Thursday, April 28, 2016

"Your user account is disabled" error is thrown after upgrading VMware Horizon View to 6.2.0 or 6.2.1

Problem

I recently ran into an issue while upgrading VMware Horizon View to 6.2.0 and 6.2.1 when I noticed that user accounts from other Active Directory domains within the same forest of the domain you have VMware Horizon View installed on are no longer able to log into their virtual desktops with the following error message thrown:

Your user account is disabled

image

Logging into VMware Horizon View continued to work as expected with accounts that belonged to the same domain the server was installed in.

Solution

Searching through the internet revealed that there did not appear to be any official VMware KB article describing this issue and the only two posts related to this error did not contain any resolution:

https://communities.vmware.com/thread/532241?start=0&tstart=0

https://communities.vmware.com/thread/520384?start=0&tstart=0

Having exhausted all options, I decided to rollback the environment to 6.0.1 then opened up a ticket with VMware (case #: 16955248704). What was strange was that when I finally spoke to an engineer, the first thing they asked was whether we had domain issues and when I told him no, he told me there was no such known issue for 6.2.0 and 6.2.1. After sending the engineer the forum posts included above and waiting for a week, the engineer finally emailed me and said this was indeed a known issue and that the only way around it was to upgrade to version 7. I’m not exactly sure if there is a workaround for the earlier versions but the engineer did not provide me with one so I’m going to assume he’s correct.

Hope this post helps anyone who might run into this issue during an upgrade.

Wednesday, April 27, 2016

Controlling Outlook Options' "Update tracking information, and then delete response that don’t contain comments"

I recently had to determine how to disable the Update tracking information, and then delete response that don’t contain comments option in the File > Options > Mail > Tracking settings via either GPO or registry but wasn’t able to find any information available:

clip_image002

After going through the Outlook settings provided by the ADM file and not finding anything, I managed to track down the registry so I thought it would be good to write this quick blog post for others.

The registry key that controls this configuration is located in:

HKCU\Software\Microsoft\Office\14.0\Outlook\Options\General

Name: AutoDelRcpts
Type: REG_DWORD
Data: 1 (enabled) and 0 (disabled)

clip_image002[5]

Hope this helps anyone who may be looking for this information.

Disabling “Do Not Send a Response” option for meeting invites in Outlook 2010 and Outlook 2016

I’ve recently been asked by a client whether there was a way to disable the Do Not Send a Response option within Outlook 2010 and Outlook 2016 because the Response column in the View Tracking Status does not get updated unless the user chooses to send a response:

image 

image

After doing a bit of research on forums about this topic, it appears many users have complained about sending a response because it would lead to mailbox clutter for the meeting organizer and the proposed solution is to turn on the Update tracking information, and then delete response that don’t contain comments option in the File > Options > Mail > Tracking settings:

clip_image002

While this helped with encouraging users to send a response, the client still wanted to disable the Do Not Send a Response option and after a bit more digging, I found the solution in this forum post:

https://social.technet.microsoft.com/Forums/office/en-US/5861d690-aae8-4f37-a9e6-687984fb2540/how-to-disable-meeting-response-action-do-not-respond?forum=outlook

The setting to disable the option is in User Configuration > Polices > Administrative Templates > Microsoft Outlook 2010 > Disable Items in User Interface > Custom

Proceed and enable the setting Disable command bar buttons and menu items and then enter the following command bar ID:

  • 19987
  • 19995
  • 19991

image

Apply this GPO to the user accounts that require this configuration and users should see the following when attempting to accept a meeting:

image

I’ve also tested this with Outlook 2016 and can confirm that the same settings with the Office 2016 policy templates yield the same result.

Tuesday, April 12, 2016

Monitoring disk space with simple PowerShell script

I’ve been asked several times in the past about what I typically use to monitor server disk space if the environment I was working in did not have a proper monitoring server or was in the process of deploying one and I’ve always recommended a script I’ve used for quite some time but never blogged about it so I thought it would be great to do so as I could give credit to a script a fellow blogger created as well as demonstrate how to set it up as a task in Task Scheduler.

