One of the most historically difficult problems to address in IT is usernames and passwords for multiple applications. We all have a multitude of accounts we have to manage. Bank accounts, social media, email, work accounts, cloud storage, and every other system we use relies on usernames and passwords to “authenticate” who we are. There are a number of different solutions for this problem, but the most user friendly method is a technique called “Identity Federation.”…
If you have set up a new Hybrid configuration with Office 365 lately, you will notice a new option in the Hybrid Config Wizard, the Hybrid Agent. Before I go into my personal views on this new option and whether you should use it, let me first explain what this agent does. Note: Before I start, I should state that I have not had an opportunity to test the Hybrid agent’s features yet, so there are still a few questions I have about it.…
IT people, for some reason, seem to have an affinity towards designing solutions that use “cool” features, even when those features aren’t really necessary. This tendency sometimes leads to good solutions, but a lot of times it ends up creating solutions that fall short of requirements or leave IT infrastructure with significant short-comings in any number of areas.…
Problems
If you have managed an Exchange server in the past, you’ve probably been required to set things up to allow printers, applications, and other devices the ability to send email through the Exchange server. Most often, the solution to this request is to configure an Anonymous Open Relay connector. The first article I ever wrote on this blog was on that very subject: http://wp.me/pUCB5-b…
So you’re trying to get Direct Access (DA) running in your environment and you suddenly realized that your test machine can no longer access…anything. Well, this may be due to the “accidental” enabling of “Forced Tunneling” in your DA configuration. How do you fix it? You can pretty easily reconfigure your DA configuration to disable Forced Tunneling, but unless your test machine is directly connected to your AD environment, you’ll never be able to get the Group Policy updates on your test machine.…
In a previous post I explained how you can use a SRV record to resolve certificate issues with Autodiscover when your Internal domain isn’t the same as your Email domain. This time, I’m going to explain how to fix things by making changes to Exchange and Active Directory that will allow things to function normally without having to use a SRV record or any DNS records at all, for that matter.…
DirectAccess is a relatively new approach to remote connectivity for domain connected devices. It is basically an always on VPN that utilizes IPSec Tunneling to allow access to external client machines. There is no need to deploy or create VPN profiles or handle RADIUS authentication and other such complexities, but the system does utilize PKI (Public Key Infrastructure) to enable a secure VPN tunnel.…
One of the subjects that doesn’t get a whole lot of coverage in IT is how to name an Active Directory domain. There’s a lot of confusion around the how and why to name a Domain primarily because the best practices for doing so have changed a number of times over the past decade or so.…
The Issue
Ever since Outlook 2016 was released, Autodiscover has been a necessity, rather than an option.
Autodiscover allows any Mail Client that connects to Exchange server to configure the appropriate settings for communication so you don’t have to input everything manually. It’s very handy, but can cause certificate errors if not configured correctly. One issue you may run into occurs most often with Exchange Organizations with non public DNS domains like domain.local.…