May | 2014 | Tom's Notes

Adventure of installing the Windows Azure Active Directory Module for PowerShell

By Tomica Kaniski in Other 28/05/2014 0 Comment

Well, you know the story – “something needs to be done immediately, usually in the middle of the night, involving PowerShell, and you don’t have all the needed modules installed…”.

The solution seems easy enough – install the required modules, connect to Office 365 and do the job. Yeah… but no! Smile

More specific – I’ve tried to install the Windows Azure Active Directory Module for Windows PowerShell the other night. In the end, I’ve succeeded, but something kept me awake a little longer than necessary.

I’ve read an article on TechNet, explaining the management of Azure Active Directory using PowerShell. Why? Because I couldn’t do what was needed via the (nice) user interface.

So, instructions said “Install the Windows Azure AD Module” – I’ve downloaded the appropriate installer (Windows Azure Active Directory Module for Windows PowerShell (64-bit version)), and started the installation.

Almost immediately, I’ve got an error saying that the Microsoft Online Services Sign-In Assistant (version 7.0 or greater) needs to be already installed. OK, I’ve downloaded this piece of software as well (from here), and installed it. “Fortunately” it demands a machine reboot. Rebooted.

Now I’ve tried to install the Windows Azure AD Module again, and got the same error:

I must say that I’m little confused at this point, because I was convinced that I’ve installed this just a minute or two ago. Ok, it’s late. No big deal – I’ve ran the installation again, and got the following screen:

So, it is installed after all. Maybe it’s the wrong version (on the other hand, the TechNet article contains the link to download)? After a few moments of searching, I’ve found the more recent version of this Sign-In Assistant, called Microsoft Online Services Sign-In Assistant for IT Professionals BETA. I’ve installed this version now, and tried to install the Windows Azure AD Module afterwards. Now it finally worked!

The conclusion – this TechNet article is slightly out-of-date (linked to the wrong version of the Sign-In Assistant, which doesn’t work with the current version of Windows Azure AD Module) and, until this is resolved, you’ll need to install the BETA version from the link provided above (this one).

Cheers!

New novel on the horizon…

By Tomica Kaniski in Other 21/05/2014 0 Comment

Mark Russinovich has a new book! Smile

It’s a novel called Rogue Code, third one in the Jeff Aiken series (following the great “Zero Day” and “Trojan Horse” novels), and this one is about the breach in the New York Stock Exchange. How cool is that???

I must say that I’ve really enjoyed reading the first two novels, so I can’t wait this one to arrive. Well, I love to read… and not only the “technical stuff”. I’m also happy that I’ve got the first novel (from and signed by Mark personally – thanks again, Mark).

You can find more details and pre-order/order info here.

Happy reading!

P.S. Mark, keep them coming! Smile

P.P.S. If you have something to read, please, send it over here… Smile

UPDATE (June 18th, 2014): It’s here! Smile I’ve received my copy today – can’t wait to start reading!

Installing the KB2920189… successfully!

By Tomica Kaniski in Other 19/05/2014 1 Comment

The other day, I’ve written about an issue with installation of update KB2920189 for Windows Server 2012 R2 (post called [TIP] Latest “Patch Tuesday” & errors installing update). So, the problem I was facing was failing installation on Generation 2 virtual machines, with Secure Boot enabled.

Actually, you can overcome this problem easily by reading the documentation before it happens or… with PowerShell after (OK, you can use GUI also, but who uses it nowadays?)! Smile

As I’ve already mentioned, all you need to do is just one thing – install the BitLocker feature on your server.

Install-WindowsFeature BitLocker –Restart

1	Install-WindowsFeature BitLocker –Restart

(yes, “-Restart” is optional – if you want, you can restart your server manually, of course)

After that, BitLocker is installed, and you can successfully install the KB2920189 also.

Second (not official) approach on installing this update on Generation 2 virtual machine, as I’ve written in the mentioned post, is to uncheck Secure Boot, install the update, and then check the Secure Boot option again.

