Wednesday, 28 November 2018

Azure SQL Connectivity and Service Management Errors || Azure Storage Service Down - West US 2 - Applying Mitigation

 Azure SQL Connectivity and Service Management Errors ||

Azure Storage  Service Down - West US 2 - Applying Mitigation

As per the Azure Status site,


Starting at 04:20 UTC on 28 Nov 2018 a subset of customers in West US 2 may experience issues connecting to Storage resources hosted in this region. A subset of customers using resources dependent on Storage may also see impact. Engineers have identified a recent deployment as the potential root-cause and are in the process of applying a fix for this issue. The next update will be provided within 60 minutes, or as events warrant.

REGION AFFECTED:

WEST US 2 



Tuesday, 27 November 2018

Azure MFA failing with Error Message "Sorry, we're having trouble with verifying your account. Please try again" Today 27th November 2018


###Update on 28th November 2018

The Engineering team has fixed the issue and Identified the Preliminary issue.

According to the official Azure Status site the reason was "a DNS issue triggered a large number of sign-in requests to fail, which resulted in backend infrastructure becoming unhealthy. "


MS also told that they have fixed the issue and observed a decrease in the MFA failure count. We are still waiting for the RCA..




==========================================

27th November 2018

Azure MFA is failing again today 27th November 2018 with the Error messageSorry, we're having trouble with verifying your account. Please try again" 

{no Sno SMS sent, no push notification to the app, TOTP code doesn’t work)MS sent, no push notification to the app, TOTP code doesn’t work}

Azure Site says all the regions of America, APAC, and Europe is affected.


Outage details in Azure Site :
Starting at 14:25 UTC on 27 Nov 2018 a subset of customers using Multi-Factor Authentication may experience intermittent issues signing into Azure resources, such as Azure Active Directory, when Multi-Factor Authentication is required by policy. Impacted customers may encounter timeout errors. Engineers are aware of this issue and are actively investigating mitigation options. The next update will be provided in 60 minutes, or as events warrant.






The MS team is working on this.

The regions that are affected are,


Oregon

North Virginia

Dublin

Tokyo

Tokyo
BrazilNorth EuropeSouth East AsiaWest Europe SydneyDallasTXHong KongHong KongSouth Central USEast US2SingaporeNorth Central USFrankfurtNorth CaliforniaChicagoSydneyNorth VirginiaEast JapanSouth India



we are following the MS Internal Sites. An Incident with Priority has been raised and MS team is working on this.

============================================

###Update on 28th November 2018

The Engineering team has fixed the issue and Identified the Preliminary issue.

According to the official Azure Status site the reason was "a DNS issue triggered a large number of sign-in requests to fail, which resulted in backend infrastructure becoming unhealthy. "


MS also told that they have fixed the issue and observed a decrease in the MFA failure count. We are still waiting for the RCA..


Friday, 9 November 2018

Cloud Computing for CCSK certification Cloud certification


                   
CCSK => Certificate of Cloud Security Knowledge

92 of the questions are based on CSA Guide
8 percent is based on ENISA Report

Cloud security fundamentals (How Cloud architecture impacts Security concerns)

Cloud Computing:
According to the National Institute of Standards and Technology, it is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (Eg., networks, storage, applications and services) that can be rapidly provisioned and released with minimal management effort and service provider interaction.

Download the PDF 


This is composed of 5 essential characteristics, three service models and four deployment models

Five essential characteristics of Cloud Computing

On demand self-service:

Customer will be able to add or reduce the computing resources based on the requirement without any technical support.

Broad Network access:

It should be available to cx from any place using internet connection, it should be also available to manage from any place without any ‘vpn’ or remote connectivity or any restriction.

Resource pooling:

 In Cloud computing resources will be shared, there are als0 options to restrict it. Resource allocation are all dynamic, when we need more resources it should be dynamically allocated from the pool. these can be allocated from any geographical locations.

Rapid elasticity:

Cloud has the capability to allocate or de-allocate resources dynamically. 

The criteria for scaling up and down can be defined by the customer, dynamic allocation guarantees the performance of the application deployed in the cloud with optimum resources




Download the PDF 


Measured service:

In cloud the customer will be charged based on the usage of the resources.
there will be a mechanism to automatically measure the usage of resources.
billing will be based on the pay per use which benefits the customer.




Three service models in cloud computing:

Infrastructure as a service
Platform as a service
Software as a service













Iaas:

here cx gets only the hardware and gets the freedom to choose the software that he wants.


Paas:

here the hardware and basic software are given
provides the consumers with a stable online environment where they can quickly create , test and deploy web applications using browser based software development tools.
Eg: azue, google apps.



