Setting up DKIM for Exchange Server for DMARC

Setting up DKIM for Exchange Server

Out of the box Exchange Server does not support DKIM signing. And it doesn’t look like Microsoft has any intention of adding this feature any time soon. So for now the best way to implement DKIM signing is via third party a plugin.

What is DKIM?

DKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages weren’t altered in transit between the sending and recipient servers. It uses public-key cryptography to sign email with a private key as it leaves a sending server. Recipient servers can then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message hasn’t changed during transit. Once the hash made with the private key is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.

If you want to know more about how DKIM works, Postmark provides a pretty detailed explanation.

Installing Exchange DKIM Signer

Exchange DKIM Signer is an open source, easy to install DKIM Signing Agent for Microsoft Exchange Server. It includes support for Exchange Server 2007 through to 2016.

Online Install

1. Download the latest GUI package: (

2. Extract it somewhere on your Server (e.g. Desktop)

3. Start Configuration.DkimSigner.exe

4. Select Install

5. Once the installer has completed, click Close


1. Now configure the DKIM Signer with the installed GUI. Navigate to and launch the configuration executable (located under "C:\Program Files\Exchange DkimSigner\Configuration.DkimSigner.exe".

2. Click Configure and move the priority of the DkimSigner Agent up to at least 3, if not 1 (This is to prevent other agents from potentially interfering with the headers), and then click Close

3. Navigate to the DKIM Settings tab and change the Header & Body Canonicalization options to Relaxed. Click Save configuration to save your changes. See DKIM Canonicalization – or – why Microsoft breaks your mail for reasons why choosing Relaxed over Simple may be the better option.

4. Now switch to the Domain Settings Tab. Fill in your Domain name and Selector and click Generate new key. DKIM Signer will then generate new public and private DKIM signing keys based on your chosen domain and selector.

A save window will open prompting you to save the newly generated key in "C:\Program Files\Exchange DkimSigner\keys". Click Save.

You can save the generated keys to an alternative location if you wish. However DKIM Signer recommends storing them in the default location.

IMPORTANT: Make sure the user you’re signed into your exchange server as has permission to access whichever path you choose to store your keys. Otherwise you’ll encounter access denied errors: "Couldn't load private key for domain Access to the path 'C:\Program Files\Exchange DkimSigner\keys\' is denied.". And DKIM signing of outgoing mail will fail.

5. Now you need to publish the DKIM TXT record for your domain ( with your DNS provider. Make a note of your Suggested DNS Name and click Copy to clipboard to copy the Suggested DNS Record.

Now head to your DNS provider to create your TXT record.

6. Select TXT record as the type of record to create and for the TXT record Name, enter your Suggested DNS Name (key1_2017._domainkey).

*Most DNS providers automatically add your domain name to the end of the TXT record ‘Name’ entry, so there should be no need to enter the whole record e.g.

For the TXT record content, paste your copied key and save.

Wait a few minutes for the record to propagate (Most DNS providers are pretty quick these days) then head back to the DKIM Signer Domain Settings tab and click Check. DKIM Signer will query your DNS record and if all’s well your record should now be verified as correct. Click Save to save your domain settings.

7. Switch to the Information tab and restart the Exchange Transport Service by clicking on Restart.

DKIM Signer is now configured to sign emails originating from your domain.


1. Open your web browser of choice and navigate to Make a note of the randomly generated email address. DO NOT CLOSE THE BROWSER/TAB, you’ll need to return to this page shortly.

2. Log into an Exchange mailbox associated with the domain you’ve just setup and send an email to this random address.

3. Allow a few minutes for your email to arrive at’s site then return to your browser and click on View Results.

If you see results = pass, congratulations, your setup is complete and you can now send email verified using DKIM signing.

Note: This is copy of the post from:

I particularly did not want to loose it as it is great.

All New Landrover Discovery 5 Winch Fitting D5

Fitting a Winch to a MY19 Discovery 5

Components Used

Hidden Winch Tray

Lucky 8 Proud Rhino Hidden Winch – I specifically asked for the model that had been slightly modified to fit the MY19 model. I know someone who had a tray from 2018 that struggled to fit the MY19 vehicle. Email communications with Lucky8 ensured the correct tray was sent.

Proud Rhino Hidden Winch Tray Discovery 5

This is what arrived exactly. No bolts etc. As it turns out… you don’t need any. You will see later.


Domin8r x 12,000lb Winch with synthetic rope. – Note that as of 2020 there are two two Domin8r winches available. The one pictures and the Extreme. The extreme has an improved brake system and on inspection was a little larger in height. Because of this and the fact that I had seen images of the “standard” or orange rope version installed on this exact fit, I went for the standard version.

Domin8rx winch new contents

Pictured is exactly what arrived in the box. 

I did consider a Warn which, however the price is literally 10 times the cost of this kings winch. And the fact that my Discovery while used hard will never be an extreme 4×4. The winch I am fitting servers two purposes for me.

1. It lets me explore tracks and go “down” places without the anxiety of getting stuck.

2. It lets me recover myself and others more easily that perhaps I would without the winch option.

In all honestly, on my previous LR’s fitted with a winch, I only ever used it twice and both times could have used other options. But I did find the comfort of knowing it was there completely changed how willing I was to explore hard tracks alone.

So the cheaper winch, it it only works a handful of times will suite me fine!

Which Options

I added the wireless which controller option to allow me to use the controller at the wheel without wires.

Domin8tor Winch Wireless Remote

You can see that there is a dongle that plugs into the control box, and the remote that confusingly comes with wires, but the can be removed.


Factor 55 1.0 Grey Fairlead

Factor 55 1.0 Grey Fairlead

Fairlead Screws

1.5” 5/8 screws with Hex Heads and a couple of washers.

Licky 8 Fairlead Screws

3M Automotive double sided tape.

3m Double Sided tape

This tape is used to refit the side strips around the wheel arches.

The Job

Remove the Discovery 5 Bumper Bar and front trimmings.

This for my was by fat the hardest part of the job. Knowing where to screw and pull to unclip and remove the bumper was not something I could do alone. So I enlisted a Landrover Mechanic (Tom) to assist me on the removal and refitting of the bumper. Super handy having him there to do it professionally. Total time to remove was about 40 minutes.

IMG 2517IMG 2518IMG 2519IMG 2520

Not really going to try and describe the steps to remove the bumper. After seeing it done, I don’t think I would attempt it again without help. There is a bit to it. But some interesting steps included….

LR D5 Side Strips Wheel Arches

Removing the side strips around the wheel arches required carefully prying the double sided tape off, and disconnecting the sensor plugs. We used the 3M double sided tape to fix them back on.

IMG 2523

The front radar sensor fitted the the cross bar. This is the bar that will be hacked into to make room for the winch. 

Note the plastic dieting trim at the top and bottom of this image. They effectively directed air through the radiator. We managed to keep the top, but the bottom had do go.

IMG 2524

This front scoops here are to direct air onto the brakes. We managed to refit these after the tray was added.

IMG 2528

Removing the bottom plastic air direction housing.

IMG 2529

With it removed.

IMG 2530

You will notes that there is still a plastic scoop at the bottom. We cut this off wish industrial scissors that made easy work of the plastic. 

IMG 2531

IMG 2532IMG 2533

This is the cut away bottom plastic air duct. Both sides shown here to assist you with how much to cut.


IMG 2534

We decided to unplug the cooling pipes to give us more room. We saved and used again the cooling fluid.

IMG 2535

This hose in the middle frame was one that was tricky to fit back. You can see in this image that the tray is in place, although not tight. The hose comes around the tray and would rub on the tray. We decided to fit a foam block between the hose and the lucky8 tray. Something like a pool noodle cut to size would work well here. Something that fit around the host, but between it and there tray to ensure that vibration stays away.

IMG 2494

Now this is not a picture of my bar. And I cannot believe it that I did not take a picture of the cuts we made before fitting the winch tray and winch. But we effectively made the same cuts as were made here, but did not remove the bar from the car to do it. Simply cut with the bar fixed to the car. The cuts were not hard, and worked well with a standard angle grinder. A couple of things to note in this.

1. The bar is much more sturdy than it looks here.

2. The middle remaining square bracket is to allow fitting of the radar back in place.

3. The cut on the back o the bar on the right side, needs to be a little angled to the right. i.e making some more room on the back right bottom.

IMG 2539

The end result with our bar. Note again the cuts in the bar. The winch in place.

You will also note that we fitted the control box with the plug sitting forward. This worked very well and allowed some of the cables to come forward of the bar, and some to go behind the bar. To fix the control box we simply straightened the mounting bracket in a vice, then drilled a couple of holes through the bracket and bar then fixed it with some metal tapper screws.

Note the alignment of the box plug just to the right in the image of the screw holes below. This allows the box to be accessed from the front through the grill once the bumper is reattached.

Winch orientation is important. Note that the direction we have the winch allows the winch rope to run in on the bottom of the winch. I have seen the winch fitted the other way around, but this means that “in” on the controller will wind the rope on the top of the drum. Note idea for winches as it puts more moment on the attaching bolts. We found that fitting the winch this orientation worked fine.

IMG 2540

The cables were easy. Two leads gong back through the front assembly to the right are fixed to the jump points in the car. The red cable that loops back from the control box and under the cross bar, that you see on the bottom of this image is actually visible from the front of the car. So fitting a black or shrink wrap here would discuss that better. 

You can see here too the radar fitted back in place and the winch cables zip tied to the top of the cross bar to keep excess cables from rubbing around the place. It is also interesting that the zip ties are visible from the front, so we used black to make it cleaner from the front view.

IMG 2536

The mounting brackets took a bit of playing around with to get them orientated correctly. When we did, it all fit well and was obvious. This pic shows the orientation dangling down. We swing them into place 180 deg and use the winch bolts to fit them up through the tray and into the winch.

IMG 2545IMG 2546

You can see here that the bolts going up through the tray are the Domin8tor winch bolts that came with the winch. They go up through the winch brackets and tray and into the winch mounting lugs.

The direction of the brackets works well in this orientation. We tried to have the brackets the other way around to put the bracket angel mount outwards for better strength. However we found they would not fit in that orientation. But we are happy with the result here.

IMG 2541

The cables that come up behind the light assembly.

IMG 2542

Then run up over the air box

IMG 2543

And fitted beneath the jumper mounts.

We did consider fitting them to the winch mount (that comes on the discovery) that is behind the front right wheel guard, and it would have worked. But the problem is that the Domin8tor winch has the in lead fuse that you can see in this image. There would be no way of easy access to that fuse if fitted to the winch mount. So we elected to fit it here. With zip ties it is very sturdy and works well.

IMG 2544

This picture shows the winch cables zip tied in place, but also the car cabling tied back over the top of our work.

IMG 2547

The end result before the bumper was attached again.

IMG 2552

With the bumper fitted and the winch rope just temporarily zip tied out the way.

IMG 2553

To get the factor 55 1.0 fair lead to fit, we need to make two cuts to the bumper just either side of the fairlead. The cuts are to the vertical plastic moulding. We made the cuts at the bottom and just screwed the factor 55 fairlead inlace while holding the plastic open using a bit of bruit strength.

The result is that the bumper splits a little wider around the fairlead and is a little deformed from its original shape. But the end result is that the fairlead sticks out a little giving good clearance for the rope to stay away from the bumper, and the whole thing looks good from the front. We made the cuts with a multi tool in about 5 seconds. Easy work.

IMG 2554

Not the control box is still accessible from the front, but mostly hidden. The wireless dongle sits really nicely in place and could be left there for a day out with a bit of winch work anticipated.

Like to thank 

Paul Muscat for running the LR D5 Group. 

Rob Morley for sharing his similar fit and answering my many questions.

Tom – The Landrover guru who helped with the bumper and whole job

Darub Abrahams  – Who shared his experience with the older tray and some of the notes that helped with my decision making.

This is a Landrover Manual extract that talks about their winch fitting option that they never released. I referenced this a bit, but this blog post would be more help to anyone doing the same thing.

pdf 2.pdf

If you live in Sydney and want a Landrover mechanic to assist you with this winch combination, then please contact me. Tom would be only too happy to help.

InteractiveWebs Email Setup Smatermail – Outlook 365 Windows

Setting up Outlook 365 to access InteractiveWebs SmarterMail services


When adding an account, select the advanced options after entering your email address.

Screenshot 2019 08 17 13 30 49

Select IMAP from the Advanced Setup

Screenshot 2019 08 17 13 33 21

Select NO. You do not want to continue using the certificate.

Screenshot 2019 08 17 13 34 33

Select Change Account Settings

Screenshot 2019 08 17 13 35 13


Enter the following setup. with Security enabled for both incoming and outgoing services.

Screenshot 2019 08 17 13 35 59

Password as advised.

Screenshot 2019 08 17 13 36 35

And you are done!

Screenshot 2019 08 17 13 37 27

Redirection Module in IIS

SmarterMail Force HTTPS

Setting up an HTTP/HTTPS redirect in IIS

Once the SSL certificate is installed, your site still remains accessible via a regular insecure HTTP connection. To connect securely, visitors must specify the https:// prefix manually when entering your site’s address in their browsers.

In order to force a secure connection on your website, it is necessary to set up a certain HTTP/HTTPS redirection rule. This way, anyone who enters your site using a link like “” will be redirected to “” or “” (depending on your choice) making the traffic encrypted between the server and the client side. 

Below are steps to setup a IIS HTTPS redirect:

  1. Download and install the “URL Rewrite” module.
  2. Open the “IIS Manager” console and select the website you would like to apply the redirection to in the left-side menu:
  3. Double-click on the “URL Rewrite” icon.
  4. Click “Add Rule(s)” in the right-side menu.
  5. Select “Blank Rule” in the “Inbound” section, then press “OK”:
  6. Enter any rule name you wish.
  7. In the “Match URL” section:- Select “Matches the Pattern” in the “Requested URL” drop-down menu 
    – Select “Regular Expressions” in the “Using” drop-down menu 
    – Enter the following pattern in the “Match URL” section: “(.*)” 
    – Check the “Ignore case” box
  8. In the “Conditions” section, select “Match all” under the “Logical Grouping” drop-down menu and press “Add”. 
  9. In the prompted window:
    – Enter “{HTTPS}” as a condition input 
    – Select “Matches the Pattern” from the drop-down menu 
    – Enter “^OFF$” as a pattern 
    – Press “OK”
  10. In the “Action” section, select “Redirect” as the action type and specify the following for “Redirect URL”:https://{HTTP_HOST}{REQUEST_URI}
  11. Check the “Append query string” box.
  12. Select the Redirection Type of your choice. The whole “Action” section should look like this: 
  13. Click on “Apply” on the right side of the “Actions” menu.

