Archive

Archive for the ‘Software’ Category

Installing KB3000850 on Windows Server 2012 R2

I recently had cause to set up a new Windows Server 2012 R2 VM at work. As per usual for an operating system of this age, there were a lot of updates waiting once the server contacted WSUS. However, the process was a bit different to the past, mainly due to 2 huge updates to Windows Server 2012 R2 that either need a service stack update or the later huge update depends on the former to be installed.

It should be noted that my host server is 2012 R2 and that my VM is being served up by Hyper-V. The guest 2012 R2 VM is running as a Generation 2 VM and Secure Boot is enabled by default.

After the first round of updates, my server didn’t download any more updates. WSUS had expired the relevant service stack update that would enable the very important April 2014 update to install, which is needed for all 2012 R2 updates going forward. I installed a later servicing stack update manually, which then let the April 2014 and subsequent updates install – something like 155 of them. After that reboot, there were 5 patches left to go, one of them being KB3000850.

Unfortunately this is when the problems started. I would install the last batch of updates, only to have the server get to about 98 or 99% and then have the updates fail and then spend a lot of time reverting the updates. It was annoying and repeated attempts to install the patches kept failing. I left the server and went home, vowing to solve the issue the next day.

After viewing the Microsoft KB article on this patch, I suddenly recalled that I had the exact same problem on my existing VM’s a few years ago and that I had gotten around the problem in the end with an extremely easy, if time consuming trick. Simply shut down the VM, disable Secure Boot, install the patch and reboot, shut down the VM and re-enable Secure Boot. It takes a while, but eventually the patch installed cleanly and my server was finally up to date.

So far Microsoft’s Cumulative patching model seems to be working well enough to cut down on the number of individual patches going forward, but they haven’t yet ingested and added all the older patches into these Cumulative updates going back to the last baseline, which is the April 2014 mega patch. If they did this, the amount of patches being installed would drop dramatically and perhaps also increase patching speed. It would also certainly help clean out my WSUS installation!

Advertisements

Adding Office365 licenses to new users via PowerShell

December 12, 2017 Leave a comment

One of the tasks any school has to do each year is remove old students and add new ones. Using the built-in CSVDE tool, you can bulk import users into Active Directory very easily. Once there, they’ll get synchronised up to Office 365 (provided they are in an OU that is selected for sync) as new users. Good stuff! The only problem is that all those new users do not have licenses assigned to them in Office 365, which means they can’t use anything. You could manually assign a license to each user individually using the Office 365 website, but that will take hours, if not days if you have a huge number of students to license. Thankfully, there is a better way: PowerShell.

A very small script that is only 11 lines long will load usernames from a seperate CSV file and assign licenses to users based on that CSV file. Here is the script:

Import-Module MSOnline
Connect-MsolService
$users = Import-Csv “C:\Users\Username\Desktop\2018.csv” -delimiter “,”
foreach ($user in $users)
{
$upn=$user.UserPrincipalName
$usagelocation=$user.UsageLocation
$SKU=$user.SKU
Set-MsolUser -UserPrincipalName $upn -UsageLocation $usagelocation
Set-MsolUserLicense -UserPrincipalName $upn -AddLicenses $sku
}

Essentially, the script connects to Office 365 with your credentials (use an admin level account to connect). Change the location of the CSV file to your own location. The contents of the CSV file is simple, just 3 columns in total – column 1 is the User Principal Name of each student, column 2 is the 2 digit country code of your country and column 3 is the product license you want to assign to the student. Name the 1st cell in each column UserPrincipalName, UsageLocation and SKU respectively. You can find out what the exact license names for your Office 365 tenancy are by connecting to it as follows in PowerShell:

Import-Module MSOnline
Connect-MsolService
Get-MsolAccountSku

You will end up with a list of license options for your tenancy, with a name along the lines of tenantname:STANDARDPACK. Copy and paste your desired license name into your CSV file for each user you want that license for.

Run the above script when you are happy with your CSV import file and if all goes well, a few minutes later all the users in Office 365 will have been correctly licensed.

You could get more complicated so that each license if configured with certain options disabled etc, but that involved extra complexity in your script. Keep it simple I reckon.

Flashing all the Firmwares

November 26, 2017 Leave a comment

In the not so distant past, updating an electronic device’s firmware was either impossible or carried a great many risks. In the slightly slower paced world back then, we didn’t complain too much, perhaps because devices shipped with by and large stable firmware that had spent lots of time in development and ended up being quite polished. In today’s break neck paced world, nothing is ever done and devices are often shipped as quickly as possible, with the promise to update the firmware and improve matters as time goes on.

For the manufacturers who adhere to this promise and regularly put out updated firmware, well done! You deserve big kudos for doing so. Sadly this state of affairs is more the exception than the rule. Far too often a device is shipped to market with initial firmware that gets updated maybe once or twice, only to be abandoned by the manufacturer who has moved onto the next bright and shiny gadget. The most obvious example of this is the mess that most Android based phones have gotten themselves into.

Sometimes firmware just operates low level hardware like the control board on a DVD burner for example. Other times it’s both that and a user interface/operating system all rolled into one – think of the web interface you use to control a home router for example. Sometimes the update just fixes bugs and adds stability, other times it does that and adds new features or updates the user interface – think updated PC UEFI or 3rd party router firmwares.

I promise there’s a point to all this rambling. The recent school holidays afforded me a chance to update firmware on a whole range of devices in my school. Network switches, ADSL routers, CCTV Cameras and the attached NVR as well as a few other odds and ends. HP deserves a special shout out here for their lengthy firmware life for older model switches. Whilst they had no reason to do, HP did keep updating the firmware of certain switches for a good number of years, which at least extended the useful life of these devices.

Sadly on the old 2610 series HP didn’t remove the Java based web interface, but the last available firmware did at least sign the binaries so that there’s one less warning when you connect. For the 2620 series, HP back ported the new UI from their modern Aruba switches, which has lead to a nice consistent interface across 3 different switch generations we own. If you’ve ever used HP’s legacy interface on the 2620 and other similar generation models, you’ll know how ugly and painful that interface was to use.

The Dahua CCTV system we used though was another story. For one thing, the fixed bullet camera we were sold appeared to have been very quickly replaced by Dahua, so there’s no new firmware beyond 2015. The fixed dome cameras did better however, with a firmware from only a few months ago. The NVR also had a much later firmware available. I flashed the NVR first, only for all hell to break out after the reboot. A large portion of the cameras refused to connect to the device after the update. Whilst most of the settings seemed to have been preserved during the update, too many little things seemed to have been disturbed. The next thing I did was to update the dome cameras one by one. When that still didn’t help, I deleted and re-added all the cameras to the NVR. To my relief, this sorted the problem and we were able to go back to using the system.

That being said, there has been some cases of the cameras displaying corrupted green screens, though that hasn’t lasted long and only seemed to be affecting 1-2 cameras. Those devices might just need to be flashed again for proper stability, but it’s still not how it’s supposed to be. Alternatively, I will check for the next available update and flash that to the cameras, hoping it solves the problem on those cameras with issues.

I still have my main server’s firmware to flash which I plan to do in the next school holidays. Intel has discontinued the S2600GZ system, but at least they also still make firmware available. That system is unlikely to get any more updates in the future, but at least it had a decent lifespan.

My suggestion when it comes to firmware updating is to flash everything you have with the latest available firmware, unless it is a completely critical core device that you cannot have any downtime or potential problems. Rather safe than sorry and sometimes an update is the only way to fix things. There’s also the option of 3rd party firmware on some devices, but that’s a whole different post.

Hyper-V bug in Windows 10 v1703

November 4, 2017 Leave a comment

I encountered a nasty little bug in Windows 10 v1703 Hyper-V a.k.a the Creators Update this past week. If you create a Generation 2 virtual machine and try to PXE boot that VM, regardless of whether it’s on an internal switch or bridged to an external network, you will end up with the following screen:

Hyper-

No matter what you do, the VM will not PXE boot. Disabling Secure Boot and fiddling with other options will not help. I was very confused by this problem, as I’ve PXE booted generation 2 clients before. A few searches later revealed this link which explains the problem in greater detail.

In short, the only answer is to either downgrade to Windows 10 1607 or upgrade to Windows 10 1709, which was released little over 2 weeks ago. Generation 1 VM’s are not affected and you can PXE boot them successfully, but they do have a higher overhead than gen 2 VM’s. How this bug crept into Hyper-V is curious to say the least, but at least there’s a definitive fix. I should add that the bug has not been fixed as of the latest cumulative update for 1703 and is probably unlikely to be fixed, given the way Microsoft now releases Windows 10 updates/upgrades.

Goodbye Exchange 2007

It’s been a while since I last posted here. Life has been super hectic and finding free time to write something coherent has been harder than I thought it would be. I’ve also seen that my last post was actually my 200th post, which in the grand scheme of things is a pretty nice milestone considering how eratic I’ve been with posting over the years.

Anyway, I’m going to keep this one short and sweet. I’m posting a screenshot I made as I was finishing the removal of Exchange 2007 from our network ±4 months ago. Our mail platform has been running successfully on Office 365 since that time, with only the very odd head scratching moment causing some minor grief. Staff have more or less settled down into using the new platform, though they probably still need a lot more time to become fully familiar with the interface. SPAM suppression seems to be working well, though I’m not sure how many staff are actually checking their junk folders for legit mail that is incorrectly marked as junk.

