hochwald.net About DevOps, PowerShell and more

A while ago, I posted an article about the configuration of Exchange to use ADFS Authentication. Here an update what to do if you see the following error: https://owa.contoso.com/owa/auth/errorfe.aspx?msg=WrongAudienceUriOrBadSigningCert???

Check that you that you have the correct certificate:

Get-ADFSCertificate Token-Signing | Select-Object Thumbprint

You might need to import the Certificate above: adding the AD FS token signing certificate to the Exchange Server(s)’s trusted root (not my) certificate store makes this work almost immediately.

If you still see the error, you might need to tweak the URLs a bit. I was told the following could solve issues with ADFS 4 and the latest Exchange 2013 CUs and/or Exchange 2016:

$uris = @('https://OWAHOST/owa/', 'https://OWAHOST/ecp/', 'https://OWAHOST/owa', 'https://OWAHOST/ecp')
Set-OrganizationConfig -AdfsIssuer 'https://ADFSHOST/adfs/ls/' -AdfsAudienceUris $uris -AdfsSignCertificateThumbprint 'THUMB'
Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -AdfsAuthentication $true -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false -WindowsAuthentication $false
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -AdfsAuthentication $true -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false -WindowsAuthentication $false -OAuthAuthentication $false

This is different to the official Microsoft documentation! However, some found this by tracing the traffic.

I published a new Gist for that.

Exchange Server

I shared my experience with Exchange 2016 on Windows Server 2016 in the last few weeks.
The most annoying problem, in my opinion, is the Get-Help Issue! I must admit, that I use Get-Help a lot, mostly because the Help is great and why remember every option if you can use Get-Help?

Nevertheless, there is a workaround!

Open a PowerShell Session (On the Exchange Server, or remote) and then type this:

add-pssnapin -name Microsoft.Exchange.Management.PowerShell.SnapIn

Read More

I decided to install a dedicated Piwik Instance to do some tests. I respect your privacy; Piwik is configured to Anonymize most data (especially the IP addresses), and it respects the “Do Not Track” preferences of your browser if present.

At the moment, the Piwik installation is just active to run some tests! Let’s call it a beta.

Read More

I tweaked this site a bit. The load should be faster, and the caching should be more effective.
As some might saw today, I ended up in an error 500 series and sometimes in a redirection loop. That should be fixed.

If you find any issues, please report them in the comments below or just contact with me.

Exchange Server

A while ago, I published an article about my experience with Exchange 2016 so far. Here is a minor update. Since my post, I found another Issue: The Exchange servers seemed to hand during a restart (reboot)!
We applied some patches on Monday and my two (2) servers hang during the restart. The RDP Session was terminated, but then nothing happened. I waited nearly an hour per node, but nothing happened. Even the local console (Via Hyper-V) was unresponsive. Only a hard Power Cycle fixed my issue.

The Patch was applied successful, so I decided to restart both nodes again today, but I had the same issue again.

Read More