About Ayo Dada

Hello and Welcome to Ayo Dada’s Blog. I’m an Architect focusing and specializing in Microsoft Cloud Identity, Hybrid Cloud or Mobility and Security for Enterprise Infrastructure and cloud management. Lately, I have been focusing on Microsoft Azure Active Directory Premium and all its major features On-premises infrastructure integration, User accounts, Devices, Partner collaboration, Customer account management, Application integration, Administration. you will find my blog will show best practice set up. Specifically Microsoft Azure Active Directory Premium and all its major features On-premises infrastructure integration, User accounts, Devices, Partner collaboration, Customer account management, Application integration, Administration and SCCM 2012 R2 Infrastructure like Primary Site, Secondary Site, Distribution Points, Management points. My blog also focuses on best practice setup for SCCM OSD/MDT. I will also share notes from the field, working with applications and packages, Software Updates patch management solutions, Operating System Deployment like Windows 8.1 and Windows 10. Including SCCM cloud integration with Windows Azure and Windows Intune. Other areas like Active Directory, GPO, Windows Server 2012 R2, SQL Server tailor-made for Azure Active Directory connect, SCCM 2012 R2 will also be shown. I have been involved in several IT solutions centered around modernization, cloud Migration, and Deployment of OS and Applications during various transformation Projects in both the Public and Private Sector. I enjoy working in an environment where excellence is really expected. I believe what makes or creates that environment and truly makes it great is to be open when [the work] is not great. My best contribution is not settling for anything but good stuff, in all the details. That is my job — to make sure everything is great. I am a Microsoft Cloud Architect specialize in Cloud Identity, Hybrid Cloud or Mobility and Security for Enterprise Infrastructure and cloud management. I am passionate about technology and have an insatiable drive for learning. If you are thinking of implementing a Microsoft Cloud Identity, Hybrid Cloud or Mobility and Security solution for Enterprise Infrastructure and cloud management in your environment, let me help guide you to success!

The Connector Update Service failed to check for an update. If this error persists, please use the following link to verify that all necessary ports are open in your firewall: https://go.microsoft.com/fwlink/?linkid=843463. For more details, please see our troubleshooting page: http://go.microsoft.com/fwlink/?LinkID=512316&clcid=0x409. Additional details: ‘Unable to connect to the remote server’.

Hi Guys,

I have been working with Microsoft Azure AD Application Proxy connector lately to publish Applications in the Azure and I came across an issue that although the Microsoft Azure AD Application Proxy connector was installed and running on the on-premise server, it was not fully functional with the Microsoft Azure AD Application Proxy portal.

Error location: Event Viewer> Applications and services logs>Microsoft>AadApplicationProxy>Updater

Error log: The Connector Update Service failed to check for an update.
If this error persists, please use the following link to verify that all necessary ports are open in your firewall: https://go.microsoft.com/fwlink/?linkid=843463.
For more details, please see our troubleshooting page: http://go.microsoft.com/fwlink/?LinkID=512316&clcid=0x409.
Additional details: ‘Unable to connect to the remote server’.

 

 

 

Root cause: once you install the Microsoft Azure AD Application Proxy connector, its adds 2 Services to your host server the Microsoft AAD Application Proxy Connector and the Microsoft AAD Application Proxy Connector Updater.

 

However it appears that the Microsoft AAD Application Proxy Connector Updater service requires access to the Service Bus control channels that the connector service uses also require connectivity to specific IP addresses. This is the official line from Microsoft until Service Bus moves to an FQDN instead. My client was not happy but here are the options to resolve the issue.

Solution: There are two solutions

  • Configure connectors config to bypass your on-premises outbound proxies.
  • Configure connectors config to use an outbound proxy to access Azure AD Application Proxy.

This is the official Microsoft Link for Configuring both options: Application-proxy-working-with-proxy-servers

However what I found was that you are better off using a bit of both during the installation of the Azure AD Application Proxy connector because most proxy solution like Bluecoat, you can whitelist the URLs but not the IP range.

Actually more Urls popped up than Microsoft has listed because the Urls keep bouncing from one domain to another which is secure but hard to manage.

