friday, February 7, 2020

Is it possible to convert Windows Server 2016 / 2019 from Desktop Experience to Core?

Recently I was asked if it was possible to convert Windows Server 2019 from Desktop Experience to Core version. I certainly new that this was possible but was not sure about Windows Server 2016 / 2019.
Apparently there is no way to convert Windows Server 2016 or 2019 from Desktop Experience to Core as documented here https://docs.microsoft.com/lv-lv/windows-server/get-started/getting-started-with-server-core?redirectedfrom=MSDN


Monday, February 3, 2020

Step-by-step: Prevent weak passwords in Active Directory using Azure AD Password Protection

Hello guys,

I already posted a few main details about Azure AD Password Protection, and here is a step-by-step guide how to implement it in your Active Directory.
Before you start, make sure that all the latest Windows updates have been installed and have Global Admin rights in Azure AD and Domain Admin rights in Active Directory.

1. Configure Azure AD

Go to the Azure Portal - Azure Active Directory - Security - Authentication Methods - Password Protection and enable password protection for Windows Active Directory and set the mode to audit.



2. Download the agents

Download the Azure AD DC agent and Azure AD Proxy Service agent, both can be found here

3. Install the Azure AD Proxy Service agent

Run the AzureADPasswordProtectionProxySetup.exe file, accept licence agreement and click install.


Open Powershell as administrator and execute these commands:

  1. Import-Module AzureADPasswordProtection
  2. Register-AzureADPasswordProtectionProxy -AccountUpn 'yourglobaladmin@yourtenant.onmicrosoft.com'
  3. Register-AzureADPasswordProtectionForest -AccountUpn 'yourglobaladmin@yourtenant.onmicrosoft.com'
  4. Use this command to check the configuration: 
  5. Get-AzureADPasswordProtectionProxyConfiguration | fl

4. Install the Azure AD DC agent

DC agent installation is as easy as it could be (except that it requires restart) - just run the installation file AzureADPasswordProtectionDCAgentSetup.msi on the domain controller, accept licence agreement and click Install:


Then click Finish and choose if you want to restart immediately:



4. Monitor weak passwords

Once installed you can monitor weak passwords in Event log under Applications and Services Logs - Microsoft - AzureADPasswordProtection - DCAgent - Admin



5. Block weak passwords

When you are ready configure Azure AD Password Protection Enforced mode to block the passwords. See the first step of this guide step .