Offline Files Service Crashing/Unavailable

February 27, 2015 by Ed Sparks

A common scenario that bites many a company that extensively uses Windows imaging for deployments, is that Offline Files completely melts down after a newly imaged system is setup.

This will show up in the event logs as the Offline Files service being unable to start, Folder Redirection breaking etc. The first sign is usually a system event log error like

Windows could not start the Offline Files service.
Error 3: The system cannot find the path specified.

The best resolution is to make sure the reference system (where you took the image from) always has Offline Files disabled before the image is taken, in addition to Sysprep being run.

However, if you've already taken an and applied an image and have a broken system, then thankfully the fix is simple. Just set a registry key to reset ("Format") the Offline Files ("Client side cache") database. On Windows 7 and 8, this can be easily done by running the following from an Administrative command line:

REG ADD "HKLM\System\CurrentControlSet\Services\CSC\Parameters" /v FormatDatabase /t REG_DWORD /d 1 /f

Reboot the computer, and the Offline Files database will be reset and recreated. Offline Files should start normally, and things like Folder Redirection and the like will follow.

Offline Files, Folder Redirection and DFS are some of the most complex to configure Microsoft technologies with an enormous amount of gotchas and hotfixes. It's one of our most frequently requested support items from customers. We've developed a great deal of expertise and best practices around these and will be posting an article soon detailing our findings.

In the meantime, why not contact us to help today!

Office 365 (Small) Business Plans now on par with Enterprise

February 25, 2015 by Ed Sparks

Transport Rules in Office 365 Small Business

Microsoft rolled out the consolidation and updates to their Office 365 plans back in October 2014, which was a huge step in the right direction for the service.

Not only did they simplify down to fewer plans (a rare move for Microsoft!), they also finally unified the administrative UI for all. No longer will we have to remember obscure URLs (I'm looking at you Exchange Control Panel), or muddle our way through a mix of confusingly different admin sites. On top of that, you can now have up to 300 mailboxes in the Business plans, and can mix and match Business, Enterprise and Standalone SKUs all in the same account. FINALLY!

Somewhat lost in this news - but a very welcome change - is that the actual back-end infrastructure is now the same for all of the services. That means Business customers now get virtually all the power as Enterprise customers. Of particular interest is Transport Rules. A glaring absence in previous Business plans, these are now fully available across the board. You should drop everything and go enable a Transport Rule to "Block Executable Content" on ALL of your Office 365/Exchange Online domains. This is a superb anti-malware step that makes every admin's life easier.

Now, in true Microsoft fashion, this transition couldn't be simple. Everyone on an existing Small or Medium Business Plan will need to either manually force an upgrade to the new plans (and thus, we're assuming, get migrated behind the scenes to new infrastructure) or wait until October 2015!

No problem, you say, we've got our old friend the Switch Plans Wizard. I like wizards! Switch Plans will let you upgrade early, except when it won't. Which seems to be most of the time.

Currently it won't work if there are ANY open service Incidents under the Service Status page. Additionally, upgrades to the new plans aren't available if you have more than one type of existing Plan. Small Business and Small Business Premium? Nope. Old P Plan mixed with newer Small Business Plan. Nope.

However, there does seem to be a workaround. Pick your largest group of existing subscriptions and cancel the others temporarily (i.e if you have 10 Small Business and 2 Small Business Premium subscriptions, keep the Small Business and cancel the Premium.) Nothing will happen to your mailboxes or users. The users and licenses will just temporarily go into a licensing holding pattern on Microsoft's side. Users won't lose access or notice anything. You will, however, get a temporary warning about license problems in the Admin Portal, though.

At this point the Switch Plans Wizard under the Billing section of the Portal should now allow you to upgrade your existing Small or Medium Business Plans to the equivalent Office 365 Business Essentials or Business Premium plans.

Just like that you'll be migrated and have a much more powerful and easy to administer service! The bonus? They're cheaper, too. Also - remember to then go back and purchase the equivalent new versions of the other licenses you cancelled.

