How to configure OAuth2.0 using EWS on Microsoft O365

App registration

Upgrading from basic authentication to OAuth is a little harder for many small businesses to configure on the Azure portal. Here are the steps I have done to get our EWS service to get it working. You must have admin rights to do the following.

Create an app registration

You need to log in to your Azure portal: Go to Azure Active Directory>App registrations

Next, click on New registration

Next, fill in the info

This is where you choose your access options, based on the selection, the next screen will have different options, for us, we choose Single tenant and Redirect URI option for Public client/native, if you don’t have a URL you can leave it blank

In case you need to add or change the Authentication platform, you can click on Authentication>Add a platform>Select one that works with your Business needs

Based on your selection, you will need to select the URL option, or your custom URL

Then give API permission

This can be many permissions or just a few, also based on the type of application, you may get different options

Us, we are using EWS service, so we needed office 365 Exchange Online

Then you need to select the type of permission, we are using application permissions

The only thing we can get it working was by giving full_access_as_app

You need to give admin consent to your application, so once you have all permission added, click on Grant admin consent

To create client credentials, click on Overview>Add a certificate or secret

Click on the Clent secrets>New client secret

Enter the name, this could be anything and select the time when it Expires, then click on Add

Before you click out of this screen make sure to copy the value of your secret ID, which you will need for your app. Once you leave this screen, you will not be able to get this value back, so you may need to create a new one in case you have not copied it or you need to change it.

For your application, you will need the following info, which you can find it, here

  • Application ID
  • Directory (tenant ID)
  • Endpoints: authorize and token
    • If you have selected the multi-tenant option, your Endpoints URL will be generic, like these:
      https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize
      https://login.microsoftonline.com/organizations/oauth2/v2.0/token
  • Value of secrets from the step above

That’s all, hope this helps someone out there who is going through these changes in technologies



The trust relationship between this workstation and the primary domain failed

AD trust failed

it’s not common, but once in a while you will come across an error like this “The trust relationship between this workstation and the primary domain failed“, causes of this are very, it’s very easy to fix it too, here are some list of reasons:

  • Admin deleted Computer object in AD
  • System restored, which is a different machine account password than AD
  • Machine imaged and restored
  • object corruption in AD
  • AD policy disables a computer after x number of days

You will get a message like this:

If you are logged into the computer local user, you can test by running the PowerShell command

command: Test-ComputerSecureChannel -Server NameOfDomainController

In this example, it’s showing true, but if you are having an issue you would get false

To fix it:

You can reset it by running a PowerShell command:

Command: Reset-ComputerMachinePassword -Credential YourDomainName\YourDomainAdmin

or you can rest from Domain Controller

Another way is to disjoin from the domain and re-join it

If you get this on your network status: Unauthenticated

That means your PC to domain controller lost trust

You can try running the repair command to fix it

When you run Test-ComputerSecureChannel and get the result False, which means your computer lost trust in your domain controller

The repair command will fix, it without restarting your computer, it will prompt you for domain admin credential:

Test-ComputerSecureChannel -Repair -Credential (Get-Credential)

You may need to restart the network adaptor to take effect

command: Restart-NetAdapter *

note: * means all networks will restart, if you have more than one you can use -Name and Name of your adaptor

Hope that helped you out with your issue



How to Compact Virtual Hard Disk

These days most of us using virtual storage drives for a server, most of the time these virtual storage disks are configured dynamically, so it grows as we use it, but does not shrink when you delete data unless you do compact. If you are using Hyper-V servers, it’s very easy to do, other hypervisors also offer similar compacting, you may just have to look around.

Here is screenshot of before compacting drive:

To compact in Microsoft Hyper-V hypervisor:

Open the Hyper-V Manager
Select the VM
Right-click on VM, click Settings
Select the Hard Drive that you want to compact, then click Edit
It will give you the location of the Disk and warning, please make sure you have a good backup, just in case something goes wrong
Click Next

If you only see Expand option, that means your VM is running, you can’t Compact
Click Next

Summary of Disk, click Finish and it will start compacting, time it takes to compact are depends on speed of drive and how much data you have deleted.

This is what it looks like after compacting, the size will vary depends on how much of your data being deleted.

After Compacting:

That’s it, if you don’t get the drive space back, make sure to do the Drive Optimization first then re-do the compacting

To drive Optimize:

Login into server and right click on the drive select Properties

Click on Tools tab
Click on Optimize

Then select the drive if you have more then one and click on Optimize



Share files with encryption via Firefox send

Sharing files is very common these days, but is it safe and secure? Firefox has been testing for a while and now it’s an officially released a couple of days ago at https://blog.mozilla.org, it’s free up to 1GB without setting up an account, with a free account it gives 2.5 GB. It’s very easy to use for anyone who is looking to share big files that can’t be sent via email. Best thing is it doesn’t stay on the server forever, so no need to worry about, your data out there, it automatically generates a link and you choose how long it should stay shared then deletes it automatically. It’s a free encrypted file transfer service that allows users to safely and you can use any browser, you can use Firebox browser.

Here is how it looks like, all you have to do is go to URL: https://send.firefox.com Then drag and drop files or click on the select file to upload

Once the file is uploaded, you will get default option for your files to be Expires after 1 download or 1 day. You can change to up to 100 download or 7 days. Also, you get an option to put a password as well. Then click on Upload to generate the link.

It will generate the link to be share, which you can copy and paste it to your email whom you want to share your files with.

Based on your selection, you will see options, when your files will be expires. You will have option to copy link in case you forget to copy.

That’s it, very easy secure way to share big files, you can read about Firefox Privacy Notice for more info your secure files share via Firefox.