The IIS redirect can be checked by accessing your site via http:// specified in the URL. To make sure that your browser displays not the cached version of your site, you can use anonymous mode of the browser. 

The rule is created in IIS, but the site is still not redirected to https://

Normally, the redirection rule gets written into the web.config file located in the document root directory of your website. If the redirection does not work for some reason, make sure that web.config exists and check if it contains the appropriate rule.

To do this, follow these steps: 

  1. In the sites list of IIS, right-click on your site. Choose the “Explore” option:
  2. “Explore” will open the document root directory of the site. Check if the web.config file is there.
  3. The web.config file must have the following code block: <configuration>
    <rule name=”HTTPS force” enabled=”true” stopProcessing=”true”>
    <match url=”(.*)” />
    <add input=”{HTTPS}” pattern=”^OFF$” />
    <action type=”Redirect” url=”https://{HTTP_HOST}{REQUEST_URI}” redirectType=”Permanent” />
  4. If the web.config file is missing, you can create a new .txt file, put the aforementioned code there, save and then rename the file to web.config.
Search Engine Optimization Services SEO

Search Engine Optimisation Services

Search Engine Marketing Services

SEO Services Agency in Sutherland Sydney

Our SEO Services

With years of experience at Search Engine Marketing SEO and a genuine interest in latest evolving techniques. We are able to provide a total solution for your Search Engine Marketing needs.

We cover all aspects of the gamete of SEO Services that are required to deliver Natural Google Ranking Results.

Search Engine Optimization Services SEO
Keyword Search Marketing

Keyword Search

Targeted key word search for long tail and shot tail key words that are targeted to your customers.

SEO Link Building

Link Building

Generating of back linking keyword rich click links into your site from other reputable sites.

Site Map Optimisation Service

Sitemap Optimisation

Creating and updating site maps that Google uses to index the pages of your site.

Website Software Development

Software Development

Where necessary we will develop and update software on your site to ensure that SEO functions are delivered.

Website Design Services

Web Design

Designing from scratch or redesigning your websites with Search Engine Optimisation as part of the DNA of your site.

SEO Feedback Results


We provide feedback of the progress of the SEO journey we embark on with you and your business.

SEO Strategy


We have proven results and a carefully planned and implemented strategy for the services we provide.

Network Social

Social Networking

Brand development with the integration of Social Networking is essential for your search results and total business development and marketing.

Content Writing

Content Writing

We work with partners to create dynamic content, pages and blogs to draw in key word linked searches into your site and onto your products and services.

Traffic Monitoring

Traffic Monitoring

Integrated analytics and progression of search engine listing performance both instantly and over time.

Ranking Results Service

Ranking Results Reports

We provide reports on the ranking of your site and the progress we have achieved for you.

Website Optimisation

Website Optimization

Critical to your rankings is your website and page load performance. Tuning both the on page content and server performance is critical.

With years of running a shopping website, we only experienced results once we started engaging professional SEO services. Prior to that we effectively wasted our time trying to do things on our own.
Tess Barrington
Web Store Owner

Get your Business on track now!

Contact our team for discussions on how we can help your business grow!

SEO Services

All Inclusive
$ 550
  • Keyword
  • Links
  • Sitemap
  • Software
  • Design
  • Feedback
  • Strategy
  • Social
  • Content
  • Traffic
  • Rankings
  • Optimization

Content Creation

Article Writing
$ 275
  • Feature Articles
  • Key Word Driven
  • Landing Pages
  • 12-20 Per Year
  • Back Linked
  • Include Images
  • Timed Release

Secure Site

SSL Encryption
$ 385
  • SSL / https
  • No Warnings
  • 1 Domain Name
  • Higher Rankings

Contact us about SEO services

WHM Cpanel sshd: /var/empty/sshd must be owned by root and not group or world-writable


Error: WHM Cpanel sshd: /var/empty/sshd must be owned by root and not group or world-writable is reported via email notifications.

Note: Our server is running Centos


Primary IPAddress
Service Name sshd
Service Status failed ⛔
Notification The service “sshd” appears to be down.
Service Check Method The system’s command to check or to restart this service failed.
Number of Restart Attempts 19
Service Check Raw Output (XID cg7fzv) The “sshd” service is down.

The subprocess “/usr/local/cpanel/scripts/restartsrv_sshd” reported error number 3 when it ended.

Startup Log Dec 07 02:34:37 systemd[1]: Failed to start OpenSSH server daemon.
Dec 07 02:34:37 systemd[1]: Unit sshd.service entered failed state.
Dec 07 02:34:37 systemd[1]: sshd.service failed.
Log Messages Dec 7 02:34:37 cpanel2 sshd: /var/empty/sshd must be owned by root and not group or world-writable.
Memory Information
Used 1.12 GB
Available 14.01 GB
Installed 15.13 GB
Load Information 0.00 0.01 0.07
Uptime 1 hour, 30 minutes, and 42 seconds
IOStat Information avg-cpu: %user %nice %system %iowait %steal %idle 4.15 0.01 0.18 0.02 0.00 95.64 Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn sda 7.43 185.24 24.84 1007925 135152 dm-0 4.69 146.09 17.67 794896 96128 dm-1 0.02 0.41 0.00 2228 0 dm-2 2.62 33.66 6.80 183144 36976
Top Processes
PID Owner CPU% Memory % Command
5182 root 18.07 0.09 /usr/local/cpanel/scripts/restartsrv_cpanel_dovecot_solr
5080 root 5.88 0.17 tailwatchd – chkservd – cpanel-dovecot-solr check
5138 root 1.20 0.01 dovecot/auth -w
5167 root 0.72 0.00 [whostmgrd – ser]
5108 dovecot 0.68 0.02 dovecot/auth


The Fix

1. Login to WHM and click on terminal

Screenshot 2018 12 07 21 36 49

Type these 3 commands into there terminal window:

# chown root:root /var/empty/sshd 
# chmod 711 /var/empty/sshd 
# ls -ld /var/empty/sshd


2. Restart the ssh Daemon in WHM

WHM ssh


The Apple Developers Union

The Apple Developers Union

Recently a new group of App store developers has banded together to help push the cause of making the Apple App Store a little more developer friendly for people trying to make a living as Developers of applications for Mac’s and iPhones.

The website is called The Developers Union and has some listed goals and targets. Their about page states 

We believe that people who create great software should be able to make a living doing it. So we created The Developers Union to advocate for sustainability in the App Store.

Today, we are asking Apple to publicly commit — by the tenth anniversary of the App Store this July — to allowing free trials for all apps in the App Stores before July 2019. After that, we’ll start advocating for a more reasonable revenue cut and other community-driven, developer-friendly changes.

Here is why we joined.

1. The stated goal of offering free trials is something what has reared it’s head for the looming release of our next app. “NOTAM Reader”. The model we wish to operate under is not currently available where we can offer a free trial. So their first stated goal is something we are defiantly onboard with and hope they can influence Apple.

