Tuesday, December 10, 2013

quantity of data stored on laptops/desktops

Below is the headline to a promotional email I got promoting a whitepaper.  The notable thing to me is the data on the amount of data stored on endpoints (i.e., desktops and laptops).  At present, I'm putting laptops in place instead of desktops at a rate of about 20 to 1.  Laptops have the ability to travel which makes them harder to back up, and if 28% of data is truly stored only on these endpoints, then an online backup system makes more and more sense.  My favorite (and has been for years) is Backblaze at $50 per computer per year (not a paid endorsement).  I've looked for better options and have yet to find any.


Wednesday, November 20, 2013

how I configure a script to get into a Powershell CLI for editing Office365 properties

I was setting up a laptop to use a script to get into a Powershell CLI and wanted to document what I used to get in.

You'll need to download two items to enable PowerShell:

1) Microsoft Online Services Sign-in Assistant
2) Azure AD Module for Windows PowerShell

from here:

https://technet.microsoft.com/library/dn975125.aspx


You may need to install .net 3.5 from turn windows features on/off.

Then I created a folder on the root C called scripts.  In there, I created a file called office365.ps1 with these contents:
---
Import-Module MSOnline
$O365Cred = Get-Credential
$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
Import-PSSession $O365Session
Connect-MsolService –Credential $O365Cred
---

Then I make edits by opening powershell.  Navigate to c:\scripts and run office365.ps1.  Of note, you might also need to enable remote execution (Set-ExecutionPolicy RemoteSigned) like this:









From there, I use the commands I described in this post:
http://t-solve.blogspot.com/2013/01/office365-shell-commands-for-reference.html



When I need to run a Powershell script, I open powershell, navigate to c:\scripts, and I run office365.ps1 like this:


Saturday, November 9, 2013

The name cannot be matched to a name in the address list for a valid user - Exchange 2010

In some cases, I hide old users in Exchange Management Console so they don't appear in the global address list.  I had done that with a certain user, and I kept trying and trying to no avail to configure his Outlook.  I kept getting "The name cannot be matched to a name in the address list for a valid user."  I could log in to webmail for the user, and I could log on to a laptop as the user with no trouble - but Outlook could not find the user during mailbox setup/configuration.

The error:















The solution (uncheck "hide from Exchange address lists")





Thursday, October 31, 2013

getting internet access on an a computer with two LAN connections where one doesn't have internet acccess

I was in a situation where I had two separate LANs, one for phone, one for data.  The phone LAN had no internet access.  I wanted to give the phone vendor remote access to my PC while connected to the phone LAN.

Each time I plugged my computer into the phone LAN and had the data LAN connected wirelessly, the wired connection would take preference no matter which LAN was connected first or any bridging settings I had set:













The wired connection always took priority.  I fixed this by simply giving the wired connection a static IP with the proper wired IP address but changing the default gateway on the wired connection to the default gateway on the wireless connection that had internet access.  Here's my example where 10.10.10.0 was the phone LAN without internet access and 10.0.0.0 is my data LAN with internet access:



















This allowed me internet access and allowed me visibility on the wired LAN without internet access.

Thursday, October 17, 2013

Importing a Mac Address book into Excel/Outlook

If you have a Mac address book that you want to import into Outlook on the PC (or just into Excel), you need an additional tool to do it.  As of OS X 10.8 Mountain Lion, the only options for exporting the Mac address book are vcard or Mac Address book archive, neither of which is compatible with Outlook or Excel.

There are some paid options in the Apple Store that export the address book to a TXT or CSV file, but I found a nice, easy, free option.

Export the address book VCARDs (make sure you select all and get all of your contacts in a single CSV file).  Then go here:
http://labs.brotherli.ch/vcfconvert/index.php

This site takes your VCF file and will convert it to 'gmail CSV' which you can use for direct import into Outlook or import into Excel for massaging before importing into Outlook.

Sunday, August 11, 2013

putting DNS in place at godaddy in advance of migrating registrar

I was moving a domain from Network Solutions to Godaddy, and I had DNS managed at NetSol and intended for DNS to be managed at Godaddy.  With this setup, there would have been DNS downtime during the transfer when the trasnfer actually happened and DNS wasn't in place at Godaddy before I put it in place.  This is because Godaddy won't let you manage DNS until the domain is actually transferred.

This article describes the process for setting up Godaddy calls off-site DNS, where its DNS servers can provie DNS for a domain it doesn't hold.  This off-site DNS can then be applied to the domain when you transfer.

