Set up EOP and ATP for your on-premise Exchange

This is based on you already have an on-premise Exchange and a Office 365 tennant, with EOP (Exchange Online Protection) licenses on. If you need ATP (Advanced Threat Protection) you need licenses for that also.

I synced my users to Office 365 with Azure AD connect, its best practice but is not necessary with EOP only.
There is plenty of articles of that on the internet, so I wont be covering that.

Your domains needs to be added to the portal, which you will find under Settings and Domains.
Only add the TXT record for now.
We will change the MX record later

Next go to the Exchange admin center under mail flow and accepted domains. Here you will find all your domains. All of these need to be set to Internal Relay.
If they are set to Authoritative, Office 365 will only send the emails to the on-premise server if it knows the email exist in Office 365.

Now we need to create the connector that will transport the email from Office 365 to the On-Premise Exchange
You will find it under the Exchange admin center, mail flow and connectors.
Create a new connector, which will go from Office 365 To Your Organization’s email server.
Under the creation it will ask for when we want to use this connector, it will be “For email messages sent to all accepted domains in your organization”.
Next specify your smart host, which Office 365 will deliver your mail to, my FQDN is the same as the webmail URL.
Then it ask for certificate I use “Any digital certificate, including self-signed certificates”.
After that you will have the possibility to test the connector.
Here it is created:

Now you can redirect your MX records to Office 365 and you will have EOP as spamfiltrering.
I started with one domain which wasnt in use to test if everything was okay.
To activate ATP go to your users and activate the licenses, next go to Exchange admin center and configure it.

Black screen after login to RDS server

Update KB3172614 (July) and KB3179574 (August), seems to break rdpcorets.dll.
Microsoft is working on a update, but we still have this issue on a couple of RDS servers.

I have implemented a temporarily fix, which restarts the TermService then the black screen appears.

  1. Create a .bat file which have the following lines in it:
    sc config TermService type= own
    taskkill /FI "SERVICES eq TermService" /F
    sc start TermService
  2. In the Event Viewer find a log which has the event ID code 4005, and create a Task Schedule for that.
  3. Go into Actions and find the .bat you just made and add it.

After that, your Task Schedule should restart the TermService and the users will be able to log on after that.
For me it takes about 30 seconds, then the TermService service is killed the rest of the users which is logged on will be disconnected, but not logged of.


Time is off on PDC/DC server and how to fix it

We have had problems with HyperV and VMware hosts taking over the NTP role for our Primary domains controllers.

On VMware you first have to disable the timesync feature on all your virtual machines, you can do that be running this command.
c:\Program Files\VMware\VMware Tools\VMwareTools\VMwareToolsd.exe timesync disable

On HyperV you can just proceed to finding your PDC by opening your CMD and running netdom query fsmo.

Log on to your PDC and run these commands, in the manualpeerlist you can add the NTP servers for your location, to find NTP servers you can use

w32tm /config /syncfromflags:manual /,,, /update

reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config /v SpecialInterval /t reg_dword /d 1 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config /v SpecialPollInterval /t reg_dword /d 60 /f

net stop w32time
net start w32time
w32tm /resync /force

On the other servers run these commands to set the intervals and force a sync.

reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config /v SpecialInterval /t reg_dword /d 1 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config /v SpecialPollInterval /t reg_dword /d 60 /f

w32tm /config /update
net stop w32time
net start w32time
w32tm /resync /force

To check if the settings is OK you can run w32tm /query /peers, which displays the servers you sync from which should be your PDC server on the other servers.

If not you can force a change by running the command w32tm /config /manualpeerlist:"dc1.contoso.local" "dc2.contose.local" /reliable:yes /

I have tried one time that the time wouldn’t sync on the PDC even though I forced a sync, I then change the time 10 minutes back and resynced which helped.


Run with PRTG Network Monitor – Updated 11-05-2018

Had a customer which needed to monitor their WAN connection and because we have PRTG Network Monitor which is such a cool tool btw, I though it would be easiest to integrate it.
zPeters on Github have created a really cool exe file which can speedtest your connection nice and easy with CMD, which is the file I use for testing.

I have created a .bat file which will run the speedtest .exe file and pass the data back to PRTG though an XML file.

Oh well, lets get to work.

  1. Create a .bat file and copy the following into it.

    @ECHO off
    SETLOCAL EnableDelayedExpansionSET "Ping="
    SET "Download="
    SET "Upload="
    FOR /F "tokens=4,5,6 delims=|" %%A IN ('"C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\speedtest-64-v1.0.5.exe" -r') DO (
    SET Ping=%%A
    SET Download=%%B
    SET Upload=%%C
    REM ** FOR /F "tokens=9 delims=:/ " %%A IN ('FINDSTR /I /C:"RTTS in" %tempfilename%') DO ( SET avg=%%A )
    REM ** FOR /F "tokens=10 delims=:/ " %%A IN ('FINDSTR /I /C:"RTTS in" %tempfilename%') DO ( SET max=%%A )
    REM ** FOR /F "tokens=11 delims=:/ " %%A IN ('FINDSTR /I /C:"RTTS in" %tempfilename%') DO ( SET dev=%%A )ECHO ^<^?xml version^=^"1.0^" encoding^=^"UTF-8^" ^?^>
    ECHO ^<PRTG^>
    ECHO ^<result^>
    ECHO ^<Channel^>Ping Latency^</Channel^>
    ECHO ^<value^>%Ping%^</value^>
    ECHO ^<Mode^>Absolute^</Mode^>
    ECHO ^<Unit^>TimeResponse^</Unit^>
    ECHO ^<Float^>1^</Float^>
    ECHO ^<ShowChart^>1^</ShowChart^>
    ECHO ^<ShowTable^>1^</ShowTable^>
    ECHO ^</result^>ECHO ^<result^>
    ECHO ^<Channel^>Download^</Channel^>
    ECHO ^<value^>%Download%00^</value^>
    ECHO ^<Mode^>Absolute^</Mode^>
    echo ^<volumeSize^>MegaBit^</volumeSize^>
    echo ^<float^>0^</float^>
    echo ^<unit^>SpeedNet^</unit^>
    ECHO ^<ShowChart^>1^</ShowChart^>
    ECHO ^<ShowTable^>1^</ShowTable^>
    ECHO ^</result^>ECHO ^<result^>
    ECHO ^<Channel^>Upload^</Channel^>
    ECHO ^<value^>%Upload%00^</value^>
    ECHO ^<Mode^>Absolute^</Mode^>
    echo ^<volumeSize^>MegaBit^</volumeSize^>
    echo ^<float^>0^</float^>
    echo ^<unit^>SpeedNet^</unit^>
    ECHO ^<ShowChart^>1^</ShowChart^>
    ECHO ^<ShowTable^>1^</ShowTable^>
    ECHO ^</result^>ECHO ^</PRTG^>
  2. Copy the .bat file onto your PRTG Server (not the client) in “C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML” or whatever your install directory is.
  3. Download zPeters Speedtest exe file from here:
    Remember to check that the newly downloaded .exe file matches the filename in the .bat file.
  4. Copy the newly downloaded .exe file to “C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\” on your server.
  5. Go to your PRTG interface and add a new sensor for your client server, the sensor needs to be an EXE/Script Advanced.
  6.  Then that is added you should have something like this:PRTG Speedtest SensorPRTG Speedtest Sensor Graph

Update 2018: Some people have reported that the results is low, unfortunately I can’t reproduce the problem. With the newest version of Speedtest from zPeters, the results looks good.
This .bat script, only copies the results to PRTG from the Speedtest EXE. So if the results are low, then it might be the server you are testing againts like here: