ccolonbackslash

Just another WordPress.com site

Category Archives: Uncategorized

Office 365 Update: OneDrive for Business – Too Buggy

Totally, totally agree with this. Been finding it pretty fickle, thankfully we haven’t deployed yet partly due to lack of OSX support and problems syncing sharepoint libraries, but for now…. back burner.

Single Malt Cloud

This isn?t going to be a happy or positive post, which is too bad, because I see a lot of promise in the individual product I?m about to criticize and the overall service of which it is a part. For context, you can consider this an update to my earlier post about Office 365, and if I wished to follow that naming scheme, I might go with, ?OneDrive for Business: The Bad.?

My Uh-Oh Moment

I was finally burned by OneDrive for Business (OD4B) this week. It?s been giving a couple of my coworkers fits for a few weeks, but I know each of them has thousands and thousands of files and figured that may have contributed to their issues in some way. I?ve used OD4B exclusively for almost two months without a single hiccup, until it just stopped working this week. I saved a tiny change to a…

View original post 696 more words

Advertisements

PSTN calls not connecting when made through Lync 2010 Edge server. “Call failed to establish due to a media connectivity failure when one endpoint is internal and the other is remote”

Took a few days to get to the bottom of this.

Root of the issue is people could make pstn calls through our IPOffice via Lync when in the office, or on the vpn, but if connected over the edge server (for instance if using DirectAccess) – no beans. Basically the call is placed and when it is answered there is ten seconds of silence and then the call drops – no sound at all.

After much digging i eventually came across these technet forum posts:

This one

And this one 

When i looked in the topology on our mediation service, i saw the below (this is not my image but the technet forum posters), the edge server basically “Not Set” on the mediation service.

Somewhere/somehow it had gone missing on this particular front end server.

Image

In order to correct this i followed Kressmarks solution on the second link above:

and quoted below:

We then used the following command, clearly inserting your own fqdns for mediation and edge servers:

Set-CsMediationServer -Identity “MediationServer:standard.kressmark.com” -EdgeServer edge.kressmark.com

Once you restart the FE and mediation services, calls resume and the correct info is reported.

Sysprep 3.14 error when imaging Windows 8.1/2012 R2

If you have to build any 8.1 or 8 desktops/laptops and image them, heed the below advice or waste days. If you sysprep a machine more than an hour after installing it you will get a Sysprep 3.14 error and will be led a merry dance across the google wasteland. In short, to fix this you have to run the below command lifted from this link: http://technet.microsoft.com/en-us/library/dn303413.aspx as soon as the machine is installed to have any hope of sysprepping it. If you leave it more than an hour – you are stuffed as the below mentioned job will have already run.

From this site i quote:

  • If you attempt to run Sysprep.exe to create a WIM image more than one hour after the first user has logged on to the newly installed operating system, Sysprep.exe will fail. A scheduled maintenance task that recovers disk space by removing unused features is the cause.

    To avoid this, disable the maintenance task immediately after completing Setup. You can disable the task with this command:

    Schtasks.exe /change /disable /tn “\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup”

  • If you deploy an image using Microsoft Deployment Toolkit 2013 or Unattend.exe and include CopyProfile=true in the answer file, the deployment will fail with a “location is not available” error or each new login attempt will create a new temporary user account profile.

    To avoid this, do not use CopyProfile=true in the answer file. There is no other workaround at this time.

Apparently this was also a bug in the preview release.

 

Install Windows 8 Enterprise onto Surface Pro – Easy thanks to Rufus

The new MS Surface Pro is a fantastic bit of kit – however it comes installed with Windows 8 Pro, a lot of enterprises will want to get Windows 8 Enterprise onto it so they can take advantage of DirectAccess etc.

First things first get the Microsoft surface pro wireless drivers down from MS update catalogue or similar:

Marvell AVASTAR 350N driver – http://catalog.update.microsoft.com/v7/site/home.aspx. Put this on a usb stick.

Now get hold of a copy of the Windows 8 x64 enterprise ISO and a 4gb+ usb stick.

Download this fabulous utility: http://rufus.akeo.ie/ and run it with admin rights, set it to point to the 4gb usb disk you are happy to wipe with settings similar to the below and point it to the windows 8 x64 enterprise ISO location on your machine and it will build a bootable usb from the iso.

New Picture (2)

While this boot disk is building (assuming you have another machine to do this on) hold down volume up and power on your surface whilst still holding down volume up. A couple of options will appear, one for the TPM one for secure boot, select secure boot and disable it. Save settings.

Boot into windows, hold down windows + r and type shutdown.exe /r /o /t 10 – this will reboot into advanced options after 10 seconds (if it’s tricksy add /f to force shutdown).

When it restarts select boot from USB device and you should shortly see the windows enterprise installer. Delete old main partition and install fresh using the wizard.

Once the installer finishes and you’ve logged on, insert the usb stick with the wireless driver you’ve just downloaded, extract it and install it through device manager or manually by right clicking the extracted .sys file.

You should now be able to connect to Windows update and pull down all the rest of the drivers and the surface pro firmware update, and other necessary windows updates etc.

I found i was able to add office to the completed install and still sysprep it, but if i added much more to the image before sysprepping it (Wireshark, LPS, Sophos, Skype, VLC, Chrome etc) it caused sysprep to fail and ruined the image. I’ll work through what caused this to fail and post back here.

