Q2 Module 4 Progress Report

    This week I worked another full 40 hours bringing my quarter total to 160 and the two quarters together to 520 hours. This week I had mixed days of doing nothing then being busy. I finished installing language packs on another set of computers for testing starting this Monday. I had gotten an email asking to install on more computers but I never received the computers from the students or their teacher. 

I also received a teachers Surface Laptop 3. They said its not working which was very vague but I discovered that it the computer won't boot all the way. It gets to the Windows logo for the Surface bios but then goes black immediately after. I tried all my tricks like holding down the power button for 30 seconds, holding the power button and the volume up for 15 to try to get into the firmware reset menu, took the type cover off, took out the RSSD to cut power from the battery and drain and residual power, all didn't work and does the same thing. I check to see if some how its still under warranty but its expired in 2023. We did have a Surface Laptop 4 in the surplus pile that has a broken screen that I may try to Frankenstein together to see if that would work. The 4 is all black while the 3 is grey so the two shells wouldn't match but if it works it works. 

I spent a significant amount of time troubleshooting why we couldn't successfully set up a secondary AD FS server with the intention of promoting it to the primary role. Initially, my system administrator attempted to use the AD FS migration tool, but that approach failed. As a result, she recommended resetting the virtual machine, re-entering the Windows license key, rejoining the domain, setting the static IP address, and starting fresh.

After performing those steps, we attempted to use the AD FS configuration wizard. However, we encountered an error during the setup. When we tried again, it failed because a database already existed from the previous attempt. To proceed, we had to remove the AD FS role entirely and start over.

Next week we are planning after school is out to do the swap and make the new server the primary node in the farm.

Below is a summary of the steps we ultimately followed to resolve the issue:

 Troubleshooting Summary: AD FS Certificate Thumbprint Error

Recently, while adding a new node to an existing Active Directory Federation Services (AD FS) farm, we encountered persistent certificate thumbprint errors. The process revealed a few important lessons about how AD FS handles certificates, especially the Service Communications certificate.

 Issue Summary:

  • When running Add-AdfsFarmNode, we received an error indicating the certificate with the specified thumbprint could not be found in the LocalMachine\My store.

  • AD FS Management on the existing production server showed “no certificate found” under Service > Certificates > Service Communications.

  • The thumbprint that AD FS was referencing didn’t match any valid certificate currently in the system.

 Steps Taken:

  1. Verified the new server had the correct certificate installed in the local computer's personal store with the private key.

  2. Ran Get-AdfsCertificate and other PowerShell commands to review the current AD FS certificate bindings.

  3. Discovered the Service Communications certificate was unassigned on the original AD FS server, likely due to an expired certificate being removed without updating the AD FS configuration.

  4. Confirmed that even though a new SSL certificate was present, it was never re-bound in AD FS.

  5. Had my system admin reassign the valid certificate via the AD FS Management console.

  6. After the certificate was re-added and bound, the Add-AdfsFarmNode command completed successfully.

 Outcome:

  • The missing Service Communications certificate was the root cause.

  • Once restored, certificate errors ceased, and the node joined the AD FS farm as expected.

Comments

Post a Comment

Popular posts from this blog

Module 7 Journal Entry

Although I didn’t work this week due to the school’s mid-winter break, I’m reflecting on my previous week to address this journal prompt. Easiest Accomplishment: One of the more straightforward tasks was handling two teacher laptops before the break. The first involved a Surface laptop infected with ransomware. After disabling the teacher’s accounts and notifying the system admin, I performed a fresh Windows installation and reinstalled all necessary drivers. The process went smoothly since I’ve done similar resets before. The second laptop was outdated, running Windows 10 21H1, which prevented system updates and Outlook from working properly. I manually upgraded it to Windows 10 22H2 and then to Windows 11. Although the install took time, the process itself was routine. Hardest Accomplishment: The most challenging task was dealing with a middle school student misusing the school’s network. Investigating their actions revealed they were sending malicious scripts through SharePoint, all...
Read more

Journal Entry: Internship Overview and Goals

 My internship as a Technology Technician at a school district involves maintaining and supporting the district’s IT infrastructure. In a nutshell, I troubleshoot hardware and software issues, assist with network maintenance, and ensure that the technology used by staff and students operates smoothly. This role demands both technical problem-solving and effective communication, as I often work closely with educators and administrators to address their needs. What I know about my role is that it’s pivotal for the day-to-day functioning of the district’s technology systems. My tasks so far have included repairing devices, resolving connectivity issues, and providing user support. I understand the basics of troubleshooting, maintaining hardware, and following best practices for IT operations. To fully excel in this position, I’ll need to deepen my understanding of network administration, learn more about advanced system configurations, and refine my ability to manage multiple tasks ef...
Read more

Module 10 Progress Report

I worked 40 hours this week, bringing my total hours for the quarter to 360. This week was packed with tasks, and honestly, it’s hard to keep track of everything I did. There’s never really a set list of things to tackle — issues pop up randomly, and I handle whatever comes my way. I started the week with 28 more laptops that needed either the DRC testing software reinstalled, Windows updates, or a full reset. After that, I helped a teacher at the other high school who was having Wi-Fi issues. I suggested using a USB-to-Ethernet adapter to hardwire her computer for a more stable connection. She wasn’t a fan of that idea since she wanted to keep using her external keyboard and didn’t want to be "tethered." I explained that it was either this or continue dealing with Wi-Fi drops until we could figure out what’s going on in that room. Later, I teamed up with our tech specialist to troubleshoot a middle school projector that wasn’t displaying anything. Aside from the rack being c...
Read more