The PowerShell script I’ve been using for the past few years that works with Windows Server 2008 R2 and 2012 R2 is written by Sean Duffy:

Disk Space Monitoring and Early Warning with PowerShell

https://www.simple-talk.com/sysadmin/powershell/disk-space-monitoring-and-early-warning-with-powershell/

What I like about this script is that it allows you to specify a list servers to monitor in a text file and provides a simple report coloured in red:

image

The way I automate this script is to perform the following steps:

Step #1 - Selec t a server that I would like to execute this PowerShell script on then create the following folder:

C:\Scripts\CheckDiskSpace

Step #2 – Create the following 3 files:

image

File #1 - CheckDiskSpace.txt

Copy the following command into this file:

powershell.exe -command "& 'C:\Scripts\CheckDiskSpace\diskspace.ps1' 'C:\Scripts\CheckDiskSpace\list.txt' "

File #2 - DiskSpace.ps1

Copy the PowrShell script into this file:

--------------------------------------------------------------------------------------------------------------------------------------------------------------

#########################################################

#

# Disk space monitoring and reporting script

#

#########################################################

$users = "toaddress@yourdomain.com" # List of users to email your report to (separate by comma)

$fromemail = "fromaddress@yourdomain.com"

$server = "yourmailserver.yourdomain.com" #enter your own SMTP server DNS name / IP address here

$list = $args[0] #This accepts the argument you add to your scheduled task for the list of servers. i.e. list.txt

$computers = get-content $list #grab the names of the servers/computers to check from the list.txt file.

# Set free disk space threshold below in percent (default at 10%)

[decimal]$thresholdspace = 10

#assemble together all of the free disk space data from the list of servers and only include it if the percentage free is below the threshold we set above.

$tableFragment= Get-WMIObject -ComputerName $computers Win32_LogicalDisk `

| select __SERVER, DriveType, VolumeName, Name, @{n='Size (Gb)' ;e={"{0:n2}" -f ($_.size/1gb)}},@{n='FreeSpace (Gb)';e={"{0:n2}" -f ($_.freespace/1gb)}}, @{n='PercentFree';e={"{0:n2}" -f ($_.freespace/$_.size*100)}} `

| Where-Object {$_.DriveType -eq 3 -and [decimal]$_.PercentFree -lt [decimal]$thresholdspace} `

| ConvertTo-HTML -fragment

# assemble the HTML for our body of the email report.

$HTMLmessage = @"

<font color=""black"" face=""Arial, Verdana"" size=""3"">

<u><b>Disk Space Storage Report</b></u>

<br>This report was generated because the drive(s) listed below have less than $thresholdspace % free space. Drives above this threshold will not be listed.

<br>

<style type=""text/css"">body{font: .8em ""Lucida Grande"", Tahoma, Arial, Helvetica, sans-serif;}

ol{margin:0;padding: 0 1.5em;}

table{color:#FFF;background:#C00;border-collapse:collapse;width:647px;border:5px solid #900;}

thead{}

thead th{padding:1em 1em .5em;border-bottom:1px dotted #FFF;font-size:120%;text-align:left;}

thead tr{}

td{padding:.5em 1em;}

tfoot{}

tfoot td{padding-bottom:1.5em;}

tfoot tr{}

#middle{background-color:#900;}

</style>

<body BGCOLOR=""white"">

$tableFragment

</body>

"@

# Set up a regex search and match to look for any <td> tags in our body. These would only be present if the script above found disks below the threshold of free space.

