Month: August 2016

Recover Windows service account passwords

Ever encountered the situation where you don’t know the password of one or more services running on your windows server? – Well I have, lots of time. Lack of documentation, lost people, lost passwords, typos you name it, I’ve seen it. By chance, I stumpled upon a few articles describing a seamless easy way to retrieve all these passwords and of course asked my good friend Mads Hjort Larsen to concoct a user friendly version of this script and so he did!

Now while this is a nice way to pull out lost service account passwords. It will also serve as a grand reminder about DO NOT use Domain Administrator accounts as service accounts. DO NOT use personal accounts for services. The passwords are really THAT easy to retrieve.
Dont trust me? – try it for your self, I dare you 🙂

http://madshjortlarsen.dk/decrypt-lsa-secrets/

Advertisements

Configure Azure Application Proxy application for CRM Internet Facing Deployment

The task was to configure an existing CRM IFD, with an existing ADFS / Azure Application Proxy infrastructure.

CRM IFD deployment was already working and implemented for internal access. What was missing was the external access through Azure Application Proxy.
Following this guide: https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-publish/
With the following configuration will get you there:

Note that once you have the CRM Internet facing deployment done, no changes are required on CRM or ADFS. The below is only the Azure Application Proxy configuration required for CRM internet facing deployment.

Logon to manage.windowsazure.com and create a new Application under Active Directory.
Important configuration is:
– External URL: You can use the same URL as internally, however make sure that CNAME record is created as well as certificate is uploaded. This is referred to as custom domain.
– Preauthentication Method: Passthrough
– Translate URL in headers: No

You need to add required CRM IFD service url’s:
organisation, authentication and/or discovery service as seperate applications.

References
https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-publish/
https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-custom-domains/
https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-claims-aware-apps/