This article is here:
http://support.godaddy.com/help/article/4041/managing-domain-names-with-offsite-dns?pc_split_value=1

And recreated here (in case that page is ever moved):

To manage the DNS for an off-site domain name, you must add it to the DNS Dashboard, and then change your nameservers at your current registrar.


  1. To Add Off-site DNS for a Domain Name
  2. Log in to your Account Manager.
  3. Next to Domains, click Launch.
  4. From the DNS menu, select DNS Manager.
  5. From the Off-site menu, select Add Off-site. The Add Off-site DNS window displays.
  6. In the Domain name field, enter the domain name you want to manage with Off-site DNS.
  7. (Optional) If you plan to transfer the domain name's registration to us and you want to transfer its existing DNS records as well, select The domain will be transferred ... . We apply the zone file to the domain name upon transfer. Otherwise, de-select this option.
  8. Click OK. The domain name displays in your Domain list with (Off-site) next to it.

NOTE: If your domain name does not display, click  to refresh the list.

Contact your current registrar to update your nameservers to the following:
Standard DNS
mns01.domaincontrol.com
mns02.domaincontrol.com


Monday, July 29, 2013

Windows Small Business Server 2008 Repair Guide

I came across this when troubleshooting an SBS 2008 problem, and I just wanted to keep this link as it may be helpful in the future:

http://technet.microsoft.com/en-us/library/sbs-2008-repair-guide(v=ws.10).aspx


Sunday, July 14, 2013

DFS replication status indeterminate

In Windows Server 2008 R2 and Windows Server 2012, if your DFS replication closes abnormally (or so it thinks) for some reason, the replication will stop.  If you run the Diagnostic Report from the DFS Management Console, you'll see the status for the replication group is 'indeterminate' as noted below:


If you look in the DFS event log, you should see event id 2213.  It notes the problem and gives you the exact command you need to run in an elevated command prompt to fix the issue.


Run the command and you're back in business.  To make sure that files are not inadvertently overwritten by older versions, Microsoft recommends that you back up the share that was out of contact before putting it back in place.  Frankly, to be super duper safe, you should back up all the shares.

Thursday, July 11, 2013

removing Dell battery message "Your battery is able to charge normally. However it is reaching the end of its usable life"

By design, Dell laptops will warn you as their battery life starts to decline.  When you log in, Windows will display this message "Your battery is able to charge normally. However it is reaching the end of its usable life"

My comment on this message is typically this:

---
All rechargeable batteries have a limited life span. It varies from battery to battery, but a battery typically loses 25% of its life per year (so a 2 year old battery lasts half as long as it did when it was new).

While it’s typical for a battery to last less long, it’s not so much of a problem unless the battery life no longer meets your needs. If you say the word, I’ll begin the process of requesting a new battery on your behalf.
---

I found this elegant way to remove the warning which seems to work on all E series Dell Latitude laptops.

http://en.community.dell.com/support-forums/laptop/f/3518/p/19317355/20118960.aspx#20118960

In short, download and install the Dell Feature Enhancement pack:
64 bit version:
http://www.dell.com/support/drivers/us/en/19/driverdetails?driverid=MHVWP

32 bit version:
http://www.dell.com/support/drivers/bm/en/19/driverdetails?driverid=DV6XM

The follow these steps:

1. Copy all *.admx files in C:\Program Files\Dell\Feature Enhancement Pack\policydefinitions to C:\Windows\PolicyDefinitions

2. Copy all *.adml files in C:\Program Files\Dell\Feature Enhancement Pack\policydefinitions\en_US to C:\Windows\PolicyDefinitions\en-US

3. Run Group Policy Editor - Click Start button and in the Search box type gpedit.msc and click the result

4. Browse to Computer Configuration -> Administrative Templates -> System -> Dell -> Feature Enhancement Pack -> System Events and double click Battery in the right pane

5. Select Enable radio button and put a check mark for "Battery health degraded"

6. You can get rid of any other massages there as well

7. Click OK

Thursday, July 4, 2013

backing up a Mac to Google Drive

I was setting up a Mac for a client and looking for a super cheap method for backing it up.  With a 30 GB quota for Google Drive, it seems logical to use Google Drive.  I can simply create a startup batch script on a PC to copy desktop, documents, and other important folders to c:\username\google drive on a PC.

