Exchange 2016 Hybrid Wizard Fails to validate Domains.

 You are running the Exchange Hybrid Configuration Wizard (HCW) and it gets stuck at validating domains.  You try-

Set-FederatedOrganizationIdentifier -DelegationFederationTrust "Microsoft Federation Gateway" -AccountNamespace "MYDOMAIN" -Enabled $true"

You get- An error occured while attempting to provision exchange with the partner sts.

Add the following registry keys and reboot.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001

Go into EAC, organization, remove the federation.  Re-add it, add your domains, set your TXT records.  Verify they are there with NSLookup, click Update.  Re-run the hybrid wizard.

VMware vReplication replication changes are HUGE even though changes are minimal on server.

This issue is caused by a GuestOS sent unmap command.

To disable Unmap in the Guest OS-
fsutil behavior set DisableDeleteNotify 1

To re-enable the feature, use the following command:
fsutil behavior set DisableDeleteNotify 0

To verify the current setting, use the following command:
fsutil behavior query DisableDeleteNotify

DisableDeleteNotify=0 - indicates the Trim and Unmap feature is on (enabled)
DisableDeleteNotify=1 - indicates the Trim and Unmap feature is off (disabled)

What is unmap/deletenotify-
Delete notifications (also known as trim or unmap) is a feature that notifies the underlying storage device of clusters that have been freed due to a file delete operation. In addition:

For systems using ReFS v2, trim is disabled by default.
For systems using ReFS v1, trim is enabled by default.
For systems using NTFS, trim is enabled by default unless an administrator disables it.

If your hard disk drive or SAN reports that it doesn't support trim, then your hard disk drive and SANs don't get trim notifications.

Enabling or disabling doesn't require a restart.

 - Trim is effective when the next unmap command is issued.
 - Existing inflight IO are not impacted by the registry change.
 - Doesn't require any service restart when you enable or disable trim.

Create Self Signed Cert Powershell

 $Params = @{
    "DnsName"           = @("quail-vm1.nytis.com")
    "CertStoreLocation" = "Cert:\LocalMachine\My"
    "NotAfter"          = (Get-Date).AddMonths(100)
    "KeyAlgorithm"      = "RSA"
  "KeyLength"         = "2048"
}

New-SelfSignedCertificate @Params

https://www.sslshopper.com/ssl-converter.html

Setting up LDAPs on AD Server

 1. Install CA, configure as root CA.

2. On your CA Server launch the Certification Authority Management Console > Certificate Templates > Right Click > Manage.

3. Locate the Kerberos Authentication certificate > Make a Duplicate.

4. General Tab > Call it ‘LDAPoverSSL’ > Set its validity period > check to publish the cert in AD.

5. Request Handling Tab > Select ‘Allow private key to be exported’ > Apply > OK.  Close out of the templates.

6. Right click Certificate Templates again > NEW > Certificate Template to issue.

7. Locate and select the ‘LDAPoverSSL’ certificate > OK.

8. Now logon to a DOMAIN CONTROLLER > Windows Key+R > mmc {Enter} > File > Add/Remove Snap-in > Add in the Certificates Snap-In > Computer account > Finish > OK > Expand Certificates > Personal > Certificates > Right Click > All Tasks > Request New Certificate > Next > Next.

9. Select the LDAPoverSSL Certificate > Enroll > Close the Certificate Snap-in.

10. In my case I need my device to ‘Trust’ the CA, So on the CERTIFICATE SERVER > open a command window and run the following command;

certutil -ca.cert ca_name.cer

11. It will display the certificate PEM on the screen and should complete successfully.

12. You will notice my command was run while I was on the root of the C: Drive, yours will probably be C:Users{your-username} go there and retrieve a copy of the ‘Root Certificate’.

OneNote won't start, won't sync, not in system tray, not working.

Navigate to the following registry key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\OneDrive 

Check if any of the "Disabled" keys are set to 1.  If they are, set them to 0.

https://support.microsoft.com/en-us/office/onedrive-won-t-start-0c158fa6-0cd8-4373-98c8-9179e24f10f2

Azure AD connect (Sync) force sync

Import-Module ADSync

Get-ADSyncScheduler

Replicate your DCs first- repadmin /syncall /AdeP

Delta Sync-
Start-ADSyncSyncCycle -PolicyType Delta

Full Sync-
Start-ADSyncSyncCycle -PolicyType Initial

Exchange Down on 1/1/2022!

So here's a nice surprise, apparently, exchange is  reporting an error Can't Convert "2201010001" to long this morning.  As of Jan. 1, 2022 0:00 UTC on-premises Exchange servers seem to freezing transport of all emails – a date can't get converted. Here is a quick overview of what is going on.

https://borncity.com/win/2022/01/01/exchange-fip-fs-scan-engine-failed-to-load-cant-convert-2201010001-to-long-1-1-2022/

To resolve this, for now, disable the anti malware-

& $env:ExchangeInstallPath\Scripts\Disable-Antimalwarescanning.ps1