IMPORTANT ANNOUNCEMENT FOR OUR READERS!
AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at https://aka.ms/CISTechComm (hosted at https://techcommunity.microsoft.com). Please bear with us while we are still under construction!
We will continue bringing you the same great content, from the same great contributors, on our new platform. Until then, you can access our new content on either https://aka.ms/askpfeplat as you do today, or at our new site https://aka.ms/CISTechComm. Please feel free to update your bookmarks accordingly!
Why are we doing this? Simple really; we are looking to expand our team internally in order to provide you even more great content, as well as take on a more proactive role in the future with our readers (more to come on that later)! Since our team encompasses many more roles than Premier Field Engineers these days, we felt it was also time we reflected that initial expansion.
If you have never visited the TechCommunity site, it can be found at https://techcommunity.microsoft.com. On the TechCommunity site, you will find numerous technical communities across many topics, which include discussion areas, along with blog content.
NOTE: In addition to the AskPFEPlat-to-Core Infrastructure and Security transformation, Premier Field Engineers from all technology areas will be working together to expand the TechCommunity site even further, joining together in the technology agnostic Premier Field Engineering TechCommunity (along with Core Infrastructure and Security), which can be found at https://aka.ms/PFETechComm!
As always, thank you for continuing to read the Core Infrastructure and Security (AskPFEPlat) blog, and we look forward to providing you more great content well into the future!
Hey y'all, Mark, Tom and Lakshman are back for another mailbag. All of our NFL teams are out of the playoffs but I promise you this mailbag meets the proper inflation requirements for a blog post. Sorry Boston I had to. Ok let’s jump into it.
I followed your ADFS seriesand my Web Application Proxy cert is going to expire. I don’t see a GUI way to do update the cert like in ADFS. How do I do this?
In the ADFS server you have this nice menu.
But nothing today for WAP in the Remote Access panel.
We'll need to turn to PowerShell. First run the "Get-WebApplicationProxySslCertificate" command to get the current certificate hash.
Then we will want to copy the new cert(if you got it from a 3rd party) into the Local Machine Personal certificate store. Then get the thumbprint for this new cert in details.
Then run the Set-WebApplicationProxySslCertificate -Thumbprint "NewThumbprintWithNoSpaces"
Then re-run our first command to verify the correct thumbprint is listed.
That's all there is to it.
Can I specify a static internal IP address for a VM within Azure IaaS? If so how?
The answer is yes. One of the more recent additions (or enhancements, if you will) to Azure IaaS is the ability to specify a static IP address for an Azure VM. Prior to this enhancement, server roles (such as domain controllers that typically use static IP addresses) deployed in Azure IaaS could only use dynamic IP addresses, albeit with an extremely large lease lifespan in excess of 130 years. There are essentially two steps to assigning a static IP address
- Ensure that the IP address is actually available in the virtual network using the Test-AzureStaticVNetIP PowerShell cmdlet
- Assign a static IP address using the Set-AzureStaticVNetIP cmdlet
The following link discusses how to assign a static IP address to a newly created VM or to assign one to a previously created VM.
Configure a Static Internal IP Address for a VM
Is there a way I can view my O365 directory in my Azure Portal with my Microsoft account?
Yes! This one was troubling for me as well. The AD team bloggedabout this a while ago. Follow the 2nd example and you should be all set. Subscribe to their blog while you are at it.
My workstation deployments are done by a vendor in a remote location where we only have an RODC. How can we join workstations to the domain without opening up the firewalls to permit RWDC access?
You'll need to pre-create the computer objects on an RODC and use a script for the deployment. Ingolfur has a detailed article about the requirements here: http://blogs.technet.com/b/instan/archive/2008/08/13/troubleshooting-rodc-s-troubleshooting-domain-joins-against-rodc-s.aspx
-The X-files might be coming back. Nerds everywhere rejoice and cringe at the same time. The truth is still out there…on Netflix streaming so go catch up.
-Marvel has figured out a way to make the universe even more confusing with Secret Wars.
-Next Tuesday (Jan 27th) myself(Mark) and fellow nerd friends will be seeing Neil DeGrasse Tyson which I'm sure will be awesome. Tom is going Wednesday (Jan 28th) in Detroit. Say hi if you see us there. If you live in the USA do yourself a favor and see if he's coming to a city near you.
-Finally, two of our own are leaving the PFE ranks and joining the Surface product group. I want to send a big good luck to Joao Botto and Milad Aslaner. Don't forget our little blog all the way in Redmond. The phrase "The fox is in the hen house" comes to mind with those two. Good luck guys!
Mark 'made of stardust' Morowczynski, Tom 'More Scully than Mulder' Moser, and Lakshman 'secret superhero' Hariharan