Here's Microsoft's original blog post on the topic:
http://blogs.office.com/2014/07/09/evolving-office-365-plans-for-small-and-midsized-businesses/

Update: We've clarified this process with a recent transition, and it's still far more complicated than it needs to be. Microsoft really needs to make this simpler.
When removing multiple types of license to temporary consolidate down to a single license type, it will still take 30 days by default before the license type is "deprovisioned" from Microsoft's systems. Only after that time has passed can the Switch Plans wizard be used.

It is possible, however, to open a ticket with Microsoft to have an "Expedited Deprovisioning" performed on a license. This happens within 3 days, and requires filling out a special form, and you must first ensure that you have temporarily assigned a different license to all active users first, or there is risk of the users and mailboxes being deleted.

Need Office 365 Migration Help? Want us to do the hard parts for you? Contact us today.

Exchange Online (or EOP) Transport Rules and Distribution Groups

February 25, 2015 by Ed Sparks

When creating a transport rule that is meant to apply to a Distribution Group in Exchange Online (or EOP or Exchange 2013 for that matter), often an administrator will attempt to use "The sender is" or "The sender address includes" or look for text in a the "To:" header.

Unfortunately, none of these options will work due to the way that Exchange appears to first expand the Distribution Group, then checks the Transport Rules.

This information is non-obvious and buried in the Transport Rule Conditions documentation.

Symptoms of this issue are that the transport rule won't fire, and as a result any actions will be skipped.

So how do you work around this? Use a condition of "The To or Cc box contains" in the rule, and it will correctly check for the SMTP address of the Distribution Group. It does not appear possible, however, to check for a BCC to a DG.

Administrators must also be careful not to use "The Sender is a member of" or this rule will apply to all emails received by users who are a member of the list, which can have major negative effects.

On the other side of the Transport Rule fence is trying to use a Transport Rule Action of Forward or Redirect a message to a Distribution Group. This will appear to work, then throw an error when the rule is saved:

The transport rule can’t be created because MyGroup@MyDomain.com, the recipient to be added by a rule action, is a distribution group. Transport rules can’t add distribution groups to messages.

This is a known issue, and the only workaround in this instance is to create a hidden Shared Mailbox. Change this Shared Mailbox's Delivery Options to Forward mail to your Distribution Group only, then set the Transport Rule to Redirect or Forward to this new Shared Mailbox. Clunky, but it works.

The Many Faces of Office 365

June 24, 2014 by Ed Sparks

Updated: July 18
Microsoft has recently announced updates to its Office 365 offerings, which represent a significant improvement, addresses many of our ongoing complaints with the small business plans, and for many a substantial price drop. There will be some initial confusion, but good news come October all around!

Again, from Paul Thurrott:

Last week, Microsoft announced some major changes to its Office 365 versions for small and medium-sized businesses, triggering an avalanche of questions. And with the fog of war starting to finally fade, I feel like I have a better handle on what this will mean to those SMBs who are already on Office 365 but are unsure how these changes will impact them.
The good news? The changes are all positive. For customers with small business versions of Office 365—that is, Office 365 Small Business and Office 365 Small Business Premium—your subscriptions will be upgraded somewhat (albeit in ways that will impact few customers) and the cost of those subscriptions will remain the same. For midsized businesses, however—those with Office 365 Midsized Business subscriptions—the news is even better: You're about to realize a significant price reduction.

via http://windowsitpro.com/office-365/what-years-office-365-changes-mean-smbs

Microsoft offers a dizzying array of options for Office 365, and unfortunately causes confusion between the various options as are some are hosted on their consumer services (Outlook.com/OneDrive/Microsoft Accounts), while the majority are on the Business Service platform (Exchange/SharePoint/Lync/OneDrive for Business/Organization Accounts). Further confusing matters is that there are software-only subscriptions, and many are under the false impression that "Office 365" refers only to this, and not services at all.

Paul Thurrott at Winsupersite.com has written a superb article documenting the various intricacies of the service offerings. Well worth a read.

It is our hope, along with many others in the Microsoft community, that they will soon merge all of these services into one platform and end the confusion.

