IT Concepts – What is Identity Federation

One of the most historically difficult problems to address in IT is usernames and passwords for multiple applications. We all have a multitude of accounts we have to manage. Bank accounts, social media, email, work accounts, cloud storage, and every other system we use relies on usernames and passwords to “authenticate” who we are. There are a number of different solutions for this problem, but the most user friendly method is a technique called “Identity Federation.” Now that the cloud is becoming more important to business functions, IT needs to simplify the relationship between devices that access corporate resources and the resources themselves.…

Continue Reading →

Office 365 Hybrid Agent – An Overview

If you have set up a new Hybrid configuration with Office 365 lately, you will notice a new option in the Hybrid Config Wizard, the Hybrid Agent. Before I go into my personal views on this new option and whether you should use it, let me first explain what this agent does. Note: Before I start, I should state that I have not had an opportunity to test the Hybrid agent’s features yet, so there are still a few questions I have about it.…

Continue Reading →

Designing Infrastructure High Availability

IT people, for some reason, seem to have an affinity towards designing solutions that use “cool” features, even when those features aren’t really necessary. This tendency sometimes leads to good solutions, but a lot of times it ends up creating solutions that fall short of requirements or leave IT infrastructure with significant short-comings in any number of areas.…

Continue Reading →

Do I need Anonymous Relay?

Problems

If you have managed an Exchange server in the past, you’ve probably been required to set things up to allow printers, applications, and other devices the ability to send email through the Exchange server. Most often, the solution to this request is to configure an Anonymous Open Relay connector. The first article I ever wrote on this blog was on that very subject: http://wp.me/pUCB5-b . …

Continue Reading →

Disabling Direct Access Forced Tunneling

So you’re trying to get Direct Access (DA) running in your environment and you suddenly realized that your test machine can no longer access…anything. Well, this may be due to the “accidental” enabling of “Forced Tunneling” in your DA configuration. How do you fix it? You can pretty easily reconfigure your DA configuration to disable Forced Tunneling, but unless your test machine is directly connected to your AD environment, you’ll never be able to get the Group Policy updates on your test machine.…

Continue Reading →

Exchange Autodiscover – The Active Directory SCP

In a previous post I explained how you can use a SRV record to resolve certificate issues with Autodiscover when your Internal domain isn’t the same as your Email domain. This time, I’m going to explain how to fix things by making changes to Exchange and Active Directory that will allow things to function normally without having to use a SRV record or any DNS records at all, for that matter.…

Continue Reading →

Resolving DirectAccess Connectivity Issues (The easy solution)

DirectAccess is a relatively new approach to remote connectivity for domain connected devices. It is basically an always on VPN that utilizes IPSec Tunneling to allow access to external client machines. There is no need to deploy or create VPN profiles or handle RADIUS authentication and other such complexities, but the system does utilize PKI (Public Key Infrastructure) to enable a secure VPN tunnel.…

Continue Reading →

Configuring Autodiscover for Internal DNS

The Issue

Ever since Outlook 2016 was released, Autodiscover has been a necessity, rather than an option.

Autodiscover allows any Mail Client that connects to Exchange server to configure the appropriate settings for communication so you don’t have to input everything manually. It’s very handy, but can cause certificate errors if not configured correctly. One issue you may run into occurs most often with Exchange Organizations with non public DNS domains like domain.local.…

Continue Reading →