Month: May 2017

ADK 1703 Image Mount workaround

There has been alot of chatter around the new ADK for Windows 10 1703. Microsoft somehow signed a mountdriver with a bad certificate. This means mount operations fail. All around deployment father Michel Niehaus has found a workaround and you can read the full post from him here https://blogs.technet.microsoft.com/mniehaus/2017/05/16/quick-workaround-for-adk-1703-issue/

The short story is that you need to modify a registry value to use the built-in driver instead. So if you don’t want to read the full story change the following registry value

Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WIMMount
Key: ImagePath

Set the value to
system32\drivers\winmount.sys

Then you can mount images again!

Note: There are people saying you can turn of SecureBoot to make it work and while this is true. You should not turn SecureBoot off.

Note 2: Microsoft is working on a fix for the ADK.

/Peter

ADFS Single Sign on with Edge

I usually don’t blog about ADFS but since I recently had to solve this issue for a customer I thought someone else might find it usefull as well.

When you use Edge or Chrome as your primary browser and using a machine that should have SSO with Office 365 and Sharepoint you still get a login page. This happens because by default ADFS have a set of trusted browser strings and others will be prestend with a form authentication.

To fix this on your ADFS server you need to use a couple of simple powershell commands.

Let’s start with just getting what browser strings are trusted currently.

Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents

DefaultSettings

As you can see there browser agent for Edge and Chrome are missing. To fix this we run the following powershell command.

Set-AdfsProperties –WIASupportedUserAgents @("MSAuthHost/1.0/In-Domain","MSIE 6.0","MSIE 7.0","MSIE 8.0","MSIE 9.0","MSIE 10.0","Trident/7.0", "MSIPC","Windows Rights Management Client","Mozilla/5.0","Edge/12")

Then restart the ADFS service

Restart-Service ADFSSrv

That is, you can verify the settings by getting the ADFS properties again

FixedSettings

All done and Single Sign On will should now work using Edge or Chrome as well!

 

/Peter