2. The possibility of reducing the 70/30% split that developers share with Apple is something we also support. Apple the entire ecosystem and for that we are always grateful of the opportunity to develop on such a popular and solid ecosystem. BUT. They are so hugely successful throughout the entire process that it is hard not to feel that the wealth distribution is a little out of kilter. This is not something we are militant about but certainly a review of this policy is something we feel is worthy of banding tougher. 

In the future we will review the groups stated goals and only remain part of the group while the stated goals are not self destructive and the process remains respectful for everyone involved.

DNN Event ID 1310 after moving website to new server Exception message: Unsecured Passwords Format Detected

IIS throwing Event ID 1310 Exception message: Unsecured Passwords Format Detected


The Error Message

Exception information: Exception type: ConfigurationErrorsException Exception message: Unsecured Passwords Format Detected. The Membership Provider that contains the unsecure passwords format is: AspNetSqlMembershipProvider. The obsoleted password format is: Encrypted. For more information, see

Request information: Request URL: Request path: User host address: User: Is authenticated: False Authentication Type: Thread account name: IIS APPPOOL\DefaultAppPool

The Problem was actually simple and a “user error”

We tried to connect the website up to the wrong database. i.e. When we copied the database and moved it, we inadvertently copied the wrong database. This caused the above error due to the fact that the machinekey data in the web.config file was wrong for the database.

This caused the error 1310 to be thrown and the Application Pool associated with the new incorrectly setup site to stop.

The fix. 

Connect to the correct database!


Further to this we encountered a really weird set of errors after this. Initially the error appears to be a connection issue. But then we started getting failings that would come an go.

Error logs showing plenty of Event ID 1310 but also in the DNN logs:

DotNetNuke.Services.Log.EventLog.DBLoggingProvider – System.Data.SqlClient.SqlException (0x80131904): Could not allocate space for object ‘dbo.EventLog’.’PK_EventLogMaster’ in database ‘bla’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.


   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)


   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)


   at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)


   at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()


   at System.Data.SqlClient.SqlDataReader.get_MetaData()


   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption)


   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)


   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)


   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)


   at System.Data.SqlClient.SqlCommand.ExecuteScalar()


   at PetaPoco.Database.ExecuteScalar[T](String sql, Object[] args)


   at DotNetNuke.Data.PetaPoco.PetaPocoHelper.ExecuteScalar[T](String connectionString, CommandType type, String sql, Object[] args)


   at DotNetNuke.Data.SqlDataProvider.ExecuteScalar[T](String procedureName, Object[] commandParameters)


   at DotNetNuke.Data.DataProvider.AddLog(String logGUID, String logTypeKey, Int32 logUserID, String logUserName, Int32 logPortalID, String logPortalName, DateTime logCreateDate, String logServerName, String logProperties, Int32 logConfigID, ExceptionInfo exception, Boolean notificationActive)


   at DotNetNuke.Services.Log.EventLog.DBLoggingProvider.WriteLog(LogQueueItem logQueueItem)




Error Number:1105,State:2,Class:17

The Problem

The issue turned out to be that the database was a legacy database we received from another host. They had defined a database limit size in the SQL database it’s self. This caused the database to strop responding to DNN in a way we had never seen. After some time, the maintenance would drop the size of the database just below the limit and the DNN site would fire up. Until it reached the SQL database limit again.

Not likely to be a problem for many people, but something to check in the SQL dates settings.

The fix update

Increase or remove the size of the SQL database limit.

Adding Application Pool Identity in IIS to a Folder


Skip to end of metadata


Go to start of metadata


Whenever a new application pool is created, IIS creates a security identifier (SID) that represents the name of the application pool itself. For example, if you create an application pool with the name “Smartcrypt,” a security identifier with the name “Smartcrypt” is created in Windows. Resources can be secured by using this identity. However, the identity is not a real user account and will not show up as a user in the Windows User Management Console.

This can be configured by selecting a folder in Windows Explorer and adding the “Smartcrypt” identity to the folder’s Access Control List (ACL).

  1. Open Windows Explorer
  2. Select the directory the Smartcrypt Manager is installed under (eg: c:\web\mds)
  3. Right click the directory and select Properties
  4. Select the Security tab
  5. Click the Edit button and then Add button
  6. Click the Locations button and make sure that you select your computer.
  7. Enter IIS AppPool\<myappoolname> (eg: IIS AppPool\smartcrypt) in the Enter the object names to select: text box.
  8. Click the Check Names button and click OK.
  9. Check Modify under the Allow column, and click OK, and OK.

By doing this, the file or directory you selected will now also allow the Smartcrypt identity access.


You can do this via the command-line by using the ICACLS tool. The following example gives modify access to the Smartcrypt identity to the folder C:\web\mds and all contents.

ICACLS "C:\web\mds" /grant "IIS AppPool\Smartcrypt":M /t

Mac Clear DNS Cache

To clear the DNS cache on a Mac computer running the later version OSx

Open a Terminal window and paste in the following:

sudo dscacheutil -flushcache;sudo killall -HUP mDNSResponder; say cache flushed

Then hit enter.

You will be asked for the password you use to login as an admin.

LH Pilot Update 9.10.7


LH Pilot Update 9.10.7

– Updated the source for NOTAMS to fix the problem of FAA blocking regions via their website.
– Updated New EK Categories.
– Updated the colour coding for new categories.

This update addresses the latest released data from EK with new colour coding.

Also we were previously referencing NOTAM information from the FAA website. They have begun blocking IP addresses outside the USA. Subsequently we have referenced a new datasource and improved the formatting of the NOTAMS to be much easier to read.

Cpanel WordPress Site Error The uploaded file exceeds the upload_max_filesize directive in php.ini

Cpanel WordPress Site Error The uploaded file exceeds the upload_max_filesize directive in php.ini

While working with a Cpanel Website running WordPress, you attempt to upload a file and receive an error: 

“The uploaded file exceeds the upload_max_filesize directive in php.ini”

To fix for ALL Accounts in Cpanel

Login to the WHM Administration system. Note that this is usually the HOST provider that has access to this.

Softare >> MultiPHP INI Editor

Screenshot 2018 04 01 13 04 47

Then for the Different PHP Version in the Dropdown, selecting for example ea-php55  or ea-php56

Edit the post_max_size to something bigger that the default 8M

AND or

Edit the upload_max_filesize to something bigger than the default 2M

Screenshot 2018 04 01 13 07 43

To Fix for the Account you are working in.

Loged in as the Account holder,

Software MultiPHP INI Editor

Screenshot 2018 04 01 13 08 42

Select the location that you will apply this modification to. This should be the site or sub domain you are experiencing the problem with. (In our example we have the

Edit the post_max_size to something bigger that the default 8M

AND or

Edit the upload_max_filesize to something bigger than the default 2M

Screenshot 2018 04 01 13 10 02

This applies to Cpanel April 2018 V68

alphassl the requested property value is empty Exception for HRESULT 0x80094004

alphassl the requested property value is empty Exception for HRESULT 0x80094004


When completing an Alphassl certificate install on IIS using the “Complete Certificate Request” you receive the error:

There was an error while performing this operation.


