When installing MIM 2016 on Windows Server 2022, you encounter an error:
The code execution cannot proceed because MSVCR120.dll was not found. Reinstalling the program may fix this problem.
Install the Visual C++ Redistributable Packages for Visual Studio 2013 from the Microsoft Download center.
Issue: when opening Outlook and afterwards on a regular intervals afterwards, Outlook keeps prompting for a password multiple times (x5 or more), even when the password is correct.
The error/connection message is sent to the desktop foreground on top of other applications.
Even when the password is ok, the message is thrown again multiple times, when the Outlook client is checking for mail, at certain intervals…
[Solution Spoiler = configure the registry to enable ExcludeExplicitO365Endpoint, but there might be other options for your case…]
In this specific situation, the products below were involved. The issue might also apply to other versions
In this case, the issue was related to connecting to a functional/shared mailbox.
Connection to the personal mailbox was working fine, at first sight.
In this particular case, the PC was not connected to the domain of the Exchange server.
But also important connection on Outlook from domain joined PC is ok, no reconnection message.
[More on this at the end of the article, as the domain client had specific GPO policies configured, …]
Outlook connected to multiple mail accounts (so removing Outlook completely, was not really an option…)
Connecting the same account on a smartphone, works fine.
No explicit error message but you get a window with
“Windows security
Microsoft Outlook
Connecting to <… mailbox …>
Remember my credentials”
WARNING:
you might end up with a locked user account if you enter the wrong credentials by accident while outlook keeps popping up the password request. Better double check your password and better NOT enter it again, or change it in the password request. But you’ll get this request multiple times in a few seconds, that it can be quite annoying to get past it.
Create a new Outlook profile (do NOT remove the existing Outlook profile) and add ONLY the problematic account. Set it to ONLINE mode (disable caching mode)
You can manage this option via Control Panel > mail
Alternatively, when reinstalling the mail account in outlook, disable the option “Use cached Exchange Mode to download email to an Outlook data file”.
When Outlook is active, you’ll find an Outlook icon in the task bar…
To check the Outlook connection status you need to hold the CTRL button and then right click on the Outlook icon.
Then click “Connection Status…”
Check if you see the personal mailbox and shared mailbox connection.
When Outlook is active, you’ll find an Outlook icon in the task bar…
To check the Outlook connection status you need to hold the CTRL button and then right click on the Outlook icon.
Then click “Test Email AutoConfiguration…”
In the menu enter the mail address of the target mailbox, in this case it’s a share mailbox with a specific mail address.
Very likely you’ll see a bunch of autodiscover failures like:
You can collect a network log with Fiddler or other network sniffer
Source: Outlook 2016 implementation of Autodiscover
This applies to 2016 2019 etc… as well.
The policy values that are defined the Autodiscover Process section can be either policy-based registry values or non–policy-based values. When they are deployed through GPO, or manual configuration of the policies key, the settings take precedence over the non-policy key.
Non-Policy Key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover
Policy Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\AutoDiscover
Each value is of type DWORD.
So to exclude Office365 checking point we add following key:
ExcludeExplicitO365Endpoint and set the value to 1.
This setting is registry for client only.
Outlook will skip checking Office365 Endpoint for Autodiscover.
If you have already configured XML autodiscover it should not affect the existing setting as the information are stored in this XML file locally anyway so Outlook will know how to connect.
Outlook as priority always prefer local XML configuration. Then in case it cannot obtain certain data goes to another check point. So apart from first two steps Outlook 2016 implementation of Autodiscover (microsoft.com) there are checking points we can configure how Outlook should obtain certain information. We can disable them or force them.
You can give it a try if this won’t work as desired you can always revert the changes.
Always make a copy of your registry before you change anything in the registry.
There is no really any other way from the client perspective.
In our case we can see many redirections and autodiscover failures. Not sure why, looks like Outlook refers to some old data or old domain URLS or cannot obtain properly Autodiscover configuration file and it is trying different combinations to guess which link for Autodiscover is working.
Once it calls for HTTPS Autodiscover of the correct link it gets timeouts… which might also indicate firewall issue or something.
Then it tries unencrypted HTTP and it succeeds. Now it redirects to Autodiscover configuration link. But it takes a few attempts to get there.
That’s why you get multiple popups of the error message / or the password prompt.
The mail administrator had following options configured already:
Setting the options for
Published at: .Net Framework 3.5 Troubleshooting: installation errors (Permission issue)
.Net Framework 3.5 installation fails on Windows Server 2016
Tried many solutions like below
See:
MIM 2016 Troubleshooting: The installation just hanging without error, warning, log, Event-log
See:
Windows Server 2012 R2 Troubleshooting: .NET Framework 3.5 installation failure (Offline/Online)
See:
.Net Framework 3.5 Troubleshooting: installation errors (GPO)
Grant read permission to the Everyone group on the installation files.
