Month: December 2015

Exchange 2013 OWA/ECP < - > ADFS Authentication

adfs-logo

呢個Topic,自己絕對會評定為今年做過,繼多年前SharePoint 2010後,最難,最好玩嘅一樣。

基如ADFS 3.0已有,拍Microsoft O365/Azure 嘅SSO 亦係兩日內起身。諗唔出有啲咩理由唔去做埋佢

ADFS30

 

整個setup進行左三日.當中要提最難,係一路失敗當中research / adjustment.

而令到咁長時間嘅原因係以下……

1. Exchange Server 2013:避免問題(亦發現太耐無更新,由SP1 upgrade 去 CU10)

2. ADFS Server Signing Token Certificate : 絕對係一個意外收穫嘅做法。 同時亦證明只需要Update Azure AD 一次就得,唔會影響舊有 Federation Trust

“Update-MSOLFederatedDomain –DomainName”

https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-o365-certs/

http://hazelnest.com/blog/blog/2015/07/05/exchange-2013-using-adfs-to-authenticate/

http://nikpatel.net/2014/12/22/renew-expired-adfs-token-certificates-for-adfs-2-0-and-sharepoint-2013-on-premises/

3. Exchange Server Internal/External Url : Reference URL 無一個係用 .local Domain……而係Exchange configure ECP/OWA (一定要 ECP 先, OWA 後)用ADFS 前。

$uris = @(” https://mail.contoso.nl/owa”,”https://mail.contoso.nl/ecp“)
Set-OrganizationConfig -AdfsIssuer “https://adfs.contoso.nl/adfs/ls/” -AdfsAudienceUris $uris -AdfsSignCertificateThumbprints “FD6C58A0589F398FBDAE144EA0A1A1EDC718EC11“

Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -AdfsAuthentication $true -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false -WindowsAuthentication $false
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -AdfsAuthentication $true -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false -WindowsAuthentication $false

兩者define 嘅URL 一定要係Internal。不然就係失敗收場…………IMG-20151207-WA0000

 

 

 

 

 

Reference

http://nilsvanwoensel.azurewebsites.net/?p=137

PS.。 後話… 基於比M$ 班人挑機話ADFS Server 唔用埋MFA 唔Pro。 下一個大Change就係 Azure MFA On Premises Server with ADFS

Windows 10 Start Button 死直實錄

Win10

如果有一日你用Windows10嘅時候,  Click Start button無反應 , 甚至出?Critical Error:  Your start menu isn’t working.  We’ll try to fix it the next time you sign in.  ”

Windows10_Critical

恭喜你, 你都遇到呢個目前無得救嘅問題。 唯一期待你自己有enable System Restore。
我自己遇過三次,頭兩次Win 10 Reset…. 第三次System Restore 解決。。。 M$!@#$%?&*()

http://answers.microsoft.com/en-us/windows/forum/windows_10-update/win-10-critical-error-your-start-menu-isnt-working/4e89669d-9a26-48f3-8762-d425cb4eb7d5?auth=1

SharePoint 2013 My Site Host setup

index

超級難,同以往係SharePoint 2010 做嘅setup 大大不同。
參考Reference如下。

係開始 config 前需必須要 Meta Data Service 同 User Profile Synchronization  Services Start起

https://technet.microsoft.com/en-us/library/gg750257%28v=office.14%29.aspx#farmAcct

My Site Host Setup

https://technet.microsoft.com/en-us/library/ee624362.aspx#timerjobs

http://thuansoldier.net/?p=2326

http://community.bamboosolutions.com/blogs/sharepoint-2013/archive/2013/02/11/how-to-configure-my-site-in-sharepoint-2013.aspx  – Most details

http://blog.sharedove.com/adisjugo/index.php/2012/07/25/visual-guide-setting-up-my-sites-in-sharepoint-2013/

My Site Host 嘅Document Library 係咪integrate 去 One Drive 有待測試….

亦再次忘記唔應該用 site root level…