# We use this regex matching method to determine whether or not we should send the email and report.

$regexsubject = $HTMLmessage

$regex = [regex] '(?im)<td>'

# if there was any row at all, send the email

if ($regex.IsMatch($regexsubject)) {

send-mailmessage -from $fromemail -to $users -subject "Disk Space Monitoring Report" -BodyAsHTML -body $HTMLmessage -priority High -smtpServer $server

}

# End of Script

--------------------------------------------------------------------------------------------------------------------------------------------------------------

File #3 - List.txt

Type in the list of servers you would like to monitor:

image

Step #3 – Configure the variables in the scripts

Open the DiskSpace.ps1 script and modify the email address the report should be send from and to, the server name of the SMTP server that will be sending the email, the % for the threshold you would like to set for the free disk space.

What I usually do as a test is to set the threshold to 50% so that an email would get fired off during the initial setup allowing me to confirm that all the variables are set up properly.

Step #4 – Fill in the List.txt file with server FQDNs

As shown in the screenshot above, proceed by adding in the FQDNs of the servers you will be monitoring with this script.

Step #5 – Test Script

Open the CheckDiskSpace.txt then copy the command in the file:

powershell.exe -command "& 'C:\Scripts\CheckDiskSpace\diskspace.ps1' 'C:\Scripts\CheckDiskSpace\list.txt' "

… and paste it into a command prompt to confirm that an email alert is generated and sent to the email address you’ve specified.

Step #6 – Configure scheduled task to execute the script

Launch the task schedule and create a new task:

image

Provide a name for the Task:

image

Configure the task to Run whether user is logged on or not and Run with the highest privileges:

image

Click on the Triggers tab and create a new Trigger based on your requirements:

image

Click on the Actions tab and create a new Action with the following configuration:

Program/script: powershell.exe

Add arguments (optional): -command "& 'C:\Scripts\CheckDiskSpace\diskspace.ps1' 'C:\Scripts\CheckDiskSpace\list.txt' "

image

Save the configuration and you should now see a new task configured:

image

You can test the task by right clicking on the line item and selecting Run:

image

Monday, April 4, 2016

Patch required for upgrading Lync 2013 client to Skype for Business 2015

I’ve noticed that I’ve been asked quite a few times over the past year about how to upgrade the Lync 2013 client to Skype for Business 2015 and through speaking to colleagues and clients, I think the confusion is caused by the fact that the Lync 2013 client could be upgraded to Skype for Business 2015 through Windows updates and the update applied isn’t something an administrator would easily spot in a list that could contain a screen full of line items. Not knowing the patch required to upgrade the client then becomes a problem when administrators need to package Lync 2013 / Skype for Business 2015 installation packages for their desktops.  To avoid having to reference my notes when being asked this question again, I figured it would be best to write this blog post for future reference.

Begin by installing the Lync 2013 RTM client with the version:

Lync 2013 – 15.0.4569.1503
MSO – 15.0.4701.1000

image

image

image

Once the Lync 2013 client is installed, you can install any of the following updates to upgrade Lync 2013 to Skype for Business 2015:

  • April 14 2015 - KB2889923
  • July 14 2015 - KB3054946
  • October 13 2015 - KB3085581

The following screenshots shows how installing the April 14 2015 - KB2889923 update will change the Lync 2013 item in the start menu to Skype for Business 2015:

lyncmso2013-kb2889923-fullfile-x86-glb.exe

image

image

Lync 2013 – 15.0.4711.1002
MSO – 15.0.4711.1000

image

The following screenshots demonstrates how installing the July 14 2015 - KB3054946 update would return the same results:

lync2013-kb3054946-fullfile-x86-glb.exe

image

Lync 2013 – 15.0.4737.100
MSO – 15.0.4711.1000

image

Finally, installing the latest October 13 2015 - KB3085581 update would also work:

lync2013-kb3085581-fullfile-x86-glb.exe

image

Lync 2013 – 15.0.4763.1001
MSO – 15.0.4711.1000

image

Hope this helps anyone looking for the specific patches that would update Lync 2013 to Skype for Business 2015.