On a Mac, I found a good method using "Automator," which is much easier than using AppleScript.  As far as the method I used, I basically followed option 8 here:

http://mac.tutsplus.com/tutorials/automation/10-awesome-uses-for-automator-explained/

The nice thing about the above steps is that it sets up an automated running of the script on dates/times.

Saturday, June 8, 2013

event id 4098 when applying printers via user group policy

After a reboot of my domain controller, I got a lot of event ID 4098 warnings in my appliucation event log as seen below.  I was getting several dozen errors per day - one for each printer.  My user GPO had been assigning printers for months with no problems, but after a reboot, this started coming up:

















I fixed this by editing the group policy.  Go into the group policy for each printer and go to the common tab.and check the option for "run in logged in user's security context" as show below:


Tuesday, June 4, 2013

putting text screen saver with specified text on all machines via group policy

A client asked me to put a text based screen saver on all domain computers.  I did this through Group Policy Management.

Creating the group policy to enable the screen saver was easy.  Interestingly, the personalization option did not exist on my Windows 2008 R1 SP 2 server, so I had to make the changes in on my Server 2012 DC.  The changes to initiate the screen saver were here:

user config> admin templates> control Panel/personalization

This was easy, but what it didn't do was set the text.  I found the best way to set the text was via forcing a registry change on each machine that I could push down via group policy (creating a .reg file that is applied on login).

I applied the registry change using the "easy way" as described here:
http://blogs.technet.com/b/askds/archive/2007/08/14/deploying-custom-registry-changes-through-group-policy.aspx

And then I created the .reg file more or less using these instructions: http://www.winhelponline.com/articles/11/1/Customizing-the-SSText3D-screensaver-before-applying-it-to-the-Logon-desktop.html

I made the changes on my own machine and exported the appropriate registry hive (not a single key - but the entire hive of:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Screensavers\ssText3d]

And that did it.

Monday, May 20, 2013

exporting mailboxes to PST on Exchange 2010

I went through the very good instructions here to export an Exchange 2010 mailbox to PST:
http://exchangeserverpro.com/export-mailboxes-exchange-server-2010-sp1/

But I kept getting errors when doing the mailbox export request.  I didn't track the error, but I'm about 90% sure that the error was related to the file path I was exporting to.  I was attempting to export to a file path of "\\servername\e$\filepath\username.pst"

Once I changed the export path to \\servername\sharename\username.pst - the export succeeded.

Stupid, but something to remember.

Wednesday, May 1, 2013

new user setup (new version as of 5/1/13)

These are generic steps for setting up a new user.  These steps assume that the laptop is set up as needed as per the steps listed computer setup here:
http://t-solve.blogspot.com/2013/04/new-computer-setup-steps-revised-41113.html

Steps for new user setup (to be followed in order):


  1. create user account (and if necessary, mail account if done separately)
  2. adjust user profile script
  3. if needed, configure home folder and backup folder in ADUC
  4. add to appropriate security groups in ADUC
  5. put user on appropriate distribution lists
  6. log into computer as user
  7. confirm drives mapped correctly
  8. set up Outlook
  9. disable email archiving (if not already disabled)
  10. add Bcc to view when composing new message
  11. configure user to see any shared calendars and/or contacts lists
  12. set up printers or confirm printers mapped correctly
  13. make sure user has appropriate local permissions on computer (admin or standard/restricted)
  14. make sure laptop is configured from Microsoft updates
  15. install all applicable updates for Office and Windows
  16. confirm antivirus is up to date
  17. configure default printer based on nearest applicable printer
  18. make sure VPN icon is on desktop and connect to VPN one time with the user's name and password
  19. add terminal server icon to desktop, if applicable
  20. configure backup to appropriate backup folder
  21. add off-site backup program if applicable (Backblaze, ibackup, etc)
  22. Install Google Chrome and set it as the default browser
  23. Add company specific IM program (Google Talk, Skype)
  24. make sure computer is added appropriately in inventory spreadsheet
  25. Add user to address book on company scan to email copier (if applicable)
  26. Alter user's name on phone (if applicable)
  27. Alter extension's voicemail to email properties (if applicable)
  28. Make sure the user's phone is not forwarding to another person
  29. Configure user's mobile broadband card
  30. leave intro sheet for new user
  31. set up desk as needed (keyboard, mouse, monitor, docking station, leave extra power cord for travel)
  32. put computer in appropriate location for organization (for some organizations, this means in a locked server room)


Friday, April 26, 2013

Firefox will not display SSL enabled web sites - Sendori alters SSL certificate appearance

I was working on a computer with Firefox 20.01, and the browser would not display any SSL secured websites - not google, not facebook, not Citibank, not anything.  Chrome and Internet Explorer had no trouble with these sites.

