Windows Update KB5017308 breaks GPO preferences file creation

Anyone observing the same issue? All files created with GPO preferences in replace mode are having 0 kb. Doesn’t matter if these are newly created links or files copied to a machine with GPO preferences.

Uninstalling KB5017308 or changing replace to update resolves the issue!

I have found a discussion regarding this issue here: https://answers.microsoft.com/en-us/windows/forum/all/windows-10-update-kb5017308-breaks-shortcuts/67156263-7536-44d1-a9d8-f93d18b8941c

RADIUS Authentication and Windows Server 2019

When you try to connect, from another device (for example a firewall), to a RADIUS Server installed on a Server 2019, you will experience a connection issue.

So first you will check the local Windows Firewall, if switching it off, everything is fine.

What will be the next step? You are right, switching it back on and checking the rules.

Then you will see, that the corresponding rules where created during the RADIUS installation, so why the heck it does not work?

There is a good article about this “feature”, *sarcasmoff*, at the TopQore Blog:

https://blog.topqore.com/radius-authentication-using-nps-on-server-2019-bug

There you can read in more detail about the bug.

For the lazy ones, the solution is to run the following PowerShell command to set the RADIUS-rules to service “any”:

Get-NetFirewallRule -DisplayGroup “Network Policy Server” | Where DisplayName -like “*RADIUS*” | Set-NetFirewallRule -Service Any

That’s all, after running the above command, you should be able to connect to the RADIUS.

If you want to revert the change, you can run the following command:

Get-NetFirewallRule -DisplayGroup “Network Policy Server” | Where DisplayName -like “*RADIUS*” | Set-NetFirewallRule -Service ias

Exchange hybrid licensing

Update Apr 20 2022:

Hybrid Experience Updates

There are two more exciting updates for hybrid customers in Exchange Server 2019 CU12.

  1. CU12 includes a change to the Exchange Server License Terms. We have updated our licensing to add a product key for Exchange 2019 hybrid servers at no additional charge! This was previously available only for Exchange 2010, Exchange 2013, and Exchange 2016. Exchange Server 2019 CU12 and the Hybrid Configuration wizard have been updated to support this change.
  2. CU12 also includes support for using MFA-enabled admin credentials with Hybrid Agent cmdlets. The Hybrid Management PowerShell module now works with MFA-enabled admin accounts. This module includes the following cmdlets which can now be used with MFA:

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2022-h1-cumulative-updates-for-exchange-server/ba-p/3285026

Previous post:

When you have an Exchange hybrid deployment, you will likely have an on-premises server for Management (if you are using Azure AD Connect).

There is a free hybrid license you can use when you have no mailboxes on-premises and just use the server for management. The Hybrid Configuration Wizard will install it for you.

But be aware that this hybrid license is only available for Exchange 2016 and not for Exchange 2019 (and probably not for Exchange 2022)

If you do not host any mailboxes on the servers used to connect to Microsoft 365 you can license them using the Microsoft 365 Hybrid Configuration Wizard (HCW) which you can find here. The HCW validates your Microsoft 365 subscription and installs the appropriate licenses on your servers. Note that the free Exchange Server license is not available for Exchange 2019 hybrid servers.

https://www.microsoft.com/en-us/microsoft-365/exchange/microsoft-exchange-licensing-faq-email-for-business

As you probably also know we have historically provided a free license for these ‘management’ servers if their only use is to properly manage Exchange attributes when recipient objects are mastered on-premises. You also know that we never provided this free license type for Exchange Server 2019. .

For this reason, we want to make our recommendation for this scenario clear. Our broad recommendation is to keep Exchange Server 2016 in production use until such point as we release a solution that allows those servers to be removed. As explained earlier, Extended Support still provides security and time zone updates and so keeping them in production and ensuring they are properly patched does not increase your risk profile in any way.

https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-2016-and-the-end-of-mainstream-support/ba-p/1574110

Everyone is still waiting for a solution from Microsoft to get rid of this “management” servers.

Welcome to our blog

We made it to give the world something back.

Since many years Google Search and many blogs out there helped us to do our daily work.

We want to be a part of it now and will post some (hopefully) interesting things that we stumbled upon our daily business.

Please enjoy it and maybe it can help sometimes.