The requested property value is empty. (Exception from HRESULT: 0x80094004)

Exception for HRESULT 0x80094004

Now this is a Typical Microsoft Error in that it really only has meaning to the person who created the error. For us end users stuck in this weird Microsoft world, the error message is trying to tell us that the Certificate you pointed to for the “Complete Certificate Request function in IIS

IIS Complete Certificate Request

is pointing to a .CER file that is not valid as a certificate for import.

So at this point it is time to check what certificate you placed in the .CER file that you are trying to import.


In particular with Alphassl certificates, the process of completing a new certificate request is completed by email. The end of the process involves receiving an email with instructions on how to complete the process of import.

Screenshot 2018 03 14 13 12 32

Now if you are anything like me, and you think you know what you are doing having completed this process a few times. You tend to work fast and read instructions later (like an IKEA assembly job). And on several of my certificate install jobs I have made the same error. That being that I read to point 2 above. Click the link which if I read it is obviously to the Root Certificate Install. Then proceed to copy and paste the SHA-256 Certificate into the process and save is as a .cer file, then try to complete the process with that hash. 

Screenshot 2018 03 14 13 16 13

So basically this is all wrong. The certificate Hash is actually included in the bottom of the email received from Alphassl and that hash from the bottom fo the email is the correct hash to copy and paste to your IIS server and save as a .cer file. It is then this file that you use to complete the process with your IIS “Complete Certificate Request” function. Not the above Root certificate.




There was an error while performing this operation.


The requested property value is empty. (Exception from HRESULT: 0x80094004)

Outlook 365 Keeps Prompting for Password After August 2017

Outlook 365 Keeps Prompting for Password After August 2017

3db989da d0d4 4210 b5ff f9975e6687dc

In August 2017 Microsoft released another version of Outlook for Office 365 for PC that caused a major problem for people connecting to Exchange 2016 servers. This problems is all to do with the AutoDiscovery setup that Outlook uses. Microsoft appear to have set outlook to use their Office 365 servers as an initial point of setup configuration regardless of how you have configured AutoDiscovery.

The bottom line is that outlook keeps trying to authenticate agains office365 and not your own server. While this is a known issue, as of January 2018 it has not been fixed in the next version of Outlook.

The Fix

There are two fixes, and either one should work. We suggest Fix 1

Fix 1

First one involves setting a registry entry on the computer experiencing the issue. To fix this issue, create a text file and copy/paste this text below.

Windows Registry Editor Version 5.00

Then save it, and rename it as ExcludeExplicitO365Endpoint.reg and run it (this will import the applicable registry key). ONLY DO THIS if you are using an Exchange On-Premise account, and not a Office365 or hosted exchange account.


Fix 2

The solution I’ve found to work and the only one to stop this annoying popup of “enter your password”, is to downgrade to a lower version of office is a script i wrote, in case you need to push this to several computers.

C:\Progr~1\Common Files\Microsoft Shared\officeClickToRun /update user updatetoversion=16.0.8326.2107 1>officec2rclient.exe

this will take your office 2016 to update 8326.2107 where this issue doesn’t happen.nothing will show up on the screen, but give it about 10 minutes and restart the computer. check the control panel/ add-remove programs and make sure office is on the new (or actually old…) version.

Here is a link to some helpful information in running this update:

Windows Server 2016 Download Maps Manager Delayed Start

Windows Server 2016 Download Maps Manager Delayed Start Red in Server Manager Dashboard

Its kind of annoying to find that after a fresh install of Windows 2016 Server you have a service that fails to behave correctly.

Download Maps Manager Delayed Start

When you click on the service, you will see something like this.

Screenshot 2017 08 02 22 40 27

Even if you attempt to force a start, it does not resolve this issue.

The good news is that this service is really not something you want anyway if you have a windows server doing actual server functions.

The Fix

The simple fix is to disable this service. The easy way to do this is to:

Open Windows Powershell

Be sure to open this by right clicking on PowerShell and select Execute as Admin. This is necessary even if you are logged in as an admin.

Windows 2016 Server Power Shell

Windows Powershell

Type this command:

Get-Service -Name MapsBroker | Set-Service -StartupType Disabled -Confirm:$false


Disable MapsBroker in Powershell

Problem is now fixed, and this annoying service is off and will not bother you again.

Should I Use KnowRoaming International Mobile Review

Know Roaming Review – Should I Use KnowRoaming Mobile 

Xknowroaming review 750x422 jpg pagespeed ic Hekhny1V49

In one word, NO.

But let me explain why we think the reviews we have read online don’t live up to our experience. 

Firstly, as someone who professionally travels the entire globe and who is a techno geek, data is one of the most important travel tools these days. To look up and book all sorts of things form AirBnB to Uber,, Google Maps and just staying in contact with loved ones.

Getting Data is really still a huge hassle after all these years. Blackberry had the right idea to provide unlimited global packages for their devices world wide, and I personally cannot wait for Elon Must to get his 4,425 satellites up and running giving global coverage of low orbit satellite based data services. I am surprised that Apple or Google etc have not jumped in and lined up the telcos who are still busy ripping people for global data. They will end up wishing they had global alliances once something else comes online. Anyway I digress.

KnowRoaming has a good idea. They tap into the alliance of roughly 50-60  normal countries that appear to be able to operate in the real world and have some reasonable deals. The countries are sort of the ones you would expect. Basically if the telcos operate in a fair and less regulated environment (read western civilised countries) then they are likely on the list. If the countries government or royal highness owns the telcos or chops the hands of thieves off, then they are probably not on the list. (Read 1/2 the world that operates in dictator chaos).

Among the plans is the All You can Eat $7.99 per day for unlimited data. This was particularly appealing to me as I am often in countries for a short period of time.

Mobile Sticker for Roaming

The device I took was the sticker that you put easily on your sim card that gives your extra function while away form your normal carrier. No problems with the sticker and applying it.

The KnowRoaming App and Service

The issues I have are with the KnowRoaming App. The app controls the management of data access while in other countries. The idea is that you power it up while in the roaming countries and select the plan you wish to use. The failures of the app are this.

1. Unintuitive not user Friendly. – The app needs to install profiles on the iPhone to set up local data access. This part I can handle. Installing profiles are like installing certificates on a phone. A little odd at first, but once you get the idea of it, then not to bad. But the really unfriendly part is that you activate data on the home screen, but the app then needs to download the local roaming profiles to get the plans available locally. At times the connection download rate to get this data is so bad that the app does not find the data you need. Then you are left with an activated connecting that is using your data at a huge rate, and charing you normal crappy connection rates because you have not activated the daily plan. On more than one occasion I used all my credit before I could get a daily rate activated.

Other times I activated the daily plan, only to instantly loose the connection for a period of time. Then to find out that the activation did not take and I was again using all my credit when connection returned.

2. Reliability – Very poor at best. Because of this switching of profiles and presumably the providers of choice in the countries being forced for connection on once activated. I often found I was in a location like an airport with great reception. As soon as I activated the mobile data in the KnowRoaming app, and turned the Roaming Data on in the phone settings, I lost my connection all together to the telcos. No signal. Frustrating as hell when you need to get something done.

3. Data Priority – As you would expect with data roaming services, the telcos in the country you are traveling will give you low priority on their networks for data. This is understandable and even though the services are 3G only and you are most likely connecting to 4 G capable networks, I did find that at peak times (like the time of day you would book an Uber, Taxi, Hotel or AirBnB.) The series is so slow that you can’t get anything done at all. Ping tests 100 times slower than normal connection. Can’t even get to a google home page. Totally useless.

