All about Information Technology infrastructure and system. Helpdesk & support issue, deployment guide, and daily activity in managing an information technology operation.
Search This Blog
Saturday, March 11, 2023
Cannot Delete DNS Zone - Access was Denied
How to Fix "Trust Relationship Failed" error without Rejoin Domain
Description:
One of your users suddenly sees the error message "Trust Relationship Between This Workstation And The Primary Domain Failed" when trying to logon to their machine.
You have verify the Computer Account is exist on Active Directory. DNS settings are properly set and there's no problem with port or networking.
You wish to remediate the issue without having to disjoin and rejoin the computer to the domain.
Resolution:
On the problematic machine, logon using local admin credential. Open PowerShell and run as Administrator.
Type the following:
Reset-ComputerMachinePassword -Server DomainController -Credential
DomainAdmin
If the command completed successfully, logoff and try to logon again.
Sunday, March 5, 2023
Migrate from Windows Hello to Windows Hello For Business (WHFB)
You have deployed Windows Hello in the past to several machines in the organizations. Recently you got direction from Management to deploy Windows Hello For Business (WHFB) for your organization.
You have enable the Hybrid Cloud Kerberos trust and the configured required group policy. However, on the test machine, no WHFB got the prompt for provision. You have try to restart and make sure the WFHB group policy apply correctly.
Go to "Computer Configuration\Administrative Templates\System\Logon\Turn on convenience PIN sign-in". Make sure it is Disabled.
Multiple Prompt when creating Azure AD Kerberos Server object
Description:
You want to Deploy Windows Hello For Business with Hybrid Cloud Kerberos type in your environment.
You have met all the require prerequisites. However when trying to create Azure AD Kerberos Server object using below PowerShell command you encounter multiple prompt asking for Azure AD credential.
# Kerberos Server object will be created in this Active Directory domain.
$domain = $env:USERDNSDOMAIN
# Enter an Azure Active Directory global administrator username and password.
$cloudCred = Get-Credential -Message 'An Active Directory user who is a member of the Global Administrators group for Azure AD.'
# Enter a domain administrator username and password.
$domainCred = Get-Credential -Message 'An Active Directory user who is a member of the Domain Admins group.'
# Create the new Azure AD Kerberos Server object in Active Directory
# and then publish it to Azure Active Directory.
Set-AzureADKerberosServer -Domain $domain -CloudCredential $cloudCred -DomainCredential $domainCred
Resolution:
Make sure the Azure AD Global Administrator account that you are using during configuration are not included in any of Azure AD Conditional Access rules. You may also need to close the previous PowerShell session and try again.