What I found was a piece of software called Sendori that was installed the previous day that had somehow altered the SSL cert information for each site.  Example is below for the cert that was showing for Google.

























I tried uninstalling Firefox, opening a new profile, deleting cert8.db and all sorts of things.  But it was this Sendori program altering certificates that was my problem.  I could see that Sendori was listed as the certificate issuer and the "valid from" date was set today for all SSL sites.

I was able to uninstall Sendori from add/remove programs.

Thursday, April 25, 2013

importing autocomplete in Outlook 2010 from 2003 with complicating Google factor

I had a weird situation where I was taking an autocomplete database from Outlook 2003 to Outlook 2010 where the account was on Google Apps.

When you set up a Google Apps account, it pulls down an autocomplete database from the Google Apps account (presumably the autocomplete that exists from when you use webmail).  But if you were primarily using Outlook (2003 in this case), there is a much larger autocomplete database that you need to add.

You're supposed to be able follow the methods listed here, but they weren't working for me using the NK2 file I had and trying to bring them into Outlook 2010:
http://support.microsoft.com/kb/980542

What I ended up doing was creating a POP account that allowed me to to import the NK2 file (in my case, I put the NK2 file in the appropriate location \appdata\roaming\microsoft\outlook and created an Outlook profile with a POP account with the same name and it imported automatically).  With that, I had NK2 file in the autocomplete stream file.

I tried several times to rename the existing autocomplete stream file with the stream file with no success.  The file would revert back to an 1 KB file with no autocomplete data.  I can't explain, but I just kept trying and eventually, one time of renaming the stream file with the data I wanted with the name that was associated with Outlook worked.  I can't explain what I did differently, but I just kept trying (with the ocassional reboot) and it worked.



Friday, April 12, 2013

SBS 2008 cleanup for low C drive space situations

I was looking for options for cleaning up an 80 GB C drive on an SBS 2008 server that had 4.5 GB free, and I came across this helpful article:

http://alloraconsulting.com/it-solutions/76-windows-server-2008-low-space

I was originally looking for options for reduce the size of c:\windows\winsxs which was 13 GB, but this post recommended against it.

I did two things to get me from 4.5 GB to 14 GB free.

First, I ran "compcln.exe" (which is a built-in utility on SBS 2008) and it cleared up about 1 GB of space.

Then I ran the logs clean up batch file as an administrator:


@echo off
rem Script to clean up disk space on SBS 2008 servers
rem Downloaded from SBSfaq.com
rem V1.0 - March 28th, 2010
rem Certificate Services Logs
net stop "Active Directory Certificate Services"
del c:\windows\system32\certlog\*.log
del c:\windows\system32\certlog\*.chk
del c:\windows\system32\certlof\*.jrs
net start "Active Directory Certificate Services"
rem IIS Log Files
Del C:\inetpub\logs\LogFiles\*.log /f /s

and it cleared up another 9 GB or so in my scenario.

Thursday, April 11, 2013

new computer setup steps (revised 4/11/13)

Generic computer setup steps (to be followed in order):


  1. Boot up computer and as required, create a local account with the name of the company as the login name with predefined local admin password
  2. Attach computer to domain
  3. Uninstall these items:
    a. preinstalled antivirus
    b. preinstalled Microsoft Office
    c. Bing bar
    d. other pre-installed bloatware
  4. Configure updates for all Microsoft programs
  5. Install Microsoft updates (including any possibly missing service packs)
  6. Install MS Office
  7. Install applicable programs for organization including (but not limited to):
    a. PDF995
    b. Adobe Acrobat Standard/Reader
    c. NitroPDF
    d. MS Project
    e. MS Visio
    f. TightVNC
    g. Skype
    h. Google Talk
    i. QuickBooks
    j. Malwarebytes
    k. Java
    l. FileMaker Pro
  8. Activate Microsoft Office (applicable for Office 2010 and newer).  For Office 2010 SP2, run one of the Office programs in an elevated state for proper activation.
  9. Update non-Microsoft programs that may have updates (particularly Quickbooks and Adobe Acrobat)
  10. Install antivirus (MS Security Essentials or Symantec Endpoint Protection) - intentionally installed after all other software
  11. Configure computer so computer's current owner is a member of the local admins group
  12. Configure VPN connection with access for all users
  13. Put appropriate icons for frequently accessed programs on desktop (Computer, Word, Excel, Outlook, terminal server icon, VPN icon, accounting software if applicable)
  14. Disable WLAN card when connected to wired ethernet if possible (configurable in device manager for Dell branded WLAN cards)
  15. Configure mobile broadband card
  16. Track computer's serial number in inventory spreadsheet