4. Average support – While contacting support gets you reasonably quick responses via email. You do need to have data to get email. What’s APP is free data, which leads the question. Why not enable free data for their APP and offer in app communications. As it stands you need the App to work to get support on getting the App to work. Crazy right!


On the two occasions that I contact support advising that my entire balance had been eaten up in a manner of minutes. I was once refunded the money when I advised that I was a new customer and just did not get the interface for the app to activate the daily plans. And in this I will restate that the App really is not user friendly at all. They really need to force choice options on you as you activate to say… hey use all your credit in minutes or using one of the normal persons options to roam all day. 

The other time I experienced the “There Goes All yYour Credit” in a few minutes issue. Was as a result of the loss of connection then subsequent re-connection unbeknown to me a short time later. So my phone sat doing what my phone does, downloading email etc. All the time I believed I had no connection and was waiting to get WiFI access to sort out why I had no carrier signal after activating data.

I contact support with this second credit suck, and they pretty much said.. “Yep there goes your money, here is how to top up again”. As if I would put another cent into a services that just sucked down every penny I just fed it and gave me nothing in return.

So in summary… Reasonable Process, Quick Response to Support, Very Average App, Very Unreliable, at times Unusably Slow, Average Support Response. Stay Away from KnowrRaming

Note that these are just my experiences and subsequently my opinion of the service. I probably may have had better experiences had I received better support the second time I had major credit suck. I do have work colleagues that use the services and sewer by it, but once bitten twice shy. They had the opportunity to turn me into a happy customer, and it was as simple as a “sorry, here is your credit back”.

How Install Disk Cleanup Tools Windows 2012 or Windows 2016

Install Disk Cleanup Tools Windows 2012 or Windows 2016 Server.

Installing the function to clean your disk, requires that you install the Desktop Experience module from the Windows Feature list. 

Install Disk Cleanup on Windows.png

1. Open a PowerShell with Administrator rights.

2. Exercute:

Import-Module ServerManager

Install-WindowsFeature Desktop-Experience



That’s it. A Reboot of the Computer is required.

Outlook Slow and Unresponsive wiht MAPI over HTTP to Exchange 2016

Outlook Slow and Unresponsive wiht MAPI over HTTP to Exchange 2016 Server

In our case the versions in question were found to be:

Outlook 2013 connecting to Exchange 2016 with MAPI over HTTP enabled.

Reported Problems

The user reported that outlook was slow to open email, and unresponsive with searching in outlook.

The CTRL right click on the Outlook connection icon (bottom right) showed the connection was made with HTTP

iMAP over HTTP


The Problem

It is reported that MAPI over HTTP which is a newer connection method of laterExchange servers and potential better and more reliable for devices connecting has some unreliabilities in some instances with earlier version of Outlook.

Our testing shows that later outlook versions and the Mac versions of outlook have no troubles at all.

The Solution

IN Exchange 2016 it is possible to disable MAPI for a users mailbox. The issue this may have is that they could have other more recent devices such as phones and tablets that are enjoying the advantages of MAPI over HTTP.  So rather than turning off MAPI for all their devices at the exchange server end. It is preferable to disable the connection on that users computer only.

This can be easily done using regedit.

Disabling MAPI over HTTP with Regedit

  1. Log on to the proxy client where you installed the agent.

    Use the credentials for the Windows account that you defined in the agent properties.

  2. In Windows on the client computer, click Start, and then type regedit in the Search programs and files box.
  3. Press Enter. 

    The Registry Editor appears.

  4. Expand HKEY_CURRENT_USER > Software > Microsoft > Exchange.
  5. Right-click Exchange, and then click New > DWORD

    A new DWORD entry appears in the right pane.

  6. Right-click the new DWORD entry, and then click Rename.
  7. Type MapiHttpDisabled.
  8. Right-click the MapiHttpDisabled entry, and then click Modify

    The Edit DWORD Value dialog box appears.

  9. In the Value box, type 00000001, and then click OK.
  10. Close the Registry Editor.
  11. Verify that the protocol has been changed to RPC over HTTP. 
    1. Restart Microsoft Outlook.
    2. Press Ctrl and right-click the Microsoft Outlook icon in the notification area at the far right of the task bar.
    3. Click Connection Status

      The Microsoft Exchange Connection Status dialog box appears.

    4. Verify that the value in the Protocol column is RPC/HTTP.
    5. If the value is HTTP, delete the Microsoft Outlook profile, and then recreate it.

Disable MAPI over HTTP using .reg file.

1. Download this file:

2. Unzip the file

3. Double open the MAPIoverhttp_disable.reg file and it will add the above change for your.

Disabling MAPI over HTTP using Command Prompt.

1. Click Start RUN

2. Type CMD then hit ENTER.

3. Type or paste: REG.exe Add HKCU\Software\Microsoft\Exchange /V MapiHttpDisabled /T  REG_DWORD /D 0x1 /F
(Note that the above is one line that may wrap)

Disabling MAPI over HTTP using PowerShaell

We can retrieve the current configuration using the first two commands, whilst the third one disables MAPI/HTTP and the final command enables MAPI/HTTP:
Get-Item HKCU:\Software\Microsoft\Exchange
Get-ItemProperty -Path HKCU:\Software\Microsoft\Exchange -Name MapiHttpDisabled | select MapiHttpDisabled | Ft –AutoSize
New-ItemProperty -Path HKCU:\Software\Microsoft\Exchange -Name MapiHttpDisabled -PropertyType DWORD -Value “0x1” –Force
New-ItemProperty -Path HKCU:\Software\Microsoft\Exchange -Name MapiHttpDisabled -PropertyType DWORD -Value “0x0” –Force

(Note that the above are all one line that may wrap)


Testing When MAPI/HTTP Disabled

For reference, Outlook 2010 connection information is show.  Note that MAPI/HTTP is being used:

Outlook 2010 Connecting Using MAPI/HTTP

After disabling MAPI/HTTP using one of the above methods, reg.exe or PowerShell, we can then look to see how Outlook is connecting.  Note that you may have to wait for Outlook to perform an Autodiscover request and automatically update itself, or alternatively run a profile repair to force a full Autodiscover.  Deleting the Outlook profile would also force the change, but that is not recommend in production unless it is the last resort.  Deleting Outlook profiles causes OAB downloads, OST downloads, possibly adding PST files back into the profile and may also impact mobile devices.

In the below screenshot we can se that the client is now kicking it old skool.  The protocol type has changed, and there is now a proxy server specified. This was taken after restarting Outlook.

Outlook 2010 With MAPI/HTTP Disabled


Enabling Via Command Prompt

To allow MAPI/HTTP remove  the MapiHttpDisabled DWORD, or set it to a value of 0 as shown below:

REG.exe Add HKCU\Software\Microsoft\Exchange /V MapiHttpDisabled /T  REG_DWORD /D 0x0 /F

(Note that the above is one line that may wrap)

Windows PowerShell Module you receive NotSpecified: (:) [Import-Module], FileLoadException

Windows PowerShell Module you receive NotSpecified: (:) [Import-Module], FileLoadException

This is a typical error for Modules that have been downloaded from the internet and are not given permission to run on the computer.