Important
When you are installing feature files from a remote source, the source path or file share must
grant Read permissions either to the
Everyone group (not recommended for security reasons), or to the computer (local system) account of the destination server; granting user account
access is not sufficient.Servers that are in workgroups cannot access external file shares, even if the computer account for the workgroup server has
Read permissions on the external share. Alternate source locations that work for workgroup servers include installation media, Windows Update, and VHD or WIM files that are stored on the local workgroup
server.
Published on TNWIKI:
This issue was initially reported by
Guy Horn on LinkedIN, republished with permission.
When you try to install MIM, it continuously fails.
You can’t add .NET Framework 3.5.
The installation was just hanging without error, warning, log, Event-log
The problem was that some features were removed from the Windows Server Image.
NetFx3 should be specified and not ‘Net-Framework-Core’.
After re-adding the feature just ‘Add-WindowsFeature Net-Framework-Core’.
Run this PowerShell command, to find the removed features
|
# This command shows removed items from the Windows Azure Server 2016 Datacenter image. Get-WindowsFeature |
|
# This command restores the optional feature, MyFeature, to the Online Windows image. If the files are not found in the source image, this command specifies not Enable-WindowsOptionalFeature |
|
# Add the feature Add-WindowsFeature |
|
# This command shows removed items from the Windows Azure Server 2016 Datacenter image. Get-WindowsFeature
# This command restores the optional feature, MyFeature, to the Online Windows image. If the files are not found in the source image, this command specifies not Enable-WindowsOptionalFeature
# Add the feature Add-WindowsFeature |
Did you ever got a mail from yourself, but you’re sure you did not send it?
This week I got that mail from a mail alias I’m using, so it’s actually not a native mailbox, but a mail forwarder address, which makes the claim that “the mailbox is hacked” pretty silly…
But if you got this message from a native mailbox, it does sound scary, isn’t it?
I already had some similar symptoms on other mail addresses in the same domain.
You get a mail from your own mail address… which is called mail spoofing.
And it looks like:
Hi!
As you may have noticed, I sent you an email from your account.
This means that I have full access to your account.I’ve been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.I also have access to all your contacts and all your correspondence.
Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.If you want to prevent this,
transfer the amount of $778 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).My bitcoin address (BTC Wallet) is: 1GoWy5yMzh3XXBiYxLU9tKCBMgibpznGio
After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.If I find that you have shared this message with someone else, the video will be immediately distributed.
Best regards!
The DNS setting of your domain is missing SPF records, that counter mail spoofing (an unauthorized mail server, user or hacker sending mail as “you”)…
When looking at the mail properties it’s pretty difficult (if not impossible) to find out who actually has sent the mail….
Add an SPF record to your domain DNS settings.
To get started, look up your mail provider or hosting provider’s name + SFP.
FYI, I’m hosting my domains at one.com, they’ve got some straight forward advise to configure the DNS. For any other domain, at any other provider it’s similar.
When you buy a domain, but host your mail on O365, there are some additional settings to configure. But Office 365 will explain.
The easy part, logon to your O365 tenant, and check your domain health (see video below)
For more info, check these documents:
Other security options
Hotmail/Outlook.com Solving Mass Mailing Delivery Issues
Short URL: Http://aka.ms/outlook.com/help
While SPF is the first step, you should also consider DMARC and DKIM.
Latest update: 2020-12-28
On TNWiki you’ll find my latest article on MIM 2016 troubleshooting.
MIM 2016 Troubleshooting: SQL Connection issues
This week I got (dragged into/) involved in a MIM 2016 performance troubleshooting, on a test / dev server, facing a large bunch of errors.
The first detection happened on the sync server, but apparently rather it’s twin brother was causing the issues.
It became pretty quickly obvious that MIM was not able to connect to (one of) it’s databases on the SQL server, so the sync engine was unable to pull information from the MIM service.
Also bizar, we could still work on the MIM sync GUI, but almost any MA action in the GUI failed…
Furthermore the Portal did not respond and finally the “MIM Service” service, didn’t behave as expected, not willing to start.
The event viewer contained the obvious amount of errors…
Finally, the SQL DBA to the rescue.
I’ve added a lot of significant technical event info into the article, to make it easy to search for you, for later reference.
Read the tech details in: MIM 2016 Troubleshooting: SQL Connection issues
Updated: 2020-12-29
I’ve got a new post up on TechNet Wiki about MIM2016 troubleshooting:
Full version at the TNWIKI: MIM2016/FIM2010 Troubleshooting: Uninstall fails with error – Administrator privileges required
Feel free to add useful information yourself, I’m looking forward to your feedback and cooperation to make it better.
The short version is below.
