SharePoint Stuff



Author Archive

Luke Smith

I’ve been working with Microsoft Technologies for over 20 years, my main focus now being Microsoft Online Services. I manage the Cloud Services at ElysianIT Limited and as a P-SELLER at Microsoft. I have worked with many organisations from SMC to Enterprise. I’ve been working with Microsoft Technologies since DOS 5.0, to date I have been working on Microsoft’s latest cloud technology Windows Azure, Windows 10 Office 365 and Microsoft SharePoint

Azure Gateway – Point-to-Site Windows VPN Client – Error processing ID payload

Written by Luke Smith. Posted in Uncategorized

Issue

You have configured a Point-to-Site VPN on the Azure Gateway

The Azure Gateway also has Site-to-Site Connections using BGP or Static Routes

The Point-to-Site is configured for SSTP and IKEv2

You configure the VPN and notice that only SSTP is used and when trying to manually set IKEv2 the client fails with the following error:

“Error processing ID payload”

Resolution 1

First check how many routes are being published on the VPN

  1. Select an Azure VM > Select Network > Select Network Card > Select Effective Routes
  2. Count the number of Routes

If you have more than 25 routes (published on the VPN) you will need to limit the routes by summarizing them below 25 routes.

The Windows VPN Client built into Windows 10 (1607 and above) doesn’t support more than 25 routes hence they this fails.

If you are not able to limit these routes you will need to Use SSTP

NB: SSTP only allows 128 concurrent connection

Resolution 2

If you are running Windows 10 builds 1607-1709 update to the latest windows 10 build or apply the following changes\fixes:

Install the update.

OS version

Date

Number/Link

Windows Server 2016

Windows 10 Version 1607

January 17, 2018

KB4057142

Windows 10 Version 1703

January 17, 2018

KB4057144

Windows 10 Version 1709

March 22, 2018

KB4089848

Set the registry key value. Create or set “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\ IKEv2\DisableCertReqPayload” REG_DWORD key in the registry to 1.

Resolution 3

If you are running Windows 10 builds below 1607 you will need to update to the latest windows 10 build

Microsoft Cloud App Security (CAS) and Squid

Written by Luke Smith. Posted in Microsoft

The below are the high level steps to configure squid syslog to Microsoft Cloud App security using the CASCollector (an ubuntu vm which runs on Azure\Hyper-V\AWS)

Install CAS Collector

Follow steps here: https://docs.microsoft.com/en-gb/cloud-app-security/discovery-docker-ubuntu-azure

Summary of commands below which are run on the CASCollector Ubuntu server

sudo -i

curl -o /tmp/MCASInstallDocker.sh https://adaprodconsole.blob.core.windows.net/public-files/MCASInstallDocker.sh && chmod +x /tmp/MCASInstallDocker.sh; /tmp/MCASInstallDocker.sh

(echo cb83b3f208347603e38ea2816c7503ec257159001225001c2b8efa6e06f49951) | docker run –name CASLogCollector -p 514:514/udp -p 21:21 -p 20000-20099:20000-20099 -e “PUBLICIP=’10.10.10.12′” -e “PROXY=” -e “SYSLOG=true” -e “CONSOLE=cas.eu2.portal.cloudappsecurity.com” -e “COLLECTOR=CASLogCollector” –security-opt apparmor:unconfined –cap-add=SYS_ADMIN –restart unless-stopped -a stdin -i microsoft/caslogcollector starter

sudo docker logs UKADLogCollector

Confirm it is running

Install IP Traffic monitor (to review incoming syslogs)

On the CASCollector Ubuntu server
Sudo apt-get install iptraf

Setup SQUID (note squid 2.7 at minimum is required for syslog support)

Open Squid.config and make sure the following 2 entries exist

access_log C:/ClientSiteProxy/var/logs/access.log squid
access_log udp://172.18.1.150:514 squid

Save the file and then restart the squid service

The “squid” value at the end of the path sets the format to native, Microsoft CAS (out of the box) supports Native and Common, customised formats can be created but we are keeping this simple.

Make sure the CAS data source is selected with the format Squid (Native)

Troubleshooting

Review “sudo iptraf” network traffic and confirm you can see the incoming UDP traffic on the log collector
Review the governance logs from the CAS portal (gear icon > governance log)
Install a separate syslog receiver test tool (confirm syslog traffic is appearing)
Install a separate syslog transmitter test tool (confirm syslog udp traffic is appearing)

NB: this article relates to squid 2.7 or above and Symantec client site proxy (was known as messagelabs)

How to list Exchange Online Dynamic Distribution Group members

Written by Luke Smith. Posted in Microsoft

The below will allow you to list the members of a dynamic distribution group

Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

$DDG = Get-DynamicDistributionGroup "My DL Name"
Get-Recipient -RecipientPreviewFilter $DDG.RecipientFilter -OrganizationalUnit $DDG.RecipientContainer

Remove-PSSession $Session