I must say that the un-install process went very smoothly, it just took a long time as per the screenshot below. I chose to do things properly instead of just trashing the VM, which would have been a lot quicker. The removal process removes a lot of stuff from Active Directory, though there is still quite a bit of cruft left behind.

Categories: Software Tags:

Sage Pastel Xpress/Partner V12 and 64 bit Outlook

EDIT: After migrating the department to V17, there were no issues out the box. V17 has a much newer DLL file installed out of the box, which interfaces with 64 bit Outlook just fine.

The Sage Pastel Xpress and Partner products pretty much rule the South African landscape for accounting packages. Almost everywhere you go, you’ll find some Pastel product keeping the books up to date. Our school is no exception, running Partner for the 3 ladies in our accounts department.

With my recent move to Office 365 for mail, I installed Office 2016 64 bit edition on the PC of the debtors clerk to access her mail in Outlook. No problem there, everything worked as it should. However, a few days later she called me back as she was unable to send statements out of Pastel Partner, as the PC now through up an error message when Partner tried to invoke Outlook. This wasn’t a problem in the past, as we’ve only ever used the 32 bit editions of Office. Office 2016 is the first time we’ve installed the 64 bit edition of Office.

It turns out that out of the box, Partner V12 can’t interface with Outlook 64 bit. I don’t have a 32 bit edition of Office 2016 at work, so I needed to get the functionality restored. Luckily, a bit of internet searching revealed the answer: use a replacement DLL file on the Partner installation disk. The process is as follows:

  • Close Partner and Outlook.
  • Copy the NewMail.dll file from the Pastel disk\Utils\Outlook 64-bit folder to C:\Program Files (x86)\Common Files\Softline Pastel. Overwrite the existing file.
  • Run the Component Setup utility in the Pastel folder in the Start menu. This will briefly re-register files, including the replaced DLL file.
  • Try to mail any statement from inside Partner, it should now invoke Outlook correctly.

I checked a Partner V11 disk and this didn’t contain the DLL file, so I assume it only started being introduced with V12. It’s possible that using the DLL file from the V12 disk would work with previous Partner versions going back a while, but I don’t know how compatible or reliable it will be. I have yet to test Partner V14 or V17 to see if they are compatible out the box or will also need the DLL file replaced. Since V14 and V17 were digital downloads with no extra folders, it’s going to prove interesting when I migrate the accounts department.

Lessons learned from migrating to Office 365

May 30, 2017 1 comment

My migration of staff email accounts from our onsite Exchange Server to Office 365 continues as I write this, though now at a somewhat quicker pace. With just under 50 mailboxes left to move, I should be done by the the end of this school term. So far the move has been mostly trouble free, with no email being lost. There have been some small incidents that have helped to shape future mailbox moves and have provided valuable lessons. In no order, here’s some of what I’ve learnt along the way:

  • If you plan to migrate your user’s existing mailboxes up to the cloud, you absolutely need a fast internet connection. 20Mbp/s minimum in both directions, but the faster the better.
  • If possible, get your users to perform mail cleanups before you move their mailbox. The less items in a mailbox, the less time it takes to move said mailbox into the cloud. There’s also less clutter for users after the move, which usually makes people happy, since less clutter is always a good thing.
  • If you are doing a staged migration, try to move as many mailboxes as you can per batch, so that you don’t draw the process out too long. The longer you run two systems, the more risk of something breaking or going wrong along the way.
  • Watch out for user accounts that have been renamed, i.e. people with surname changes. If this isn’t cleaned up properly before being synced to the cloud, it can come back to bite you in the ass. Cue frantic searching and entering arcane commands into Powershell.
  • Users don’t always appreciate or use manuals you may have written. Write a manual anyway, so that you’ve covered your ass.
  • Mailbox moves often don’t happen as fast as you think they should. Budget extra time for a large move.
  • Modern Outlook Web App is a really nice mail client. Light years from Exchange 2007 version obviously.
  • Use Office 2016 for fixed desktop users to connect to Exchange where possible. All previous versions are not going to get the same attention and support from Microsoft in case of trouble.
  • Office 2016 perpetual (i.e. the version you volume license and uses MSI installer) won’t get feature updates over its lifespan. This means no new and cool features like Focussed Inbox.
  • Some programs that interface with Outlook don’t like the 64 bit version of Office.
  • Direct users to the stand alone Outlook apps on Android and iOS. The built in mail client should connect with too much hassles, but Android and Exchange have always had a slightly rocky relationship in my view.

I’m in the process of moving the last giant mailboxes over in the coming week. Once that’s done, the pace of migration should go up as I move other users over with more “normal” size mailboxes. Once everyone has moved, it’s a case of testing to make sure everything is ok, then changing MX records to cut over for direct email delivery to the cloud and to cut out mail coming onsite and then back out again.