When complete, if putting the computer in place for an existing user, you'll probably want to follow these steps to swap in the computer:
http://t-solve.blogspot.com/2013/03/to-do-list-for-swapping-computer.html

Tuesday, April 2, 2013

removing "copy" from calendar appointments after importing calendar

Sometimes when importing a calendar into another Outlook calendar, most or all of the appointments will say "copy" before the appointment title.  A VB script that gives a fix is here:
http://answers.microsoft.com/en-us/office/forum/officeversion_other-outlook/importing-pst-outlook-calendars-subject-title-adds/c58ccd50-451d-4519-a1c9-f0d2491abba8

Recreated here for reference:

  1. Press Alt+F11 which will open the VBA window. 
  2. In the left pane, navigate to Project1-MS Outlook Object and double-click 'ThisOutlookSession'.
  3. Paste the code into the window in the right pane (code below)
  4. Press the green arrow button to execute the code.

Code to enter in step 3 (above):

Sub FixCopy()
Dim calendar As MAPIFolder
Dim calItem As Object
    
Set calendar = Application.GetNamespace("MAPI").GetDefaultFolder(olFolderCalendar)
        
Dim iItemsUpdated As Integer
Dim strTemp As String

iItemsUpdated = 0
For Each calItem In calendar.Items
    If Mid(calItem.Subject, 1, 6) = "Copy: " Then
      strTemp = Mid(calItem.Subject, 7, Len(calItem.Subject) - 6)
      calItem.Subject = strTemp
      iItemsUpdated = iItemsUpdated + 1
    End If
    calItem.Save
Next calItem

MsgBox iItemsUpdated & " of " & calendar.Items.count & " Items Updated"

End Sub



Thursday, March 28, 2013

To do list for swapping computer

A quick to do list for swapping laptops:

On the old laptop:

  1. Gather all data from the previous laptop including (but not limited to):
    a. desktop
    b. documents
    c. favorites
    d. Firefox profile data
    e. Chrome profile data
    f. music
    g. pictures
    h. videos
    i. Outlook NK2 file
    j. Outlook archive (check both c:\archive and the folder in appdata\local)
  2. Gather profile info from previous computer including (but not limited to):
    a. default printer
    b. default browser
    c. additional mailboxes open in Outlook
  3. Note any additional nonstandard programs that may be on the laptop including (but not limited to)
    a. Dropbox
    b. itunes
    c. Acrobat, Photoshop
    d. NitroPDF
    e. Skype
    f. Google Talk
On the new laptop:
  1. Log in as the user
  2. Configure Outlook as needed including (but not limited to):
    a. configure account
    b. configure archiving as appropriate
    c. add bcc field to new messagee
    d. copy signature from sent items to this Outlook
    e. add back any additional mailboxes to Outlook
  3. copy data from backed up data from old laptop including (but not limited to):
    a. desktop
    b. documents
    c. favorites
    f. music
    g. pictures
    h. videos
    i. Outlook NK2 file
  4. add all relevant printers
  5. set proper default printer
  6. install browsers, if needed
  7. copy Chrome/Firefox profile settings to new computer 
  8. set proper default browser
  9. add terminal server icon to desktop (if applicable)
  10. set up VPN and/or add icon to desktop (if applicable)
  11. install TightVNC (if applicable)
  12. Rename computer with appropriate initials in computer name
  13. set up backup
  14. install all updates
  15. make sure antivirus is up to date
  16. track new computer ownership in inventory spreadsheet

Monday, March 18, 2013

Fixing Unifi errors on 64 bit systems

I've become a big fan of Ubiquity Unifi wireless devices (with the exception of the absurd fact that their standard devices support wireless speeds of 300 Mbps but only put in a 100 Mbps ethernet port - real genius there).

If installing the controller software on a 64 bit machine, I found these tips to help the Unifi controller work better from their forums:

If you are getting an error when double-clicking the shortcut saying that the that the javaw.exe executable cannot be found -- then -- be advised the default installation on the 64 bit platform creates the shortcut incorrectly. Repoint the shortcut from ..\system32\.. to ..\sysWOW64\..

