DHCP migration between different server languages

Sometime happen (hopefully) that you have to dismiss old and not supported Operating System (aka Windows 2003) and during the process you need to move the DHCP server.

If both server have the same language, you will not face any problem but, if source and target server are in different languages (sometime, for no good reasons, IT technicians install the OS in their own language instead of English), the import process will fail to match the correspondent DHCP class.

The error raise is: Error while importing class “Default BOOTP Class”. This class conflicts with the existing class “Default BOOTP Class”.

Here the manual workaround to solve this.

Read More

Exchange Server Object ID Error

I had an error with Exchange Control Panel and Windows 2016 Domain Controller: The access control entry defines the ObjectType ‘9b026da6-0d3c-465c-8bee-5199d7165cba’ that can’t be resolved.

Exchange Error

The error will be raised as you open the ECP and view the Mailbox Delegation tab of any user account. Moreover this error doesn’t appear if you have an hybrid deployment with Office 365. Read More

CredSSP: RDP problem when not all the systems are update

In April 2018 Microsoft released an update to address a specific CVE that involve Credential Security Support Provider protocol (CredSSP): CVE-2018-0886 

This update was released for all the supported Windows Operating Systems. Even though I recommend to keep your server up to date, most of the customers don’t have automatic procedure to update the systems on regular basis (SCCM could be the right answer).

Here is where problems start.

Scenario

An update client with 2018-05 Update try to connect to a servers without the May update or vice versa a client without the update try to connect to a server with the May update installed.

In both situation the same error pop up:

An authentication error has occurred. The function requested is not supported. Remote computer: <computer name or IP>. This could be due to CredSSP encryption oracle remediation. For more information, see https://go.microsoft.com/fwlink/?linkid=866660.

Read More

Certification Authority Enhanced RPC security

Certification Authority 2012/2012R2 and XP clients

Some Customers still have Windows XP though it is in End of Support since 8 April 2014. I found one of this *#$%§ clients where I have an 802.1x implementation with an Enterprise Certification Authority with Windows Server 2012 R2.

Why I detailed my configuration? Because Windows 2012 and newer raised RPC security settings even on PKI CA and this cause failing certificate requests on Windows XP/Windows Server 2003.
When trying to issue certificate on Windows XP I got the error “The certificate request failed. The permissions on this certification authority do not allow the current user to enroll for certificates. ”

At first glance it has to be Permissions issue but when I verify them on CA and on the template level they are ok. If we go to the “Failed Request” container on CA we cannot see any request which has been denied by the CA. This is because the request is never delivered to the server.

So how to let Windows XP enroll certificates from Windows 2012/2012R2 Certification Authority?

  1. Upgrade Windows clients to higher OS as XP is not supported anymore
  2. Disable Enhanced RPC security for certificate requests

In my case, the first option wasn’t viable.

Read More