Thursday, November 1, 2018

Skype for Business Retention in Office 365

Much as I needed to configure a retention policy for Microsoft Teams, I also needed retention for Skype for Business conversations.  

The Data Governance area at https://protection.office.com has a Retention section, but a Skype for Business policy was giving me difficulty.  

When you build a retention policy, you specify the locations to apply it to, and Skype for Business is an option.  Other policies allow you to include all users or all areas by default.  SfB is not like that.

The added challenge was when I used the GUI to attempt to choose users, it shows 100 users.  My organization contains well over 100 users.  There were no ways to navigate between screens.  And there's no way I was checking hundreds of checkboxes to pick my users!

I wound up opening a support ticket to get some guidance.  

What we need can be accomplished by PowerShell.  Once I have established a retention policy that suits my needs, a single PowerShell command can add them to the existing policy:

Set-RetentionCompliancePolicy -Identity "MyPolicy" -AddSkypeLocation janedoe@mycompany.com

But what if I want everyone in my policy?  My basic strategy (and forgive me, as I am sure there are easier solutions, but my PowerShell skills are rudimentary at best) is as follows:


Get-MsolUser -All | where {$_.isLicensed -eq $true} | select userprincipalname | out-file AllLicensedO365Usersyyyymmdd.csv

I would then manipulate the list in a text editor (such as Notepad++).  I need to remove excess spaces.  The CSV needs to have a heading of User.  

Then:

Import-Csv AllLicensedO365Usersyyyymmdd.csv | ForEach {Set-RetentionCompliancePolicy -Identity "Keep Everything (Skype)" -AddSkypeLocation $_.User}

Voila, all my users have the policy of choice.

Wednesday, September 26, 2018

Teams Retention in Office 365

My organization is working on deploying Office 365.  It's been a slow process as our Exchange environment has lots of room for improvement.  Our users are drowning in PST files, so moving that data to Exchange Online is tedious.

We've recently enabled Teams for our organization and are currently piloting it, with possible plans for expansion.  Retention is a big deal for our organization, so configuring those settings quickly became important.  

I headed over to https://protection.office.com and went to Data Governance | Retention.  I edited our existing policy.  But, wait, there were no options for Teams.  The Teams retention settings are missing.  What was going on?

I ultimately found the answer... a Teams retention policy cannot contain any other products.  So, when you want to configure Teams retention, make a new policy that contains no other products.

Lots more helpful on retention for Office 365 here: https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies?redirectSourcePath=%252fen-us%252farticle%252fOverview-of-retention-policies-5e377752-700d-4870-9b6d-12bfc12d2423

Saturday, August 11, 2018

"This app is no longer shared with you" on iOS

I stumbled across a new problem today.

I'm very much a part of the Apple ecosystem.  On my iPhone, an app that had been purchased by my husband (AutoSleep) with Family Sharing would not open for me.

"This app is no longer shared with you.  To use it, you must buy it from the App Store." I had options to View in App Store or Cancel.  To further my confusion, viewing it in the app store only gave me an Open button.  Restarting my phone didn't help.

I found a quick answer that worked great here:
https://discussions.apple.com/thread/8273516

On iOS11, there's a new feature called Offloading Unused Apps.  If you're low on disk space, it lets you remove apps from your phone without deleting data.  If you delete an app in the traditional sense, it discards the data along with it.

So to fix my broken app, I went to Settings | General | iPhone Storage.  I selected the app in question.  I then selected Offload App.  Once that was finished, I then picked Reinstall App.

Lo and behold, the app is working again for me. 

Wednesday, June 27, 2018

Azure Active Directory Connect, High CPU Usage After June 2018 Patching

I did the latest Microsoft security updates for some servers, and was noticing my server running Azure Active Directory Connect for Office 365 was running at very high CPU.  I wasn't successful at restarting it from within the guest (or, wasn't patient enough, take your pick) and reset the VM.  The issue persisted.

My Microsoft.Identity.Health.AadSync.MonitoringAgent.Startup.exe was running at 99%.

Some research quickly tipped me off to the culprit.  (https://social.msdn.microsoft.com/Forums/azure/en-US/e9b621f6-f38c-488e-8fcb-ff85d406f256/azure-ad-connect-health-sync-monitor-high-cpu-usage?forum=WindowsAzureAD) .NET Framework 4.7.2 was the culprit.  Uninstalling the right KB depends on your OS.