Or if the controller tries to start and then can't, complaining about port 8080 being in use, first simply try logging off as that user and logging right back in (do not reboot).

Sunday, March 17, 2013

forwarding email with autoreply on Office 365

One of my clients' preferred way to handle a departed employee is to set up an autoreply and forward the email to another staff member.  This doesn't work as it should on Office 365.  With a regular on-premise Exchange server, you can set up the autoreply in the mailbox and configure forwarding with still delivering the message to the departed user's mailbox, and it works as intended.

With Office 365, the forwading happens, but the autoreply doesn't go out even though the mailbox is configured to receive the message.  Very annoying.

To get around this, I had to configure the autoreply and set up an Outlook rule to forward the messages.

While researching this, I found this semi-helpful page on dealing with terminated employees when you have Office 365:
https://www.cogmotive.com/blog/office-365-tips/dealing-with-terminated-employees-in-office-365


Saturday, March 16, 2013

Xerox printers disappear and cannot be reinstalled - print processor trouble

I had two client computers over the course of a week have two copiers disappear from their list of printers.  All of other printers remained.  And when I tried to re-add the printers - whether via the printer server or as local IP printers, it would fail.  It was isolated to my two Xerox printers.

I don't remember where I found it, but I found a reference to a problem with the print processor.  The print processor is isolated to each model of printer.  In the end, I have to delete the print processor data from the registry for Xerox printers and then reboot.  Problem resolved.  Of note - these machines were each infected with malware the week prior.  Several days passed between the infection and the issue - so I can't draw a correlation, but just to note.

Here's the registry entry I had to delete:

Friday, March 15, 2013

uninstalling GP Dynamics 2010

I had some trouble uninstalled a broken GP Dynamics 2010 install - so I thought I'd document what resources I used to do the uninstall:

http://www.kuntzconsulting.ca/index.php/blog/article/issues_with_gp2010_and_uninstalling

and

http://support.microsoft.com/kb/2581260


Thursday, February 14, 2013

spambot on the LAN caused our mail server to get blacklisted - how I handled it

Yesterday, a machine on one of my client's LANs got a virus (particularly the cutwail spambot).  The machine began sending out spam which got the LAN's public IP address put on 6 different blacklists which severely compromised the functionality of my Exchange 2010 server on the LAN that served approximately 80 users.

The first thing I wanted to do was identify the compromised computer and clean it.  With more than 80 computers on the LAN, I needed a centralized way to do that.  Luckily, my Fortigate 60C firewall can spit out a report with that information.  Under System -> Config -> Advanced, there was a packet capture widget which could give me what I needed.  Here's how I captured all traffic on port 25:



The packet capture file was in PCAP format, which is a Wireshark format.  I opened up the file in Wireshark, and I could see (in this case) that 172.16.1.107 (which is not the mail server) was sending a lot of traffic over port 25 to a lot of different locations.  This was my culprit.  I cleaned the computer using Malwarebytes and then delisted the public IP from the various blacklists it was on.




I'm going to look at options for having all network traffic go out on a different IP than the one that the mail server uses to avoid this in the future.  That could be a long term solution to this issue.

Thursday, February 7, 2013

allowing Bomgar reps to share screen without permission from user

By default, a new Bomgar rep will need permission from users in order to view or control the user's screen.  There is a check box you can clear that will allow reps to take control of the user's screen without needing the user to authorize it.

Go to your /login page - such as https://remote.companyname.com/login
Log in as an administrator

Click on edit next to the name of the rep you want to add this ability for:










Uncheck both boxes as noted below (though only the box for "prompt customer for approval of these actions in attended sessions" is necessary)



Thursday, January 24, 2013

Office365 Shell Commands (for reference)

As of 3/5/13, here are the commands I have used for adjusting Office365.  Generally, I run a PowerShell script the enters all the commands for me once I log in.  I describe the process for setting up and using the PowerShell script here:
http://t-solve.blogspot.com/2013/11/how-i-configure-script-to-get-into.html


