Search This Blog

Tuesday, December 28, 2021

Microsoft Defender for Identity sensor installation failing - error code 0x80070643

Description:

You are trying to install Microsoft Defender for Identity sensor on a Domain Controller. The Domain Controller need to use proxy to communicate to the internet. You've enter the correct proxy setting on the Domain Controller system setting. And you've make sure the required communication port (443) are already open from Domain Controller to *.atp.azure.com. However you still got stop error 0x80070643.

Resolution:

Configure the proxy setting using registry. You must copy the proxy configuration that you use in user context to the localsystem and localservice. To copy your user context proxy settings:

  1. Make sure to back up the registry keys before you modify them.

  2. In the registry, search for the value DefaultConnectionSettings as REG_BINARY under the registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings. Export all the value inside the Connections key.

  3. Open the exported file and edit the location to become HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings. Save the first copy of the file.

  4. Double click the new file to import the value from the Current_user DefaultConnectionSettings to LocalSystem.

  5. After that, open the exported file and edit the location to become HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings. Save the second copy of the file.

  6. Double click the second file to import value from the Current_User DefaultConnectionSettings to LocalService.

  7. Close the registry editor.

Try to re-run the installation process again.

Cannot Re-Install NPCAP

Description:

You are trying to re-install NPCAP as part of Microsoft Defender for Identity Sensor deployment on a Domain Controller. However you got stuck uninstall error problem.

You have try to remove the registry from Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst. However the problem still exist.

Resolution:

Search for possible services that were using NPCAP. Example is Wireshark or Cisco Tetration. Stop those services and try to re-install NPCAP again.

Friday, December 17, 2021

Fixing Error nvlddmkm.sys on Event Viewer

Description:

You are using Nvidia GPU. And sometimes you saw nlddmkm.sys error in the event viewer. The GPU is crash and cannot restart normally.

Resolution:

Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers

Add new Dword record. Enter TdrDelay as the name of the new DWORD. Set its Value Data to 8.

Click OK and close Registry Editor. Restart the Server.

Note:

If you still experiencing nlddmkm crash error after this, you may need to upgrade or downgrade your NVDIA Graphic driver. Version 472.12 seems to provide more stabile result.

Thursday, December 9, 2021

Azure B2B Script to create Guest On-Prem Active Directory Account is Not Working

Description:

You are configuring Azure B2B to allow external users to access your on-premise application securely.
You have configure the Azure B2B setting and have publish the on-premise application using Azure AD Application Proxy. Now you want to use the Azure B2B script to create the Guest account in on-premise Active Directory automatically. 
You downloaded the script from https://www.microsoft.com/en-us/download/details.aspx?id=51495. 
However when you run it, you saw some error and the users never get created in on-premise Active Directory. 
During troubleshooting, you found out that the script has not enough application permission to connect or query to Azure AD. You even triple check the API permission, but cannot found the cause of the error.

Resolution:

The "AppProxy-GuestAccountCreation-v1.0.3.ps1" script is not updated. PowerShell script still uses deprecated Azure AD Graph API instead of MS Graph API. 
You can download the updated script from https://github.com/MicrosoftDocs/azure-docs/files/7090340/AppProxy-GuestAccountCreation-v1.0.3.txt.
Make sure you install Microsoft Graph PowerShell SDK prior to executing the script.

Error when using PowerShell Connect-MgGraph not recognized

Description:

You already install the Microsoft Graph PowerShell SDK on your machine. However when trying to run a script that has "Connect-MgGraph" command, you encountered not recognized cmdlet, function, script  error. You have also restarted the machine and make sure the Microsoft Graph Module was loaded.

Resolution:

There might be some conflict between Microsoft Graph module and other module on your machine. The possible conflict are with Azure AD or MSOnline modules.

Try to install the Microsoft Graph PowerShell SDK on other machine which has minimum or has only the default PowerShell module.

Search Google