  1. //management.azure.com/
  2.  //*.azure.com/
  3.  //*.microsoftonline.com/
  4.  //login.microsoftonline.com/
  5.  //login.windows.net/
  6.  //*.microsoft.com/
  7.  //portal.azure.com/
  8.  //www.microsoft.com/
  9.  //microsoft.com/
  10.  //symcb.com/
  11.  //ocsp.verisign.com/
  12.  //crl.verisign.com/
  13.  //symcd.com/
  14.  //*.msappproxy.net/
  15. //*.servicebus.windows.net

Once you verify that the Connector services has installed successfully and Running.

Check that both Service have installed

 

 

 

 

 

 

 

 

Then you need to Allow the connector outbound access to Azure datacenter IP ranges. from your Azure Application Proxy connector server only for Security reason obviously.

Only then will the Azure AD Application Proxy Connector work with the Azure AD Application Proxy service.

“WARNING: Failed to load reporting information from Win32_ComputerSystem with hr = 80041010 and WARNING: Failed to load reporting information from Win32_BiosProperties with hr = 80041010”.

Capture

So I naturally tried to access Win32_ComputerSystem WMI class using a Wbemtest but I was getting an Invalid class error

 

Capture

Capture

Capture

Capture

Capture

This looked like a corrupt WMI repository.
use CMD to run command
net stop winmgmt
select Yes or Y
sc config winmgmt start= disabled
cd %windir%\system32\wbem
for /f %s in (‘dir /b *.dll’) do regsvr32 /s %s
for /f %s in (‘dir /b *.mof’) do mofcomp %s
wmiprvse /regserver
sc config winmgmt start= auto

give it a few minutes to complete then restart server.

VBS script can also be used this cover the entire C:\ drive

Create a RebuildWMI.vbs file then copy and paste the following script give it a good 15 minutes.

set osh = createobject(“wscript.shell”)
set fso = createobject(“scripting.filesystemobject”)

ret = osh.run(“sc stop iphlpsvc”,0,true)
ret = osh.run(“sc config winmgmt start= disabled”)
ret = osh.run(“sc stop winmgmt”,0,true)

bp = osh.popup(“Service stop returned ” & ret & “. Continue?” & vbcrlf & vbcrlf & “Ensure that WMI has stopped before continuing”,,”Continue?”,33)
if bp <> 1 then wscript.quit

if fso.folderexists(“c:\windows\system32\wbem\repository.old”) then
fso.deletefolder(“c:\windows\system32\wbem\repository.old”)
end if

if fso.folderexists(“c:\windows\system32\wbem\repository”) then
set rfol = fso.getfolder(“c:\windows\system32\wbem\repository”)
rfol.name = “repository.old”
end if

set rfol = fso.getfolder(“c:\windows\system32\wbem”)

for each fil in rfol.files
if right(lcase(fil.name),4) = “.dll” then
osh.run “regsvr32 /s “”” & fil.path & “”””,0,true
end if
next

ret = osh.run(“sc config winmgmt start= auto”)
ret = osh.run(“sc start winmgmt”,0,true)

bp = osh.popup(“Service start returned ” & ret & “. Continue?” & vbcrlf & vbcrlf & “Ensure that WMI has started before continuing”,,”Continue?”,33)
if bp <> 1 then wscript.quit

set rfol = fso.getfolder(“c:\”)

recur rfol

Msgbox “WMI rebuild complete. Reboot server”

sub recur(fol)
on error resume next
if lcase(fol.name) <> “system volume information” and lcase(fol.name) <> “recycler” and lcase(fol.name) <> “boot” and lcase(fol.name) <> “$recycle.bin” then
for each fil in fol.files
if right(lcase(fil.name),4) = “.mof” or right(lcase(fil.name),4) = “.mfl” then
osh.run “mofcomp “”” & fil.path & “”””,1,true
end if
next
for each sfol in fol.subfolders
recur sfol
next
end if
end sub
Run the script at every prompt give a good 15 minutes before it completes the process

have a look at windowsupdate.log file again and it should be sweet with no errors