The solution

Really Easy. 

Open PowerShell

Navigate to the directory in the error message that contains the Module you intend to run. Running a command like:

cd C:\Users\administrator\Documents\WindowsPowerShell\Modules\ACMESharp\

Then Run the Command: 

Get-ChildItem . | Unblock-File

This will set the module files to be able to be used by PowerShell

That’s it. Now the module should run fine.

LH Pilot – 9.2.02

Update 9.2.02


– We have found and improved some of the Decode Weather code that struggled with certain specific locations that publish non standard METAR and TAF data.


– New pattern recognition code that better handles non standard WX information for decode.

– Added Variable Winds Decode.

– Variable Visibility Decode.

– Recent SX WX Decode

– Sea Status in WX Decode


As it turns out, the decoding of weather world wide is rather complex. It is surprising just how many countries have their own format and data sets. Russia with Runway snow and braking information, temperate in different units, QNH, auto machine forecasts to name a few. We hop that any inaccuracies are reported via the feedback within the app, and screen shots.

LH Pilot – 9.2.01

Update 9.2.01


– Improved the retrieval of Weather TAF and TTF in multi thread and multi station simultaneous download.


– This release includes decode information for TTF METAR and TAF data on a worldwide scale.


As it turns out, the decoding of weather world wide is rather complex. It is surprising just how many countries have their own format and data sets. Russia with Runway snow and braking information, temperate in different units, QNH, auto machine forecasts to name a few. We hop that any inaccuracies are reported via the feedback within the app, and screen shots.


Team Foundation Server 2017 HTTP code 413: Request Entity Too Large

Team Foundation Server 2017 HTTP code 413: Request Entity Too Large

While working with a new out of the box TFS 2017, the following error was given when uploading files that were 11 MEG. Not particularly big, but hay this is Microsoft. I say this having wasted a lot of time trying to get the RTM version of TFS 2017 to work, only to find out that web site login is broken out of the box, and SP1 fixed my issues. (Back to the Balmer days!).

Anyway the configuration we are using that would appear to make a difference here is that we took on the Microsoft suggestion at setup to use HTPS and SSL. So using the self signing certificates forcing the SSL connection, we find that the out of the box setup for Team Foundation Server 2017 with SP1 installed has this error on large file upload.

The FiX

  • Open IISNavigate under Team Foundation Web Site
  • Scroll down to Management and open Configuration EditorSelect following section (drop down at the top) system.webServer and expand it,
  • then locate serverRuntimeyou’ll
  • find there the current value of uploadReadAheadSize value, which you can change. We found that the default value was 49512 – We changed it to: 89152 
  • HTTP code 413: Request Entity Too Large
  • Apply your changes in the top right
     Screenshot 2017 04 19 18 27 59
  • Then in a command prompts – Ran “iisreset”
  • Problem fixed

Get-CrmSetting : The term 'Get-CrmSetting' is not recognized as the name of a cmdlet


While trying to run the OAuth provider setup in Microsoft Dynamics CRM, to configure among other things the Post-instillation setup to allow connectivity by devices and applications. I was banging my head on a problem following the instructions:

Configure the OAuth provider


Follow these steps to configure the OAuth provider in Microsoft Dynamics 365.

  1. Log on to the Microsoft Dynamics 365 server as an administrator.

  2. In a Windows PowerShell console window, run the following script.

    $ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings
    $ClaimsSettings.Enabled = $true
    Set-CrmSetting -Setting $ClaimsSettings
Found on this page: 
I was getting in the Power Shell: 
PS C:\Users\administrator.FSERVER4> $ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings

Get-CrmSetting : The term ‘Get-CrmSetting’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if
a path was included, verify that the path is correct and try again.
At line:1 char:19
+ $ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings
+ ~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-CrmSetting:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

Driving me nuts!


The Fix

Turns out from these instructions found here:

That an additional step is required:

Dynamics 365 server setup


To configure the Dynamics 365 server to enable federated claims, follow these steps.

Configure claims settings

  1. Log on as administrator on the Dynamics 365 server that hosts the deployment service role and open a Windows PowerShell command window.

  2. Add the Dynamics 365Windows PowerShell snap-in (Microsoft.Crm.PowerShell.dll). More information: TechNet: Administer the deployment using Windows PowerShell

    Add-PSSnapin Microsoft.Crm.PowerShell
  3. Enter the following Windows PowerShell commands.

    $ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings
    $ClaimsSettings.Enabled = $true
    Set-CrmSetting -Setting $ClaimsSettings
 Note the step 2: 

Add-PSSnapin Microsoft.Crm.PowerShell

Now it works!

Screenshot 2017 01 10 14 36 47

Microsoft CRM IFD The SSL certificate does not contain all UPN suffix values that exist in the enterprise – Cannot Login

Cannot Login to a Previously working Microsoft CRM IFD

A previously working IFD deployment of CRM 2016 (but could be CRM 2015 or CRM 2013). About 1 year after you set the system up, you start receiving: An error has occurred. 
Try this action again. If the problem continues, check the Microsoft Dynamics CRM Community for solutions or contact your organization’s Microsoft Dynamics CRM Administrator. Finally, you can contact Microsoft Support.

When researching this error, we suspected what it was, and related to an article we covered here:

However we never found and EVENT ID 1309 or anything close to that in our logs. The closest error we found (and we are not even certain that it was pointing as a result fo this problem) was the error:  EVENT ID 415

The SSL certificate does not contain all UPN suffix values that exist in the enterprise.  Users with UPN suffix values not represented in the certificate will not be able to Workplace-Join their devices.  For more information, see

The Problem

This problem arises from a Certificate Rollover that the ADFS server does about 1 month out from your 1 year anniversary. The problem is that the ADFS certificate rolls over, but the CRM configuration does not pickup that new certificate.


The Fix

o locate your ADFS Certificates, navigate to the ADFS Console. Under “Service”, click on “Certificates”, where you will find a Primary and Secondary certificate. If the current date is close to the date of your Primary certificate “Effective Date”, it’s safe to assume that this is the underlying issue.


To resolve this issue:

1. Navigate to the ADFS Console >> Trust Relationships >> Relying Party Trusts.
2. Right click on the trust and select “Update from Federation Metadata…”
a. If there are two trusts, do them both. This may be a case where you have one for Internal and External.


3. Open Command Prompt. Be sure to right-click and “Run as Administrator”.
a. From within CMD, type “iisreset”.


4. Open “Services” and restart the “ADFS” service.


a. If ADFS does not start, be sure to check the “Windows Internal Database” service and make sure it is started, and then try restarting the ADFS service.

If these initial steps do not resolve your issue for any reason, continue with the following steps below:

5. Navigate to “CRM Deployment Manager”.
a. Run “Configure Claims-Based Authentication” wizard, upper right hand corner.
b. Click “Next” all the way through the wizard, nothing needs to be changed here.


6. Run “Configure Internet Facing Deployment” wizard.
a. Click “Next” all the way through the wizard, nothing needs to be changed here either.


7. Now, perform Steps 1-4 again as outlined above.
a. Update Federation Metadata
b. IISReset
c. Restart ADFS Service

Your users should be able to log-in to Dynamics CRM again. I hope you find this helpful and that it resolved your issue.

