Outlook always “Trying to connect” followed by “Disconnected”

Usually, this problem is resolved by deleting credentials in the vault, running the MSRA tool, etc. But we had one where even trying to add the account into a new profile would never resolve the autodiscover. Also, clicking on the “Update License” option in any of the Office applications would produce “Something Went Wrong [1001]”

In one particular case, the problem was the machine was missing package information about either the Active Directory Authentication Library (ADAL) or Live ID.

These two commandlets run in user-mode powershell resolved it:

if (-not (Get-AppxPackage Microsoft.AAD.BrokerPlugin)) { Add-AppxPackage -Register "$env:windir\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown } Get-AppxPackage Microsoft.AAD.BrokerPlugin
if (-not (Get-AppxPackage Microsoft.Windows.CloudExperienceHost)) { Add-AppxPackage -Register "$env:windir\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown } Get-AppxPackage Microsoft.Windows.CloudExperienceHost

In another case, the ADAL was already installed so this was necessary to fix it:

  1. Under the problem user: delete or rename these registry keys (if they exist):
    HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\Identities
    HKCU\SOFTWARE\SyncEngines\Providers\OneDrive
    HKCU\SOFTWARE\Microsoft\OneDrive\Accounts
  2. Log off the affected user and log on as another user that’s an admin on that computer (create one if necessary.)
  3. Delete/rename all these folders in the affected (problem) user:
    C:\Users\[problem user]\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
    C:\Users\[problem user]\AppData\Local\Microsoft\OneAuth
    C:\Users\[problem user]\AppData\Local\Microsoft\IdentityCache
  4. Reboot the computer and log in as the problem user

Mac cannot browse to some SSL sites – falsely claims clock is wrong

This happens when a Let’s Encrypt root certificate is not updated. How to fix:

1. Download the Root Certificate:
——————————————–
https://letsencrypt.org/certs/isrgrootx1.der
NAME: “ISRG Root X1″  (✅ Self-signed, ❌ NOT Cross-signed)

2. Install the certificate:
——————————————–
- Via “Keychain Access.app”
- `File > Import Items…`

You can install it into either the `login` or `system` keychain. But not `System Roots` (which is where it *would* be, if we were on 10.12.1+)

- login = Current user only
- system = All users

3.Manually “Trust” that certificate:
——————————————–
- Find it (“ISRG Root X1″) in the list and double click on it.
- Open the “▶ Trust” area.
- Set: `When using this certificate:` to `Always Trust`
- Close the window, which will ask you to verify with your login password.

Done!

TLS 1.2 for Windows 7 email clients

Email clients running on Windows 7 may fail if TLS 1.2 isn’t enabled.  To get this going, add/change the following under:

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

TLS-Image

Add new key under Protocols: TLS 1.2
Add new key under TLS 1.2: Client

Add new Dword in Client: DisabledByDefault = 0
Add new Dword in Client: Enabled = 1

Reboot the computer for this to take effect.

The typical ports for POP/IMAP email now are:

POP port: 995 SSL
IMAP port: 993 SSL
SMTP port: 587 TLS

“Preview Handler Surrogate Host has stopped working” – Windows 10/11

This error was happening when the preview pane in Windows Explorer was on and a .MSG file was selected. There is no 64-bit handler for .MSG messages in Windows, only 32-bit. So a 64-bit set of handler files needs to be added.

We found this fix at https://www.brandsict.nl/msgpreviewer_en.php:

You need .NET 4.5 or higher. This is native to newer versions of Windows or can be activated via Add/Remove features.

  1. Download and run this file: MSgPreviewer64_installer. This will create the folder C:\MSGPreviewer64 and place the files there.
  2. Open an elevated command window and navigate to
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319
  3. Execute these commands:
    regasm /tlb C:\MSGPreviewer64\SharpShell.dll
    regasm /codebase C:\MSGPreviewer64\msgpreview.dll

 

‘Users must enter a user name and password to use this computer’ option is Missing – Win 10/11.

Windows 10/11 option “Users must enter a user name and password to use this computer” is missing in the ‘User Accounts’ options (this is used to bypass the login screen and to sign-in directly to Windows.)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Passwordless\Device

Change the value for DevicePasswordLessBuildVersion from 2 to 0

Now netplwiz will display the option.

 

Set up automatic VSS shadow copy in Windows 10

While Windows Server does this automatically, usually twice a day, Windows 10 does not. Here’s how to mimic Windows Server’s operation:

  1. In Settings, open “create a restore point”
  2. Make sure the desired drive has Protection turned On
  3. Open Task Scheduler
  4. General tab
    Create Task…
    Name the task as desired
    Select “Run whether user is logged on or not” and “Run with highest privileges”
  5. Triggers tab
    New…
    Set timing as desired (often Daily but do as desired) and Enabled should be checked
  6.  Actions tab
    New…
    Start a program
    Program/script = wmic
    Add arguments = shadowcopy call create Volume=C:\  (or desired drive)
  7. When saving the task, enter the computer’s login password

For multiple times or drives, add additional tasks as necessary.

 

Network indicator says no Internet when Internet is actually working

HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet

Change or add the following keys as indicated:

ActiveDnsProbeContent = 8.8.4.4
ActiveDnsProbeContentV6 = 2001:4860:4860::8844
ActiveDnsProbeHost = dns.google
ActiveDnsProbeHostV6 = dns.google
ActiveWebProbeHostV6 = www.msftconnecttest.com
EnableActiveProbing = 1

Then either restart the computer or disable/enable the network adapter.

Windows Defender Firewall service will not start (Windows 10)

We experienced this on a machine that had just installed some updates. The cause was the dependent Base Filtering Engine service hanging when trying to start.

  1. Fix the BFE Service Registry Keys:
    Windows 7  |  Windows 8  |  Windows 10  | Windows 11
  2. HKLM\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy
    Change the permissions on the Policy key
    Add NT SERVICE\BFE
    Advanced permissions – Allow:
    - Query Value
    - Set Value
    - Create Subkey
    - Enumerate Subkeys
    - Notify
  3. Select Replace all child object permissions with inheritable permissions from this object
  4. Restarting Windows may be required

If still not good, try resetting the BFE service permissions / security descriptors in an elevated command prompt.