Posted on

Register a web application with Azure AD Portal App Registration to connect to a Microsoft 365 tenant

PowerShell Limits

Through Powershell it is possible to connect to a Microsoft 365 tenant to perform operations on users, groups and any other element of the tenant. When you use this tool, Powershell presents you with the mask for entering your account and password. You can write accounts and passwords directly in the Powershell script but it would be a serious security compromise.

Application

An alternative is to build a software that connects directly to the Tenant through customized keys present in the Tenant itself. In other words, it is necessary to communicate to the Tenant that there is a certain application that is authorized to access the Tenant. Furthermore, for each operation that you want to perform on the Tenant it is necessary to specify the appropriate permissions. To create these applications, we recommend that you follow the excellent tutorial “.Net Core console application for calling Microsoft Graph“.  This post proposes the images present in the previous tutorial only to specify how the application must be prepared on the Microsoft Tenant.

Register a web application with Azure AD Portal App Registration

Open a browser and navigate to the Azure Portal. Login using your account. Select the resource “Azure Active Directory”. On the left side menu, select “App regitstration”. Click New registration from the current page.

On the Register an application page, specify the following values:

  • Name = Name of your Application
  • Supported account types
  • Redirect URI
    • Type = Web
    • Value = https://localhost:8080   (*)

(*) The Redirect URI value must be unique within your domain. This value can be changed at a later time and does not need to point to a realy hosted URI.

It is now necessary to store 2 values that will be used in your application:

  • Application (client) ID
  • Directory (tenant) ID

Certificates & secrets

Click Certificates & secrets.

  1. Click New client secret.
  2. On the Add a client secret dialog, specify the following values:
    • Description = Your secret’s description
    • Expires = In 1 year (for example)
  3. Click Add.

After the screen has updated with the newly created client secret copy the VALUE of the client secret. This secret string is never shown again, so make sure you copy it now.

API permissions

Click API permissions.

  • Click Add a permission
  • On the Request API permissions panel select Microsoft Graph.

  • Select Application permissions.

Now you have to choose between the permissions to authorize your app. For example, to create an application to read alla information about Tenant’s users, in the “Select permissions” search box type “User”.Select User.Read.All from the filtered list. At the end, on the API permissions content blade, click Grant admin consent for the Tenant.

Summary of the data necessary for the application

Let’s see what data your application needs to connect and operate on the Microsoft Tenant.

  • applicationId = “xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”;
  • applicationSecret = “xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”;
  • tenantId = “xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”;
  • redirectUri = “https://localhost:8080”;
  • domain = “yourtenant.onmicrosoft.com”;

Permissions

  • User.Read.All : Read all users’ full profiles
  • User.ReadWrite.All : Read and write all users’ full profiles
  • Group.ReadWrite.All : Read and write all groups
  • Notes.ReadWrite.All : Read and write all OneNote notebooks

Documentation

Posted on

Apache on Windows – AH00072: make_sock: could not bind to address [::]:80

Scenario

On your Windows computer, Apache does not start. Go to the event viewer and find the event with error:

AH00072: make_sock: could not bind to address [::]: 80

Problem

The problem is that an application is using the same port 80 as your site on Apache. How to find out what this application is?

Open the command prompt (cmd). Type

netstat -ano

You see all open ports on your computer used by applications. Find the line that (in this case) is about port 80. The PID column shows the number of the program that is using your port.

Open task manager, in the tab “Details” through the PID column you will find the program that is using your port.

Solution

You have 2 possibilities: either stop the program or, if you need the program, change the port used by this program, if possible, or the one used by Apache.

If the program you found through the PID is System, it means that Windows itself is blocking the door. Open the services and you need to stop the “World Wide Web Publishing Service” service. You will also have to set the start in manual, if instead it were in Automatic, because otherwise the next day the problem would reoccur.