From there, I can run any of these commands

remove password expiration:
Get-MsolUser | Set-MsolUser –PasswordNeverExpires $True

remove password complexity requirements:
Get-MsolUser | Set-MsolUser -StrongPasswordRequired $false
(of note - you can only set non-complex passwords via shell, not in the web interface, the web interface will still require complex passwords.  And all passwords, even in the shell, must be 8 characters long)

set user password in the shell:
Set-MsolUserPassword -UserPrincipalName user@contoso.com  -NewPassword "orange42" -ForceChangePassword $false

give Bob full access to Joe's mailbox:
Add-MailboxPermission -identity joe@contoso.com -user bob@contoso.com -AccessRights FullAccess

remove Bob's full access to Joe's mailbox:
Remove-MailboxPermission -Identity joe@contoso.com -User bob@contoso.com -AccessRights FullAccess

give Bob send as access to Joe's mailbox:
Add-RecipientPermission joe@contoso.com -AccessRights SendAs -Trustee bob@contoso.com -Confirm:$false

forward Joe's email to Bob (oddly, for the mailbox to be forwarded, you enter the mailbox name and enter the address for where you're forwarding):
Set-Mailbox -Identity joe.smith -DeliverToMailboxAndForward $true -ForwardingSMTPAddress bob@contoso.com

check forwarding status of a Joe's mailbox:
Get-Mailbox jos.smith| Ft ForwardingSMTPAddress

cancel forwarding of Joe's email
Set-Mailbox -Identity joe.smith -DeliverToMailboxAndForward $false -ForwardingSMTPAddress $null

give Bob.Jones publishing editor permission to Joe.Smith's calendar (in this command, you use usernames and not full email addresses):
Add-MailboxFolderPermission -Identity “Joe.Smith:\Calendar” -AccessRights PublishingEditor -User Bob.Jones

give Bob.Jones publishing editor permission to Joe.Smith's contacts (in this command, you use usernames and not full email addresses):
Add-MailboxFolderPermission -Identity “Joe.Smith:\Contacts” -AccessRights PublishingEditor -User Bob.Jones

In the two commands above, possible permissions are: Owner, PublishingEditor, Editor, PublishingAuthor, Author, NonEditingAuthor, Reviewer, Contributor, AvailabilityOnly, LimitedDetails

Monday, January 21, 2013

Office365 Staged Migration Thoughts

This weekend I did a staged migration from an SBS 2008 server to Office365.  I followed this article for the most part, which was excellent:

In my case, I had the $4 per month Exchange Online plan, which does do active directory sycning as opposed to the small business plan, which does not.

In my case, I had 77 mailboxes I wanted to migrate, some as small as 50 MB, a couple that were 6+ GB and about a dozen that were 3+ GB.  


The things I'd like to remember for future migrations are:
1) really spend time archiving (either just for this process or overall) to get mailboxes as small as possible.  Over time, mailboxes seemed to transfer at a rate of 5 MB per minute - whether I was migrating 3 mailboxes at a time or 10 at a time, so this seemed to be the max upload rate over time (over my 10 Mbps symmetrical circuit).
2) Migrate as many possible mailboxes at a time as the math allows.  In the migration process, Microsoft recommends only doing 3 mailboxes simultaneously.  I don't know where that number (3) comes from.  The process tells you the speed of you upload as you do it, which seemed to average 5 MB/min per mailbox for me.  So I'd recommend figuring out the maximum amount of bandwidth you'd like to use for the process.  Let's say you have 4 Mbps for this process (or 4000 Kbps).  Take that number in Kbps and divide by 666.  That's how many mailboxes the bandwidth will allow.  So in this case, you could do 6 mailboxes simultaneously.
3) When you start a batch, all the users in that batch start forwarding to the Office365 mailbox even though their actual migration has started.  Let's say there are 30 users in your batch and you migrate 8 users concurrently.  If your first 8 users are migrating, those last 22 will already be set to forward their mail to Office365.  Just something to keep in mind.
4) use as few batches as possible.  I had told my users that "you'll be migrated from approximately 3 pm to 6 pm" and then put users in appropriate batches.  While it looked nice to the user to give them exact timelines, making many batches is not efficient because only one batch at a time can run.  Let's say you've got a batch with 10 users and 9 users with 1 GB mailboxes and 1 user with a 6 GB mailbox, that last mailbox will hold up the entire batch from finishing.  Making the batches as large as possible allows for the process to be as dynamic as possible.
5) Don't run the PowerShell scrips to convert on-premise mailboxes to mail user objects until the migration process is complete for the mailbox.  In step 5 of the above article, you can run some PowerShell scripts that will enable autodiscover to reroute to Office365 for migrated mailboxes even though your main autodiscover still points to your on-premise mailbox.  This allows you to migrate a subset of your users (where autodiscover points to on-premise for some and Office365 for others).  In my case, I told my staff that I'd be done Sunday at 6 pm.  I had 8 users who were still mid-migration Sunday at 6 pm.  I ran the PowerShell scripts on those users under the assumption that the migration process would continue afterwards.  This is not true.  The on-premise users no longer have a mailbox so the migration process will break.  I'm going to open up the users's old OST file, export to PST and then import to their new mailbox and not import duplicates in order to fix that since only a subset of data was uploaded.
6) Check email addresses after migration.  Some of my users were sending out email as USERNAME@DOMAIN.onmicrosoft.com after the migration.  For some reason, 3/4 of my users had the correct email address set for them in my on-premise AD in the mail user objects, but the other 1/4 had a default reply address that included onmicrosoft.com.  This should be checked by going to Recipient Configuration -> Mail Contact in the on-premise mail server.  I didn't see where to set this globally, so I fixed this manually for my misconfigured users.
7) Public folders don't exist on Office365.  Assuming you have shared calendars or contact lists, you can create users that will serve that function.
8) Be prepared for the saturation of your connection when downloading all data for the first time.  The first day after the upload (after a weekend upload), I started configuring user Outlooks as they arrived.  My 10 Mbps downstream bandwidth weas fully utilized all day which led to awful behavior.  The larger OSTs never fully downloaded all their data by day's end and inboxes were updating very slowly.  I got many complaints of "I haven't received an email in over an hour" since the Outlook was downloading data and not updating the inbox.  I had users use webmail on day 1.  Overall, for my network, I had users leave their computers on with Outlook open overnight and overall my connection was completely saturated from 8:30 am to midnight (15.5 hours).  