This can be easily done using the following script:

# stopping the VM 
Stop-VM "MyVirtualMachine" 
# disabling Secure Boot 
Set-VMFirmware -VMName "MyVirtualMachine" -EnableSecureBoot Off 
# starting the VM back again 
Start-VM "MyVirtualMachine"

# stopping the VM

Stop-VM "MyVirtualMachine"

# disabling Secure Boot

Set-VMFirmware -VMName "MyVirtualMachine" -EnableSecureBoot Off

# starting the VM back again

Start-VM "MyVirtualMachine"

We can now install this “problematic” update as the Secure Boot feature is disabled:

# once again, we are stopping the VM 
Stop-VM "MyVirtualMachine" 
# enabling Secure Boot 
Set-VMFirmware -VMName "MyVirtualMachine" -EnableSecureBoot On 
# and starting the VM 
Start-VM "MyVirtualMachine"

# once again, we are stopping the VM

Stop-VM "MyVirtualMachine"

# enabling Secure Boot

Set-VMFirmware -VMName "MyVirtualMachine" -EnableSecureBoot On

# and starting the VM

Start-VM "MyVirtualMachine"

…and Secure Boot is enabled again (“nothing” happened)!

Of course, you can do all of this manually, but then again – why do we have PowerShell? Smile

Cheers!

P.S. I’m no PowerShell expert… just like to automate some things. Smile

Issue with Visual Studio 2013 Update X

By Tomica Kaniski in Other 16/05/2014 0 Comment

After installing Visual Studio 2013 with Update 1 (or Update 2 RC; maybe also the RTM version – haven’t tried that one), you may be getting an error saying “The User Profile Service service failed the sign-in. User profile cannot be loaded.”, following an unsuccessful login.

ISSUE:
During Windows login, user gets an error saying “The User Profile Service service failed the sign-in. User profile cannot be loaded.”. After that, user is unable to login successfully. This was happening to users logging in for the first time (local of domain, doesn’t matter).

Although I’ve seen this error mostly with Windows 8.1 clients, other versions may be getting the same error, because this seems to be Visual Studio issue.

RESOLUTION/WORKAROUND:
After little “digging”, I’ve noticed the following (warning 1509, errors 1511 and 1500):

It looks that Windows cannot copy some files from the Default user profile (warning 1509) which finally made the user unable to login (error 1500). So, I went to the folder in question (C:\Users\Default\AppData\Local\Microsoft\VSCommon\12.0\SQM), and checked the permissions:

After that, I’ve added full permissions to the Everyone group on this folder, subfolders and files (I know – it’s not the security best practice, but… ), and then it worked – user logged in successfully.

As far as I’ve observed – with Update 2 (clean install), this folder is empty (there are no .sqm files in it – I’m not really sure what was their purpose), so this issue shouldn’t be happening anymore.

Have a great weekend!

P.S. I’m strongly encouraging you to install Update 2.

Latest “Patch Tuesday” – errors installing update

By Tomica Kaniski in Other 15/05/2014 1 Comment

Latest “Patch Tuesday” (May 13th, 2014) has brought us a pack of updates (you can read all the details about them here and here), but one of them was making trouble for me. The update I’m talking about is called “Security Update for Windows Server 2012 R2 (KB2920189)”. You can read more about this update in KB2920189.

I’ve tried to install it on a number of my Hyper-V virtual machines (Generation 2), but the update keeps failing with error 800F0922:

ISSUE:
This error and its cause is described in KB2962824. In short, this update expects that the BitLocker feature is installed (not enabled or used, but installed) – in my case, the problem was Secure Boot, which is enabled by default on Generation 2 virtual machines.

RESOLUTION/WORKAROUND:
You can install the BitLocker feature on your Windows Server 2012 R2 servers before installing this update, or you can switch the Secure Boot off, install the update and switch it back on (I’ve decided to do the latter).

After switching the Secure Boot off, installing the update and switching it on again, the update installed successfully:

Have fun!