Author Archives: jonsonyang

ADFS Cert Best Practices – unspoken

Hashing algorithms: SHA-256 Key size: 2048 bit Private Key generation process: Make sure you select the Legacy key template on domain-joined devices; it is not the default option. AD FS Token Signing and -Decrypting Certs for a longer lifetime: 3 … Continue reading

Posted in AD | Leave a comment

AD – NTLM Blocking and Pass-through Auth

NTLM Blocking Windows Server 2008 R2 and Windows 7 restricts NTLM authentication usage out of the box. This feature is known as NTLM blocking. NTLM blocking prevents NTLM from being used for authentication Pass-through Authentication The NetLogon service is responsible … Continue reading

Posted in AD | Leave a comment

AD – Cross domain vs Kerberos

Conditions for Kerberos to be used over an External Trust Interactive logon across external trusts will attempt Kerberos. On Windows XP and Windows Server 2003, NTLM will be tried if Kerberos fails. Windows Vista and newer operating systems will not … Continue reading

Posted in AD | Leave a comment

AD – Cross Domain Authentication – samAccountName vs userPrincipalName

Encounter 2 issues w/o no answer yet – related to SAM but not UPN a. User from Domain SG is able to login to the PC’s in Domain HK using SAM account, but can’t change the password. b. User from … Continue reading

Posted in AD | Leave a comment

AD Upgrade – Configuring DFSR to a Static Port ?

Working on the FW ports for the project, and noted that Microsoft confuses IT guy again – DFSR port In reference 1, Microsoft mentioned that TCP 5722 is for “RPC, DFSR (SYSVOL)” and this article is applied up to W2K12 … Continue reading

Posted in AD | Leave a comment

ESX 5.5 – OVA Error “The operation is not supported on the object”

Export VMs OVA from v5.5.0 (3248547), and Deploying OVA into v5.5.0 (3000241) but fails with “Failed to Deploy OVF/OVA package: The operation is not supported on the object”, the root cause is due to the video card settings, funny! Reference … Continue reading

Posted in VMWare | Leave a comment

AD Upgrade – Domain Controller Stickiness Prevention

This will help on the site migration  Domain Controller Stickiness Prevention

Posted in Uncategorized | Leave a comment