Posted on

Windows server – Active Directory – useful links

Move active directory roles from a domanin controller ti another

VERIFICARE E MODIFICARE I RUOLI FSMO DI UN DOMINIO WINDOWS

Backup Domain Controller

Aggiungere un Backup Domain Controller ad un dominio Active Directory esistente

Installing licenses for Remote Desktop

Licensing Mode for Remote Desktop Session Host is not Configured

Modalità gestione licenze di Desktop remoto non configurata

Posted on

iis error 0x80070021 on web.config

This error occurs when installing a site locally with IIS on a windows 10 or a windows 8.1. It is not excluded that it can also occur on server operating systems.

Error Details

Module :IIS Web Core

Notice: BeginRequest

Handler: Not yet determined

Error: 0x80070021

Configuration error: This configuration section can not be used in this way. This happens when the section is locked at the parent level. Locking is either by default (overrideModeDefault = “Deny”), or installed directly by the tag location with overrideMode = “Deny” or inherited property allowOverride = “false”.

The configuration file
\\?\C:\inetpub\wwwroot\test\web.config

Physical Path
C:\inetpub\wwwroot\test\miofile

Logon Method: Not yet determined

Users who have logged on: yet to be determined

SOLUTION

You also need to install .NET and the IIS development tools

or

Posted on

Installing Windows 2019 server on HPE server

Entering Intelligent Provisioning on the HPE server you realize that you can only install from CD ROM. But you haven’t mounted the CD player on your server.

With your iso create a bootable usb using for example Rufus. Does not work!

Download the “USB Key Utility” from the HP site to create a bootable USB with HPE specifications. Does not work!

What to do ?

The solution is very simple but poorly documented.

Solution

From your computer, go to the ILO page of the HP server. To do this you need to connect the server’s ILO port (it is a particular ethernet port) to the network. Turning on the server, if a DHCP server is active in your network, when you turn on the machine you will see, at the bottom, the ip address assigned to ILO. If a DCHP server is not active you will have to put a static ip by going to the utilities (button F9).

On the case of your HPE server there is a sticker with the password to access the ILO. Connect from your computer with a web browser to the ILO IP. The user is “Administrator”. Log in.

In this example I am using ILO 5.

On the left click on “Remote Console”.

A page appears from which you can open server management consoles, using different technologies. I’m using HTML 5. After the console opens, you have a button with a circle at the top. You can select your iso file which will be mounted on the server CD / DVD.

At this point you can restart the machine. To do this, you can send the ALT + CTRL + DEL command via the Remote Console keyboard.

When you reboot the server your iso will be mounted on CD / DVD and you can start the installation via Intelligent Provisioning.

Posted on

Error “CredSSP” Error using rdp on Windows Server 2012 R2

Scenario

You are trying to connect via rdp to windows server 2012 r2 and you receive this error :

An authentication error has occurred.
The function is not supported.
Remote Computer: your hostname
This could be due to CredSSP encryption oracle remediation.

Solution

Download and install KB4103725 form Microsoft Update Catalog

After installing you need to restart the server.

Posted on

Fix Windows Update errors

Open Start, type: CMD
Right click CMD
Click Run as administrator

Type each of the following then hit Enter

taskkill /f /fi "SERVICES eq wuauserv" (Do this multiple times)
net stop cryptSvc
net stop bits
net stop msiserver
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
rmdir C:\Windows\SoftwareDistribution\DataStore
rmdir C:\Windows\SoftwareDistribution\Download

When complete, hit Enter, then restart, then try updating again.

If that does not work..

1. Open Start, type: CMD
Right click CMD
Click Run as administrator

Type each of the following then hit Enter

Run these codes:

Net Stop bits
Net Stop wuauserv
Net Stop appidsvc
Net Stop cryptsvc
Ren %systemroot%\SoftwareDistribution SoftwareDistribution.bak
Ren %systemroot%\system32\catroot2 catroot2.bak
Net Start bits
Net Start wuauserv
Net Start appidsvc
Net Start cryptsvc

After running these commands, check if your issue is fixed.