Use the Windows ADK with Rufus to build a winpe boot disk to capture the sysprepped image with dism as per http://justworks.ca/blog/goodbye-imagex-hello-dism, then you can deploy at your leisure to other surface pros.

OWA Outlook Web Access – 500 error, Forms-Based authentication fails to start

In the process of creating a DAG lab i noticed that once the servers were in a DAG cluster, I was not able to log onto OWA, the symptoms were:

  • User could authenticate, if they failed to enter their creds they were asked to try again
  • Once they had successfully authenticated a 500 error was dished out by IIS.

A little digging found that Microsoft Exchange Forms-Based authentication fails to start, a manual start sorted this out in the short term, however for a longer term fix I changed the service behaviour to Automatic (Delayed Start), it now starts of its own accord.

I experienced these symptoms with Exchange 2010, SP2 RU4.

“Code 800B0001 Windows update ran into a problem” on Windows 8 and 2012 when using WSUS or WSUS with SCCM

This issue is caused by Windows 8 using a newer update client than WSUS SP2 is aware of, consequently the client doesnt trust the server.

Despite having KB2720211-x64 installed, still see this error on Windows 8 and Windows 2012 machines in my SCCM lab.

Seems this recent KB solves the issue: http://support.microsoft.com/kb/2734608 

If I understand it correctly the issue is to related to the signing of the updates with a certificate that is not approved by Win8/2012 update client. This issue is corrected during the WSUS resync/reindex after the above update is applied.

Once the sync is complete, before you try to apply the updates to any new clients be sure to stop the local wu service client on the windows8/2012 client and delete the software distribution folder in C:\Windows. Be sure to start the Windows Update service again before you try to check for updates and then run the update installation again. Instructions below:

  1. Open an administrative command prompt on the affected computer
  2. Type the following:
  • net stop wuauserv
  • rd /s %windir%\softwaredistribution\
  • net start wuauserv

In my case i’d already tried to publish the SCCM client before i did the update and before i applied the SP1/CTP for SCCM and ran into problems even after the above because the SCCM client is not resigned during the WSUS update.

As i had not yet published the latest version of the SCCM client that came with SCCM SP1/CTP to WSUS, i published it AFTER applying KB2734608, to do this you go to Sites, Client Installation Settings and Software Update-Based Client Installation and it will tell you there is a new client available, agree, then apply and it will be correctly signed and will install on Server 2012 and Windows 8.


SO if you publish a version of the client through WSUS before you do the KB update and resync, it doesnt get re-signed, only if you distribute it AFTER the update. ( I think…..)

Phew.

Using Avaya IPO as sip trunk with Lync – problems dialling international and cellphone numbers

After connecting Avaya IPO to our Lync infrastructure we discovered that long distance calls from Lync often failed, especially to cell phones/mobiles – usually with a “cannot accept call 405”.

Thanks to this: http://trogjels.wordpress.com/2012/03/22/outbound-call-from-lync-fails-timeout-issues/

I discovered it’s due to Lync giving up on calls through the pstn after 10 seconds! change the config file referenced here so the timeout is 20 seconds and restart server (or just front end and mediation service) and your issue will be resolved.

Credentials are required, calendar password prompt – Lync/Communicator

If you find users are unable to dismiss credential prompts from communicator or Lync that reference calendar access, even if entering correct password and you are running Checkpoint IPS, it’s likely that the non-compliant http protection is blocking its calendar access through your companies autodiscover.domain.com address. To stop this behaviour, enable an exception for the non-compliant http IPS protection between your reverse proxy’s internal nic and your CAS and your firewall and the published proxy nic/ip.

Should you find you are continued to be prompted for credentials (which are dismissed after you enter them) when connecting from outside the LAN after this change or DO NOT use checkpoint’s IPS, please look at this post – it fixed things for me: http://msexchangeanywhere.wordpress.com/2011/12/29/how-to-fix-lync-services-signin-type-your-user-name-and-password-to-connect-for-retrieving-calendar-data-from-outlook/. Many thanks for this!

vi primer/introduction/basics – handy for checkpoint or any linux appliance management

If you do anything with linux, even at the simplest level, you have to get to grips with vi for config changes, the most accessible and useful resource i found on it to get started was here:  http://acms.ucsd.edu/info/vi_tutorial.shtml . Well worth a look if your administering SPLAT’s but are otherwise a Windows shop and have no previous linux experience.

Lync and polycom CX600 – waiting for time service after connection to pc followed by sign in failure.

When you configure dhcp to support UC devices, specifically the Polycom CX600, I have found that there is one option the dhcputil and dhcpconfigscript doesnt set that i’ve needed in my environment to get the handsets to actually work. Though i acknowledge that i may have missed some piece of fundamental documentation elsewhere in my hurry to get these working.

Although the windows time server in my dhcp options was set, the NTP server was not (option 42), without option 42 being set i had the following error in the SIP/S4 trace, “The connection was closed before TLS negotiation completed. Did the remote peer accept our certificate?” followed by a request to check username and password and the handset failing to sign in.

Once NTP server is set in dhcp the handset signs in pretty much straightaway either over usb or direct sign in via phone number and pin entry.

Hopefully this will help someone else.