Rikard Strand 
has published a similar article, which has served as baseline for this article. Rik’s article is focussed on DirSync, but the troubleshooting below is more widely applicable and even programs not related to FIM/MIM/DirSync…
When you try to uninstall or to change the component from the Control Panel > Programs (Uninstall a program), you get a error pop up, saying:
Administrator privileges are required to run installer. Please re-launch installer with administrator privileges.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
In this directory you’ll find the installed programs with their GUID, which is mostly fixed per application.
Eg
And finally, the quick and dirty option is to kill the uninstall registry key before your run the uninstall from the control panel again
Last update: 2020-12-30
Although Microsoft has built in quite some methods to regain access to your 0365 tenant/account, you might have some bad luck one day… (experience talking here)
First of all you should try the default options, meaning : the password reset options.
The direct way to get there is the first link to bookmark: https://passwordreset.microsoftonline.com/
Another way to get there is in the 0365 logon page (also for Azure),
If you forgot your password or can’t access the account, hit the link at the bottom.
You get directed to :
If you know the logon, you can proceed to
You notice that the verification is pointing to your alternative mail address or your mobile number…
But what if you forgot your original logon ID (mail address), eg in case you have setup a test tenant in 0365 with an mail address you don’t use frequently? (yes, that happens)
If that is not working or you need more help, check these options:
And if you really ran out of luck: you might raise a ticket and ask for help. https://portal.office.com/support/newsignupservicerequest.aspx
Anyway, as shown there are some options when configuring 0365 that should keep you out of trouble in the first place
(Last update: 2020-12-31)
Posted at Microsoft Wiki at: https://social.technet.microsoft.com/wiki/contents/articles/54205.windows-10-troubleshooting-numeric-keypad-not-working.aspx
Once they know you do “something with computers”, you can’t escape your family request fixing anything that goes wrong on machines with a CPU, right?
Last weekend a laptop was dropped of with a bizarre symptom: once logged in, the numeric keypad stopped working.
Freshly migrated to Windows 10, a Toshiba Satellite c(something)…
When you quickly search for it on bing/google… you’ll find some hints like
This one got me started, but actually discussed the solution for Windows 7.
” if you have Windows 7, just go to Ease of Access Center >>>>>> Turn on Mouse Keys and make sure it’s unchecked”
Well, how about Windows 10?
First go to Settings.
Find the Ease Of Access
Within Ease of Access, check the Mouse option
In the Mouse settings, check the Mouse Keys settings.
Make sure the option to “use numeric keypad to move mouse around the screen” is disabled/off.
Easy, simple, but this single setting isn’t easily found, as you won’t think about mouse settings.
Certainly, when searching apps, files and settings, and the setting does not show up when typing “numeric” or “keypad”
This post has been published on TNWiki too, and waiting for your input at: MIM 2016 Troubleshooting: FIM MA Full import error 0x80070002
When you try to run an Full import run profile on the MIMMA, you get an error message in the MIM GUI.
Unable to run the management agent.
The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
Log Name: ApplicationSource: FIMSynchronizationServiceDate: 10/17/2016 5:38:58 PMEvent ID: 6309Task Category: ServerLevel: ErrorKeywords: ClassicUser: N/AComputer: SERVER.SUBDOMAIN.AD.ACCEPT.ROOTDescription:The server encountered an unexpected error while performing an operation for a management agent."BAIL: MMS(39888): ..\ma.cpp(3781): 0x80070002 (The system cannot find the file specified.)Forefront Identity Manager 4.3.1935.0"Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="FIMSynchronizationService" /><EventID Qualifiers="49152">6309</EventID><Level>2</Level><Task>3</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2016-10-17T15:38:58.000000000Z" /><EventRecordID>409902</EventRecordID><Channel>Application</Channel><Computer>SERVER.SUBDOMAIN.AD.ACCEPT.ROOT</Computer><Security /></System><EventData><Data>BAIL: MMS(39888): ..\ma.cpp(3781): 0x80070002 (The system cannot find the file specified.)Forefront Identity Manager 4.3.1935.0</Data></EventData></Event>
When you try to stop the run of the MIM MA you get an error.
The option “run the management agent in a separate process” is activated.
Uncheck the option “Run this management agent in a separate process” from the “Configure extensions” item in the management agent properties.
Updated: 2020-12-30
All About Identity And Security On-Premises And In The Cloud - It's Just Like An Addiction, The More You Have, The More You Want To Have!
Complete Identity Orchestration for Microsoft Entra and On Premises Identity and Access
My connector space to the internet metaverse (also my external memory, so I can easily share what I learn)
My connector space to the internet metaverse (also my external memory, so I can easily share what I learn)
My connector space to the internet metaverse (also my external memory, so I can easily share what I learn)
My connector space to the internet metaverse (also my external memory, so I can easily share what I learn)
My connector space to the internet metaverse (also my external memory, so I can easily share what I learn)
My connector space to the internet metaverse (also my external memory, so I can easily share what I learn)
My connector space to the internet metaverse (also my external memory, so I can easily share what I learn)
Identity Underground 
You must be logged in to post a comment.