Sunday, January 13, 2013

Installing .net 3.5 on Server 2012 - error '“Do you want to specify an alternate source path? One or more installation selections are missing source files…”

I was installing DirSync on a Server 2012 server (in the process of doing a staged migration to Office365 from an SBS 2008 machine) and DirSync required .net 3.5.  It should be easy, but when using Server Manager to install the feature, I got this error:

Do you want to specify an alternate source path? One or more installation selections are missing source files…

I followed these excellent instructions to install it:
http://www.danielclasson.com/install-net-framework-35-server-2012/

In my case, I downloaded the ISO file and unzipped just the sources folder and modified the path.


Friday, January 4, 2013

H202 error on Quickbooks caused by DNS/network settings mismatch

This problem caused me hours and hours of headache.

I wanted to move my Quickbooks Pro 2010 database host from one server to another.  I had done everything right on the new host as far as I could tell:

  1. install the database only option on the new server
  2. update the Quickbooks version on the server to the most recent version (R16 as of the installation time)
  3. open up the necessary ports in the firewall (8019, 55338)
  4. share out a folder with the appropriate sharing and file/folder permissions
  5. Open the quickbooks database server manager and scan the appropriate folder were QBW files are stored

In this case, I was getting H202 folders over and over again no matter what I did.  I went through many wrong paths, but I eventually found the problem to be the static IP address I had set.  Even though every network setting matched the settings that DHCP provided to workstations, it still did not work.

The only change I made to get Quickbooks hosting to work was give this new server (a Win 2008 32 bit server) a DHCP reservation instead of a static IP address.  I don't know if this added A record entry in my SBS 2008 server that was required or there was some other property (no WINS on my network) - but that was the sole change I made.

As for what I was seeing (in case this helps others).

This is what I'd get in the ND file when running the QB database server manager (without opening the files - note that engine name ends in _18 even though I'm on QB 2010 which means it should end in _20 . . . this is normal):

[NetConnect]
ServerIp=10.0.0.7
EngineName=QB_server7_18
ServerPort=10180
FilePath=E:\quickbooks\Test Company.QBW
ServerMode=1


This is what the ND file would change to when I had static DNS in place:


[NetConnect]
EngineName=QB_data_engine_20
FilePath=\\10.0.0.7\quickbooks\Test Company.QBW
ServerMode=2
FileConnectionGuid=cc8c20cf6bf5445bb1397c152c58645c


This is what the ND file changed to after being successfully opened once I had the DHCP reservation in place:

[NetConnect]
ServerIp=10.0.0.7
EngineName=QB_server7_20
ServerPort=55338
FilePath=E:\quickbooks\TestCompany.QBW
ServerMode=1
FileConnectionGuid=