  • Server 2008 R2 - "Microsoft .NET Framework 4.7.2"
  • Server 2012 - KB4054542
  • Server 2012 R2 - KB4054566
  • Server 2016 - KB4054590
I was dealing with Server 2016, so I uninstalled KB4054590, restarted, and the server seems fine.


I'll be sure to monitor the version history to see if when I go to patch next month, if Azure Active Directory Connect has been updated to address this.


Monday, June 11, 2018

Resolving Crashing Skype for Business

Today, I found myself unable to open Skype for Business.  I would load the application and it would crash.

Examining my Event Viewer, I found the following:

Level: Error
Source: Application Error
Event ID: 1000
Faulting application name: lync.exe, version: 16.0.4690.1000, time stamp: 0x5acd052e
Faulting module name: KERNELBASE.dll, version: 10.0.15063.1029, time stamp: 0x99b50546
Exception code: 0xc06d007e
Fault offset: 0x000f0132
Faulting process id: 0x3364
Faulting application start time: 0x01d40178ed74b119
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: fde33f51-913a-4302-9674-3a5370420999
Faulting package full name: 
Faulting package-relative application ID: 

I was a bit perplexed as I had run successfully last week after receiving updates.

I found the resolution here (thanks to Brian):
https://community.spiceworks.com/topic/2126287-skype-for-business-2016-problems-after-kb4018323

  • Open your Playback devices menu by right-clicking on the volume icon on your taskbar (or your preferred method)
  • Highlight your current playback device and select the Properties button.
  • Select the Advanced tab on the resulting window.
  • Under the heading ,"Exclusive Mode", ensure that both checkboxes are unchecked. Really, you can deselect the first checkbox and it will gray out the second for you.


Monday, January 22, 2018

Exchange, Trend ScanMail, SQL Server Express, and SQL Server 2012 Native Client

I have an older Exchange environment to manage in my environment.  I have hopes to migrate to Exchange Online, but in the meantime, Exchange on premise needs maintenance.

We protect our Exchange with Trend Micro ScanMail (among other products).

Recently, when calling support, I discovered I had let our version of ScanMail fall behind and was out of support.  It was time to update to ScanMail 12.5.

I read the documentation, and the process looked fairly straight forward.  I was very concerned about the risks involved (email is probably our most visible service to our end users) but the work needed to happen.

In the first few screens of the ScanMail upgrade, it pointed out that if your version was being back-ended by SQL Express, you should upgrade off SQL Server 2008 Express to SQL Server 2014 Express.  A little investigation on my part reveals, yes, I need to do this.

OK, so I cancel the ScanMail upgrade and proceed onto downloading SQL Server 2014 Express.

And unfortunately, there things stopped going smoothly.

Some way into the upgrade, it stopped.  It was attempting to do something with the Microsoft SQL Server 2012 Native Client.  It was telling me that it couldn't find SQLNCLI.MSI.  OK, fair enough, I go download it.  I point it to my download.  Nope:

"The file '<path>SQLNCLI.MSI' is not a valid installation package for the product Microsoft SQL Server 2012 Native Client.  Try to find the installation package 'sqlncli.msi' in a folder from which you can install the Microsoft SQL Server 2012 Native Client."


Uh oh.

I tried other downloads, and even scoured the server for every copy of SQLNCLI.MSI I could find.  Despite finding a variety of versions, every file returned that same error message.

Finally, out of ideas, I hit cancel on the prompt for the SQLNCLI.MSI.  The installation continued on.

But, unsurprisingly, it failed, telling me that several components had been unsuccessful.

At this point, I took inventory of the server, and could see I was in rough shape.  I could see signs of SQL Server 2008 Express and 2014 Express both on the system.  But the 2008 version was what was still running.

Some quick Googling didn't yield any results.  Given the criticality of this server, I felt a call to Microsoft Support was my best option.

When I got my support technician on the phone, he had me try one interesting avenue (that didn't help my situation but could be helpful in general).   This utility checks for missing SQL MSI files and can remediate.  My server yielded no results.  The link to that utility is here: 
FixSQLMSI Version1.3.zip

Once that didn't yield any solution, his suggestion then became the right one.  Uninstall the SQL Server 2012 Native Client, and rerun the SQL Server 2014 Express upgrade.

That finished successfully.  I then had healthy SQL Server 2014 Express.  And I was able to successfully complete my ScanMail 11.0 SP1 to 12.5 upgrade.