Friday, April 1, 2016

Launching XenApp 7.8 application published through NetScaler 11 fails and throws the erorr: “Cannot connect to the Citrix XenApp server.Socket operation on non-socket”

Problem

You have successfully published applications on a XenApp 7.8 application server through a NetScaler but noticed that while you are able to log into the portal and view the published applications, you receive the following error when an application is launched:

Unable to launch your application. Contact your help desk with the following information:

Cannot connect to the Citrix XenApp server.Socket operation on non-socket

image

Attempting to launch the desktop of the application server throws the following error:

Desktop Viewer

The connection to “Citrix XenApp” failed with status (Unknown client error 1110).

image

Solution

One of the reasons why this error would be thrown is if you have not defined at least one STA server in the created NetScaler Gateway Virtual Server:

image

image

Notice that the screenshot below states No STA Server under the Published Applications section:

image

The error should no longer persist once a functioning STA server (the FQDN of your XenDesktop / XenApp Delivery Controller) is configured.

Wednesday, March 30, 2016

Setting up multiple domain federation with ADFS 2012 and Office 365

Problem

You have an on-prem Active Directory domain with ADFS 2012 configured to use Office 365 services to for messaging services and would like to expand the usage to another domain that is a different tree in the same forest. The task required to do this is quite simple and that is to change the Authentication type for the new domain from Managed to Federated which is what the currently set up domain with O365 mailboxes is configured as:

image

You attempt to execute the Update-MsolFederatedDomain cmdlet with the -supportmultipledomain switch to change the federation for the currently federated domain to support multiple federated domains but receive the following error:

PS C:\> Update-MsolFederatedDomain -domainname contoso.com

Successfully updated 'contoso.com' domain.

PS C:\> Update-MsolFederatedDomain -domainname contoso.com -supportmulti

pledomain

Update-MsolFederatedDomain : The switch parameter SupportMultipleDomain is not

supported here.

At line:1 char:27

+ Update-MsolFederatedDomain <<<< -domainname contoso.com -supportmult

ipledomain

+ CategoryInfo : InvalidOperation: (:) [Update-MsolFederatedDomai

n], FederationException

+ FullyQualifiedErrorId : MultipleDomainSwitchNotSupported,Microsoft.Onlin

e.Identity.Federation.Powershell.UpdateFederatedDomainCommand

PS C:\>

image

Solution

What threw me off with this problem was that most articles I found specifies that the Microsoft Office 365 Identity Platform Relaying Party Trust needs to be removed:

image

… during this process but because the environment I was working in already had production services in use, I decided to test the -supportmultipledomain on the federated domain to ensure it actually existed and the error message:

Update-MsolFederatedDomain : The switch parameter SupportMultipleDomain is not

supported here.

… does not instill much confidence. After scheduling a weekend window for this reconfiguration, I was able to confirm that the cmdlet:

Update-MsolFederatedDomain -domainname contoso.com -supportmultipledomain

… will work once the Microsoft Office 365 Identity Platform Relaying Party Trust is removed:

image

image

image

image

So to recap, the process should be as follows:

  1. Log onto the ADFS server
  2. Launch the AD FS administration console
  3. Navigate to AD FS > Trust Relationships > Relaying Party Trusts
  4. Delete the Microsoft Office 365 Identity Platform entry
  5. Launch Windows Azure Active Directory Module for Windows PowerShell
  6. Execute the following:
    1. Connect-MSOLService
    2. Set-MsolADFSContext -Computer <internalADFSserverName>
    3. Update-MsolFederatedDomain -DomainName <alreadyFederatedDomainFQDN>
    4. Update-MsolFederatedDomain -DomainName <alreadyFederatedDomainFQDN> -SupportMultipleDomain
    5. Convert-MsolDomainToFederated -DomainName <newDomaintoBeAddedFQDN> -SupportMultipleDomain
    6. Get-MsolDomain

Hope this helps anyone who might be a bit uncertain whether the -SupportMultipleDomain switch would work or not before they delete the Relaying Party Trust.