Software – my world of IT

Renewing a SubCA, the CA just restarts the service without prompting to save the request

Posted on 20 June, 2025 Updated on 20 June, 2025

An interesting problem solved by a simple solution. When renewing the SubCA certificate for an Active Directory Certificate Authority and clicking through the ‘Renew CA Certificate…’ prompt after being asked if you want to keep the current private key or not the CA service simply restarts without displaying the usual CA Certificate Request prompt (as above). The solution – a… Read more

Microsoft Remote Desktop connection – ‘An internal error has occurred’ and ‘The server security layer detected an error (0x80090304)’ event ID 139.

Posted on 17 January, 2024 Updated on 17 January, 2024

An interesting issue that was discovered after deploying security certificates for Remote Desktop Authentication into the TPM of desktop computers and some (physical) servers, after go live with the security certificate clients could no longer connect with the error below being displayed in the Remote Desktop Services log on the server. The server security layer detected an error (0x80090304) in… Read more

FIDO2 Security Key Sign-In to Windows – Your credentials couldn’t be verified.

Posted on 24 February, 2023 Updated on 31 January, 2024

When setting up Passwordless security key sign-in Windows and attempting to sign-in to the first machine you have setup (although it could be any machine!) you may encounter the error: Your credentials couldn’t be verified. (code: 0x000006d, 0x0) This error message appears even though you can sign-in with the key to AzureAD and other web services. The cause is likely… Read more

Ruckus Cloudpath – setting an SMTP server does not allow disabling of CAPTCHA

Posted on 31 May, 2022

A bit of an odd one here (and has been reported to Ruckus as something that either needs clarifying or fixing) in that if you want to remove the requirement for CAPTCHA when self registering in a ‘out of band’ workflow block you need to configure your own SMTP server. Now that’s all fair however even with the server configured… Read more

CITC 2022 Integrating systems through their APIs

Posted on 25 March, 2022

After a few years on hold it’s great to be back at CITC this time in the British Motor Museum. The video presentation covers a short (if speedy) introduction to Node-RED and it’s ability to integrate systems through their APIs. Demo 2 is of note and shows how a user visiting a malicious website can have their internet access revoked… Read more

Aruba Instant – PAN Syslog Parse Profile

Posted on 6 October, 2021 Updated on 6 October, 2021

A little treat that I hope will help someone at some point, for those with Palo Alto Networks Next Generation Firewalls (NGFW) and Aruba Instant Wi-Fi you can forward syslog messages from the controller to the NGFW and parse them with the profile below to map users to IP addresses. There is plenty of information on syslog to User-ID at… Read more

Palo Alto Networks GlobalProtect and Azure AD – AADSTS700016: Application with identifier was not found in the directory.

Posted on 20 July, 2021 Updated on 20 July, 2021

When setting up a GlobalProtect Portal/Gateway with AzureAD you may find you receive the error message: AADSTS700016: Application with identifier <Entity ID> was not found in the directory ‘<Directory ID>’. The fix here is easy – the GlobalProtect client injects a :443 at the end of the domain name which isn’t mentioned in the guide from Microsoft (https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/palo-alto-networks-globalprotect-tutorial) but is… Read more

Interacting with the Ruckus Cloudpath API using PowerShell

Posted on 2 March, 2021 Updated on 2 March, 2021

It’s been a while since posting and I do hope to sort that out but for now another quick mention of some work with Ruckus Cloudpath. Although massively flexible in its design I’ve come into a few niche cases where administrators would like a single DPSK pool (which is bound to a single SSID) but where different users have different… Read more

Palo Alto NGFW, decryption and images in Slack not displaying or uploading

Posted on 1 October, 2020 Updated on 1 October, 2020

You may find that when doing decryption on a Palo Alto Networks Next Generation Firewall that images in Slack channels are not displayed or are only shown in a very low resolution – in addition images cannot be uploaded. When inspecting the HTTP error messages in your browser a 503 response may also be seen. To top off the issue… Read more

PRTG REST API, PowerShell and UTF8

Posted on 27 September, 2020 Updated on 27 September, 2020

An issue that I’ve now run into a few times now so I thought it was worth a blog post – if you are using the REST Custom sensor within PRTG Network Monitor you may see the error below if you have generated your REST configuration using PowerShell. XML: The returned XML does not match the expected schema. (code: PE233)… Read more