Intro I was working together with Microsoft support on a customers Active Directory, where users was unable to authenticate towards DFS namespaces, applications and SQL server services within the domain. the domain span across 5 domain controllers throughout the world. the customer first saw the issue then introducing new domain controllers to the domain, where …
Continue reading Active Directory – The Kerberos client received a KRB_AP_ERR_MODIFIED error – RC4 hardening misconfiguration
Author:Christoffer Klarskov Jakobsen
Azure Local – Windows Admin Center (Preview) – Azure Portal – Howto and troubleshooting
Microsoft have a complete guide on how to deploy Windows Admin Center from Azure Portal (still in preview), to Azure Local stack. It can be found here: Manage Azure Local clusters with Windows Admin Center in Azure (preview) | Microsoft Learn 24-05-2025: Microsoft issues statement that versions from 0.49.0.0 to newest 0.54.0.0 does not work …
Continue reading Azure Local – Windows Admin Center (Preview) – Azure Portal – Howto and troubleshooting
Azure Local – Network ATC – Stuck in validation mode
Source article: https://learn.microsoft.com/en-us/powershell/module/networkatc/update-networkatc?view=windowsserver2025-ps I have worked with a customer that was upgraded from Azure Local 22H2 to 23H2. After upgrade and after configuring Network ATC Intents, we could not continue to solution upgrade because Network ATC Intents was switching between configured/success and validating, for both compute_management and storage intents. After customer worked with Microsoft support, …
Continue reading Azure Local – Network ATC – Stuck in validation mode
Azure Local – Create Network ATC Intent
To create a Network ATC Intent via PowerShell (either for the first time, doing upgrade from 22H2 til 23H2 where Network ATC was not configured, or doing troubleshooting), we can create it with PowerShell. Prepare If the Intent is already present, make sure to remove it from the node first. If you not want to …
Continue reading Azure Local – Create Network ATC Intent
Azure Local – Lenovo – Firmware and driver patching
Intro It is VERY important to keep physical nodes in an Azure Local Stack up to date with the latest firmware and driver patches. Failing to do so, can lead to network and storage issues within the stack. On Lenovo servers, all nodes within the stack can be updated using Windows Admin Center and the …
Continue reading Azure Local – Lenovo – Firmware and driver patching
Azure Local – Recreate VM switch for Network ATC Intent
This article contains commands for recreating a VM switch with VM Switch Embedded Team for the Converged Switch for management and compute. This assumes that management and compute is combined in the same Network ATC Intent on your cluster. Normally this is not something you would do, but if you see issues or errors like …
Continue reading Azure Local – Recreate VM switch for Network ATC Intent
Email Communication with Azure Communication Services
Intro Sending emails from an application can be very useful. There are also other scenarios where Azure Communication Services can be very useful to implement, e.g. when moving from Exchange Online Basic Auth which Microsoft will retire by September 2025. Key considerations Sending rate limits Microsoft informs about the initial rate limits for the service …
Continue reading Email Communication with Azure Communication Services
Microsoft Global Secure Access – Private Access – Part 6 – Additional Conditional Access Policies
This article is part of a series: Microsoft Global Secure Access – Private Access – Christoffer Klarskov Jakobsen – Microsoft Architect Intro Target applications are subject to the Conditional Access policies that the user attempting to access the application is already subject to. However, there may be situations where you want to add additional protection …
Continue reading Microsoft Global Secure Access – Private Access – Part 6 – Additional Conditional Access Policies
Microsoft Global Secure Access – Private Access – Part 5 – Bypass GSA on local corporate network with direct access to target applications
This article is part of a series: Microsoft Global Secure Access – Private Access – Christoffer Klarskov Jakobsen – Microsoft Architect Intro Global Secure Access protects applications much more effectively and securely than traditional VPN solutions. When using conditional access together with global secure access, zero trust principles are maintained. If you have servers on-premises …
Continue reading Microsoft Global Secure Access – Private Access – Part 5 – Bypass GSA on local corporate network with direct access to target applications
Microsoft Global Secure Access – Private Access – Part 4 – Test configuration and target application
This article is part of a series: Microsoft Global Secure Access – Private Access – Christoffer Klarskov Jakobsen – Microsoft Architect Intro I have created an Entra ID joined VM in Azure running Windows 11 Pro 24H2. The user I test with has been assigned Microsoft 365 E3 + Microsoft Entra Suite licenses (if you …
Continue reading Microsoft Global Secure Access – Private Access – Part 4 – Test configuration and target application