0365 – Exchange Online X-Sender Spam Problem

Hi everyone !

Today I wanted to share a strange problem I found in 0365. It seem really easy to bypass the antispam filter with the x-Sender property if you know how.

An example of a spam that went-tru.

This email was not tagged as spam, and the sender and the receiver thought they were in the same compagny. Both contoso.com email alias are hosted in 0365. You can see the x-sender there that it was not the case..

X-Originating-IP: 192.3.186.164
User-Agent: Workspace Webmail 6.9.59
Message-ID: <……@email23.godaddy.com>
From: Jacky <jacky@contoso.com>
X-Sender: cchj712@adm1ncare.com
Reply-To: Jacky <joshua.braga@aol.com>
To: <Mich@contoso.com>

To note the SPF record was setup correctly and was strict, but strangely 0365 check the SPF record of the x-sender, not the sender property ..

The SPF check was tricked that way;

Authentication-Results: spf=none (sender IP is 68.178.252.172) smtp.mailfrom=adm1ncare.com; contoso.com; dkim=none (message not signed) header.d=none;contoso.com; dmarc=none action=none header.from=contoso.com.com;compauth=fail reason=601
Received-SPF: None (protection.outlook.com: adm1ncare.com does not designate permitted sender hosts)

As you can see  the SPF check was done on the x-sender email address, adm1ncare.com, not the contoso.com

To resolve the issue I had to a antispam strategy and to make it stricter.

That way into your 0365 admin portal;

You create a antispam strategy, name it;

Capture0

You then apply it to your accounts;

Capture

Click to create the strategy.

Capture1

 

Thanks everyone, a small tip it’s, but come handy if you receive spam/phishering email a lot, as it’s not a default option ticked.

Active-Directory – Invoke-InternalEnsureADDSComponentInstallState not recognized – DCPromo

Hi everyone

Today I wanted to share a error I stumbled into this week.

It’s after adding the ADDS’s roles, in the dcpromo wizard, A Invoke-InternalEnsureADDSComponentInstallState is not recognized.

Sans titre

It happened to me on a Windows Server 2019.

The error was resolved by;

– Removing the dotnet feature

– Restarting

– Removing the ADDS role

-Re adding the ADDS role

– Re-running the wizard.

Kinda an easy fix, but not many people stumbled into that bug as I found almost no ressource that talk about it.

Enjoy the tip ! Thanks everyone

 

Windows Server – Bitlocker – Unlock Drive

Hi everyone

I wanted to share a small tip today.

If you happen to have some encrypted disk with bitlocker, and you need to unluck them inside your Windows Server you might notice the unluck’s option is not there by default.

You need the Feature BitLocker Drive Encryption

After the feature is added, you will have available all the BitLocker’s option inside Explorer.

 

Thanks for listening to that small tip ! 🙂

Can’t open the MMC .. “MMC can’t open C:/Windows/System32/services.msc”

Hi everyone !

Today I wanted to share a quick and handy tip.

If you are stuck with a bug that your MMC don’t want to open, services.msc in my example, don’t forget you can clear the MMC cache to give it a chance to re-open.

mmc

To fix it open up MMC.exe, and select that; File->Options->Disk Cleanup->Delete Files

mmc2

After that the MMC would load more easily and most of all without errors.

 

PowerShell Tip: Active Directory Module not found

Hi everyone

I wanted to share a small tip if you still manage older active directory server with powershell.

I stumbled into a Domain Controler today that hasnt the PowerShell’s module for ActiveDirectory, I was wondering why, and found out it need to be added as a feature.

We can see the error there when we try to import the module;

ad01

If it happen to you, be sure its added as a feature there;

ad02

and you select Active Directory for Windows PowerShell there;

ad03

Tomorrow I will share a small PowerShell script handy to clean up your Active Directory objects !

 

 

 

Microsoft Chromium Edge now available for Windows 10 LTSB, and soon for others OS !

Hi everyone

I wanted to share a good new, Chromium Edge is now available for Windows 10 IoT/LTSB’s build ! We can now finally enjoy it with that build used in enterprise mainly.

You can go get it there ! (https://www.microsoftedgeinsider.com/en-us/download/ )

A plan is there to make it available for older and other OS too. even for the macOS.

Microsoft Edge will now be delivered and updated for all supported versions of Windows and on a more frequent cadence. We also expect this work to enable us to bring Microsoft Edge to other platforms like macOS

A picture of it running at my home lab 🙂

IZvUu

Roaming profiles and system tray icon cache error

Hi all !

Today I will share a small tip to resolve when the systray act strangely with the icon cache.

The display I had was like that;

6-1

The problem seem to be with a corruption in that registry key value;

HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify

 

The fix is simply to delete those two keys; with a script like that one;

reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify" /v IconStreams /f

reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify" /v PastIconsStream /f

 

If you use roamings profiles it can become harder to fix, as it can be a widespread problem.

To resolve the issue I added a local user GPO the machines that are using the roaming profiles, as such all the profile will be corrected. I didn’t used a domain user gpo, as the registry fix must be invoked before explorer.exe start, so I get a better result in a local user GPO.

6-2

 

After that tip, all my systray icons are back to normal 🙂

RDS: HP Thin OS resolution problem in Full Screen mode !

Hi everyone

Today I wanted to share a small error I found into the HP thin client that has the Thin OS.

The error impact that RDP setting when you create a RDP connection;

5-3.png

The resolution can bug on the setting page. You ask me what bug it can cause ? well if you do a RDP’s session in fullscreen mode, the user will think they use a resolution X, but in reality the terminal server will see the correct resolution Y.

The bug happen with different display adapter or monitor.

The Thin OS seem to detect the possible resolution from the monitor and limit the choice, but the GUI is not limited to that list. xrandr offer a list while the GUI offer the full list.

As you can see in that printscreen is that exact problem, I set 1280×768 into the left windows, no error, and it’s set, but in the right windows we see the current resolution is 1920×1080 and 1280×768 is not possible..

5-2

The tip is to issue an xrandr command to see what we can use;

5-1

and to set it to one of those resolution..

For me it’s a bug, as if you manually set the resolution with xrandr, like in my example 1280×768 that I tried without success with the GUI, but it work if I set it with xrandr by hand.. but no config file are possible to change to add an custom mode resolution.. So the change is lost on reboot.

Enjoy the small tip, got me some time to manage that the GUI is in error.

Unable to rename domain controller: Account already exists

Hi everyone

I seen an interesting bug yesterday, it was about Windows Server 2019 and a error when you try to rename a new domain controller to the old name of a retiered’s one;

The error Windows was giving was:

The account already exists.

The culprit into that case was a left over that was visible in ADSI Edit. The exact location was;

Configuration -> CN=Sites -> CN=Default-First-Site-Name -> CN=Servers -> CN={Old Domain Controller}.

 

As simple as that, but it need a bit of playing in ADSI Edit 🙂