Tuesday, August 21, 2012

certlm.msc - Short cut to open the certificate store for the local machine

Sometimes even small a thing can be a time saver.
So in Windows 2012 you can just type certlm.msc to start the certificates MMC with the local machine store.

Saturday, August 11, 2012

SharePoint 2013 gets native RMS support

Microsoft SharePoint 2013 supports Information Rights Management (IRM) protection of PDF documents. With that support, users can upload PDF documents to IRM-protected libraries, and upon download, the files will be protected using Microsoft Office IRM.


The first compatible PDF reader comes from Foxit (http://www.foxitsoftware.com/) and other vendors are welcome to make their readers compatible.

Native Support for PDF is one of the top 5 questions from clients about RMS.

Message: This account can't be used to access Outlook.com

Today I ran into an issue accessing the Office 365 Outlook Web Access.

First of all, I made the Office 365 setup for a new tenant. The school of my kids decided to test Office 365, right now they are on Google and they want teach the kids more then one cloud application.

For ADFS we already have a Windows Server 2012. So ADFS works great but the MSOL powershell commands are not working with 2012. But only this server has a public certificate, and the URL is used for other services as well. So I just added ADFS 2.0 to another server, moved the signing cert over and started the MSOL powershell commands. Then I just played copycat to get the relying party settings over to the 2012 ADFS server. After ADFS done I installed and ran DirSync. To verify my doing I went to http://outlook.com/domain.org and after ADFS authentication: BUMMER!

"This account can't be used to access Outlook.com"

So I did some web search, but nothing really helpful came up.
So I compared the relying party settings between the ADFS 2.0 server and the 2012 server and found that I missed to configure the hash algorithm to SHA-1. If it is SHA256 you will see the message above.

I suppose this is only one reason when you see that message because the message is kind of generic.

ADFS 2.0 update rollup update 2

Microsoft released another update for ADFS 2.0 as rollup update. So we are now at rollup update 2.
Unlike rollup updates for Exchange the rollup updates for ADFS 2.0 are released as hotfixes and you have to request them first and you cannot just download them.

The Update Rollup 2 update is a cumulative update package that contains all the fixes and new features that were contained in Update Rollup 1.


RU2 has a new feature: support for RelayState.

Before you had to develop your own workaround. Jonas Syrstad published an article about this before:

For RU2 Microsoft published an good article about RelayState

If you now ask what RelayState is, well it is an additional parameter in an IdP-initiated scenario what tells the resource provider where to go next after authentication verification.