SAAS: 

Provides complete business applications over web.
Eg: gmail, fb, linkedin








Download the PDF 



Four Deployment Models in Cloud:

1.Private cloud
2.Community Cloud
3.Public cloud
4.Hybrid Cloud

Private cloud:

#A Cloud infrastructure operated solely for a single organization
#It can be managed internally or by a third party
#it can be hosted internally or externally
#organization taking responsibility of their data
#organization cn enable pooling and sharing of computing resources across different applications, departments or business units
#Require significant up-front development costs, data centre costs, ongoing maintenance, hardware, software and internal expertise



Community Cloud :

#Community clouds are used by distinct groups ( Or shared communities) of organizations that have shared concerns such as compliance or security considerations.
#The Computing infrastructures may be provided by internal or third party suppliers
#The communities benefit from public cloud capabilities but they also know who their neighbour are so they have fewer fears about security and date protection.

PUBLIC CLOUD:

#the computing resources are shared with the providers other customers
# No awareness of their neighbours

Download the PDF 

HYBRID CLOUD:

#It is a composition of two or more clouds
#Using public clouds for genera comouting while customer data is kept within a private cloud, community cloud or a more traditional IT infrastructure.






Who has control in cloud?
The following chart tells who has control in cloud Computing.




Risks in Cloud as Stated by ENISA:
Loss of Governance
Lock-in
Isolation Failure
Compliance risks
Management interface compromise
Data Protection
Insecure or incomplete data deletion
Malicious insider

Download the PDF 

iSEC Realistic Cloud Threats:
Authentication Abuse
Operations Breakdown
Misuse of Cloud-specific Technology
General Security Advantages:
Shifting public data to an external cloud reduces the exposure of the internal sensitive data
Cloud homogeneity makes security auditing/ testing simpler
Clouds enable automated security management
Redundancy/ Disaster recovery
General Security Challenges:

Trusting the vendor`s security Model
Customer`s inability to respond to audit findings
Obtaining support for investigations
Indirect administrator accountability
Proprietary implementations cat be examined
Loss of physical control


Data Storage Services:
Advantages are,
Data fragmentation and dispersal
Automated replication
Provision of data zones (eg. By country)
Encryption at rest and in transit
Automated data retention

Disadvantages or undesired features are,
Isolation management/ data multi-tenancy
Storage controller
Exposure of data to foreign governments



Download the PDF 


Thursday, 8 November 2018

In the Synchronization Service Manager, any import or export operation with on-premises AD fails with no-start-credentials error. ==(or)== Under Windows Event Viewer, the application event log contains an error with Event ID 6000 and message 'The management agent "abc.com" failed to run because the credentials were invalid'.

If you get any of the following error messages in AAD Connect try the following steps mentioned here.


Error Message:


In the Synchronization Service Manager, any import or export operation with on-premises AD fails with no-start-credentials error.

Under Windows Event Viewer, the application event log contains an error with Event ID 6000 and message 'The management agent "abc.com" failed to run because the credentials were invalid'.






Steps to be followed:


Start the Synchronization Service Manager (START → Synchronization Service).

go to the “Connectors” tab and right click on the connectors name

Under Actions, select Properties.

In the pop-up dialog, select Connect to Active Directory Forest:

Enter the new password

Click OK to save the new password and close

Restart the Azure AD Connect Synchronization Service under Windows Service Control Manager. This is to ensure that any reference to the old password is removed from the memory cache.






Type in the comment if it was helpful or not.


Thanks for Reading :) 

//
Senko


Insufficient access rights to perform the operation error in Azure AD Connect

Insufficient access rights to perform the operation error in Azure AD Connect


are  you're getting Insufficient access rights to perform the operation in your Azure AD Connect synchronization logs? 


Try the following.

1)check for the  latest version of Azure AD Connect


2)If you're syncing passwords, make sure that your sync service account has Replicate Directory Changes and Replicate Directory Changes All permissions in your on premises Active Directory
Make sure that your sync service account has write permissions on your sourceAnchor attribute (which is most likely set to ms-ds-consistencyGuid). You can do that either using the user interface, or PowerShell, which is easier:
$accountName = "DOMAINNAME\USERNAME" #[this is the account that will be used by Azure AD Connect Sync to manage objects in the directory.

$ForestDN = "DC=DOMAINNAME,DC=SOMETHING"
$cmd = "dsacls '$ForestDN' /I:S /G '`"$accountName`":WP;ms-ds-consistencyGuid;user'"
Invoke-Expression $cmd

3)Make sure that inheritance is turned on for the AD objects that get errors in the synchronization logs. 

  • Open Active directory Users and Computers
  • Enable the Advanced features in the View settings and,
  • Open up the user object that can't sync.
  • Go to the security tab and then into advanced
  • Check to make sure the box is checked to inherit permissions.







Let me know if this helps in comment.

 வாழ்க்கை முழுவதைம் அள்ளிச்சென்ற  பின்,   கனவில்  மட்டும்  வந்து   ஏன் இன்பம்  காட்டுகிறாய்... கனவு கலைந்ததும்  உண்மை  வாட்டுகிறது... கனவாவத...