In the mean time, regardless of version, we continue to believe it's a fantastic service and value and superior to most offerings in the marketplace.

Have an on-premise Exchange server? Wondering how easy it can be to move to the cloud?
Let us help you migrate today!

Source: http://winsupersite.com/office-365/office-...

Connecting or Ending another RDP session in Windows 2012

April 4, 2014 by Ed Sparks

As part of the complete re-architecture of the Remote Desktop Services Roles in Windows Server 2012, Microsoft moved the cheese in a serious way.

While there is much that is great about the new design, and we applaud their decision to more holistically approach all of the disparate remote connectivity and VDI options provided by the OS, the UI is an incomplete, slow and confusing mess.

One of the biggest problems was that they severely hampered the built-in Administrative RDP connections that have existed since Windows 2003, and got rid of all of the old TS/RDP Management Tools. Even more painfully, they turfed everyone's old friend RDP Session Shadowing. Thankfully this has made a return in Windows Server 2012 R2, but the management and UI haven't improved much.

As a result of all of this, it became difficult to do the simplest of tasks. One of the most common that many admins used the Remote Desktop Services Manager utility for was connecting to another session, or ending a hung or disconnected session. Alas, no RDS Manager for you dear 2012 User. Too simple!

What to do? Task Manager. Seriously.

While this functionality has existed for quite some time, it is (by my quick survey of admins) unknown and rarely used. It is, however, surprisingly functional.

Simply bring up Task Manager, click More Details to switch to the "Actually Useful" mode, and then click the Users Tab. All current sessions will be displayed, along with a list of their processes. Right click on any session to connect to or end the session.

Simple, but non-obvious.

EAP! Event logs are full of DLL path validation errors

January 24, 2014 by Ed Sparks

Once again, Tier 1 PC vendors are failing to send out products with proper drivers and clean, smoothly operating OS builds.

It's shocking that in this era of Ultrabooks and tablets - all aimed at a premium market and with premium prices to match - vendors still send out systems littered with terrible bloatware, outdated drivers, and long lists of outstanding OS updates waiting. Often even the OS is full version-behind or more behind current.

We're particularly looking at you Dell!

The latest cases we're seeing are from current Dell and Lenovo systems with Haswell ("4th Generation Intel Core") chipsets and Intel WiFi onboard. On these systems, the System Event Logs are littered with entries similar to this:

The description for Event ID 2002 from source Microsoft-Windows-EapHost cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Eap method DLL path
25
9
0
0
The handle is invalid

As is also often the case the Corporate tech support sites were of no use, and the available driver updates from the vendor did nothing to clear the events or resolve the root cause.

Our own investigation found the issue appears to be some Cisco-specific EAP registry keys are being added, without proper driver or backing software.

The solution? Fire up our old friend RegEdit and look under the following registry path:

HKLM\System\CurentControlSet\Services\Eaphost\Methods\311

There will be several entries referencing paths for Cisco drivers or DLLs that don't exist. Remove any of these type of keys.

No reboot is necessary, and the errors go away immediately.

We've also found this resolves some Cisco and other third-party IPSec VPN issues as well.

The shockingly easy way to hack or reset a forgotten Windows password

January 4, 2014 by Ed Sparks

This trick has been around for years, and long assumed fixed. Surprisingly, while recently investigating a related issue we discovered this one is still going strong in Windows 7 and 8 (along with Vista, where it originated).

In what has become known as the "Utilman Trick," if you are able to physically access a system and boot from a Windows install or recovery disk, you can quickly change a file, reboot into the original Windows install and with a few clicks change the password of any account. You can also create new accounts, and perform all order of administrative management.

While Bitlocker, or physically denying access to the system will obviously solve this, it's shocking that this continues to exist.

The details, and simple process are well documented here at Technibble, among hundreds of other places.

Here it is in a nutshell:

1. Recovery Boot

cd windows\system32
ren utilman.exe utilman.exe.bak
copy cmd.exe utilman.exe

2. Normal boot

net user administrator newpassword

Yes, really!