Outlook Mac Office 365 Sorry, we're having server problems, so we can't add Office 365 SharePoint right now. Please try again later"

Outlook Mac Office 365 Sorry, we’re having server problems, so we can’t add Office 365 SharePoint right now. Please try again later”

For no particular reason you end up with an error message: Outlook Mac Office 365 Sorry, we’re having server problems, so we can’t add Office 365 SharePoint right now. Please try again later”


This starts to ask you for two or three factor authentication on your email accounts that are based on Office 365 product. My issues started December 2016

we can't add Office 365 SharePoint right now

To Resolve this error:

1. Make sure you have quitted Outlook and other Office apps. Go to KeyChain Access 

Outlook Not Connecting to Office 365 Mac

2. Search “Exchange” under Login –> All Items and delete everything 
3. Search “Office” and delete everything 
4. Search “ADAL” and delete everything  
5. Launch Outlook 
6. You will get the activation prompt.  If the account is already added, you will see the password prompt for app and ADAL again. Please do 2-Factor Authentication if asked. And then you should be able to login.

Cannot be sure what changed at Microsoft end to cause this, but obviously it is related to certificates. 

Microsoft CRM global search fails causing in-line search SQL error

CRM in-line search fails with SQL error

After upgrading Microsoft CRM from earlier versions we found that the global search function when enabled failed to return any results, and once the index for the global search had run over a 24-hour period, the in-line search function for any entity would cause a crash and SQL error message to be displayed on page.

The problem

In our particular instance this CRM environment had been upgraded from much earlier versions of CRM and included an attempt to solve some upgrade issues by dropping indexes. Initially our thoughts were that the dropping of the indexes were responsible for the problems. However it appears retrospectively that was a fragmentation of indexes that cause the issue. I cannot be exactly sure why the maintenance procedure that is run on the SQL Server did not rebuild and reorganise the indexes sufficiently that the global social function. However the following solution did work for us.

 We had pretty much followed the recommendation of this discussion forum.

The Solution

After submitting a support ticket to Microsoft they requested us to:

  • Run following command on CRM database to check fragmentation percentage:


SELECT object_id AS ObjectID,  index_id AS IndexID, avg_fragmentation_in_percent AS PercentFragment,

fragment_count AS TotalFrags, avg_fragment_size_in_pages AS PagesPerFrag,  page_count AS NumPages

FROM sys.dm_db_index_physical_stats(DB_ID(”), NULL, NULL, NULL , ‘DETAILED’) WHERE avg_fragmentation_in_percent > 0 ORDER BY ObjectID, IndexID



  • In case the fragmentation percent is more than 25-30% we have to rebuild the indexes.


  the reference provided by Microsoft was helpful, but not as helpful as we would have liked. We ended up running the following query that automatically rebuilt all the indexes.

DECLARE @fillfactor INT
SET @fillfactor = 80
SELECT OBJECT_SCHEMA_NAME([object_id])+’.’+name AS TableName
FROM sys.tables
OPEN TableCursor
FETCH NEXT FROM TableCursor INTO @TableName
SET @sql = ‘ALTER INDEX ALL ON ‘ + @TableName + ‘ REBUILD WITH (FILLFACTOR = ‘ + CONVERT(VARCHAR(3),@fillfactor) + ‘)’
Exec (@sql)
FETCH NEXT FROM TableCursor INTO @TableName
CLOSE TableCursor


After doing this, we were then able to turn on the global search and weight the relevant period of time for it to complete the indexing. It appears to have fixed our problem with both global search returning valid results, and in-line search no longer broken when global search was unable.

ZenDesk to Microsoft CRM integration password change

Changing your password in ZenDesk may affect your Microsoft CRM integration

 if you are to upgrade or change the password that you utilise in your ZenDesk system for the account that has been set to synchronise data with the Microsoft CRM platform, you will notice that the synchronisation may not function correctly or may only perform a one-way synchronisation. 

You will remember from the instructions that you likely followed in your initial configuration:  

 that part of these configuration settings is to set up your password and username in the SETTINGS / ZD Personal Settings –  area of your Microsoft CRM system.

 Below is an extract from the vendor’s configuration portal found here

Step 2: Setting up new security roles

The Zendesk integration introduces two new security roles to Microsoft Dynamics CRM that must be assigned before you can proceed to the next step:

  • Zendesk – Read configuration settings – grants the user  access to Zendesk ticket details in read-only mode  To gain access to create/edit Zendesk tickets functionality directly from Microsoft Dynamics CRM, these users must have a valid Zendesk liecense and enter their own personal Zendesk credentials on the ZD Personal Settings page.
  • Zendesk administrator – grants access to the global Zendesk Settings page and the Zendesk Entity mappings .  Have full access to create/edit Zendesk tickets directly from Microsoft Dynamics CRM.

By default, all users can view Zendesk ticket information in Microsoft Dynamics CRM if the panels are enabled.

To enable the roles, do the following:

  1. In Microsoft Dynamics CRM, select Settings System Administration Users .
  2. In the Users page, click New if you need to add new users. 
    If you are editing a list of existing users, select the user you want to modify and click on the Manage Roles button.
  3. In the Add Users dialog box, select the role for the group you want to configure. 
    The two new roles created by the Zendesk integration are at the bottom. Click Next to select and assign the users to a particular role and to send email invitations.  Make sure you give yourself the Zendesk administrator role for now so you can complete the setup.

Users are now configured to use the Z endesk for Microsoft Dynamics CRM integration!  If you have pre-existing users, you can simply add the appropriate roles to each of your uses.

Note: For users with the Zendesk – Read configuration settings permission, they can individually add their own credentials by navigating to Settings->ZD Personal Settings in Microsoft Dynamics and clicking the New button to add credentials. Enter the Zendesk User ID andPassword then save the record and it will be applied when they access Zendesk tickets. The password will be encrypted so others cannot see the value. 

InteractiveWebs Email (smartermail) With Mac Mail Exchange Connection

Mac Mail using Exchange Connection to SmarterMail InteractiveWebs

To Set up your mac mail with and Exchange Connection using Mac Mail you will need to follow these instructions carefully.

  1. On your Mac, open System Preferences.
    Screenshot 2016 05 04 10 58 55
  2. Click Internet accounts.
    Screenshot 2016 05 04 10 59 24
  3. Click Exchange.
    Screenshot 2016 05 04 10 59 58
  4. Complete the display name, full email address and password fields.
    Screenshot 2016 05 04 11 00 36
  5. Click Sign In.
  6. Ensure that you’re email address is et for your User Name, and Type the internal and external URL to read: 2016 05 04 11 02 08
  7. Click Sign In.
  8. An account summary screen will display. You can select or unselect any features that you do not wish to sync.
    Screenshot 2016 05 04 11 04 48
  9. Click Done.
  10. Click Add Account.

DNN – Hide a Page from the Menu

To Hide a DNN Page from the Menu

Note: This page will still be available to those who know the URL of that page (if for example you had put the page in a news letter).

Select Edit / Page Settings

Screenshot 2016 03 15 06 26 56


Page Details / Unselect the Include in Menu Option

Screenshot 2016 03 15 06 29 26

Update Page

The Page will no longer appear in the menu system. It can still be hit with the permissions that have previously been set.

Alternatively – To Change Permissions on the page to hide and stop access: