Wednesday, January 12, 2022

Godaddy - new certificate crt and pem files, but need pfx

My brain mostly "seems" to be able to contain valuable information.  But for some reason this piece of valuable (at least 1 - 4 times a year) is never retained.  Each year I find myself pulling out the google foo to find a solution.

The issue:
I'm either purchasing a new cert, changing an existing cert, renewing a cert, etc.  I go to Godaddy, run through the process and get the download files.  I'm given a CRT, PEM, and intermediate.p7b files.
I need a PFX file.

Google foo always gives me plenty of articles about using openSSL typically.  They typically involve running a command which looks promising, but I KNOW I didn't use openSSL last time...
I think my downfall with this is that I usually type in something like "Godaddy convert CRT to PFX".  The missing part is that I actually have a PEM which is what's important to me here.

Since I typically generate the CSR from within one of my IIS instances all I have to do to get the PFX is go back to IIS.  Complete the signing request, and when asked for the new file give it the PEM.
Now, right click and export to PFX, give it a password and finish my project.

Now next year (or month) when I can't remember this easy process for the 100th time hopefully my google foo will see my own post OR I'll finally commit this to memory.

/wr mem

Thursday, October 21, 2021

NEC SV9100 inMail and Exchange Online / Microsoft 365

We've utilized NEC SV9100 with inmail for voicemail for 5 years.  We also utilize Microsoft Office 365 / Exchange Online.  

Setting up the voicemail to email feature is fairly easy and there are lots of guides online to do so.  For that matter, being in IT and setting up system SMTP for scanning, alerting, etc, etc, etc is like brushing my teeth.  So, looking at the inmail settings for SMTP was enough to make me yawn, grab a cup of coffee to help stay away the boredom, and get to work.

Ten minutes later all done, tested, working... seemingly.  I had put in the port 587, TLS, username, password, blah blah blah.  In fact, I did this almost 3 or 4 years ago.  

Fast forward to yesterday.  Complaint comes in about "I've called and left a VM and no one contacted me". Of course, that triggers the CEO to call, leave a message, and then send out the email "Who got that message?  call me".  Quick looksee anddddd, well, no one got the message WTH.  I call the number, leave a message and seconds later have the message.  Call again, receive message.  Start to suspect the number the CEO called or the classic "What did the user do wrong?".  You know PEBKAC.

At this point I decide PEBKAC is wrong (since it's the CEO) and call into the VM box directly (which btw no one checks because it's an email forward only mailbox) and listen to the messages.  I hear me testing, I hear me testing again, I hear a fax machine crap message, I hear the CEO asking for someone to call him... Definitely not a PEBKAC, but rather an OHCRAP.

After a quick chat with a friend that is an NEC Certified Tech I find that I'm not the first to see this issue.  As soon as the words "inmail Office365 random issue" come out of my computer he stops me and responds with a resounding "Yesssss, we never recommend that".  

Here's the thing, directly inputting an account into SMTP settings on inmail so that it can authenticate and send works and from my experience it almost always works.  BUT when you can't lose an occasional random message from a customer, "almost" isn't good enough.

According to my friend and online searches the general accepted method is to use Gmail, local relay, or Option #2 or Option #3 of this document. (Note: I was using option #1)

How to set up a multifunction device or application to send email using Microsoft 365 or Office 365 | Microsoft Docs

Option #2 and Option #3 I see lots of comments online of working, but in my mind Option #1 looked like it was working to me.

In the end I decided to go the tried and true way that hasn't failed me yet IIS SMTP Relay.  Alteratively using an onsite Exchange Server, HMailServer, or other reliable method would be acceptable.  Basically, I wanted the mail to have a quick trip locally to an email Queue.  With this I can even write a Powershell script to monitor it if desired.  At the very least I'm not depending on some online authentication to occur between the NEC and Microsoft which could fail mid communication.

If you haven't setup IIS SMTP Relay before, well, it's pretty easy.  Google how to install if you don't know.  I'll give the quick config to make it work with the NEC.  I usually do this on my Print Server or another lightly used server.  Note that it does require installation of the role IIS.

  1. Add a secondary IP address to the server (don't do this on a DC). I prefer to run each SMTP Relay on it's own dedicated IP.
  2. Create a new home directory (will be used in later step).  I usually put this in C:\Inetpub\New Name.  The "new name" I typically make named the task that this relay would be for.  IE, voicemail or NEC.
  3. Open up Internet Information Services (IIS) 6.0 Manager (of course after you've installed the required roles)
  4. Right click on the server name, New, SMTP Virtual Server

  5. Give it a name.  I like to name them the task followed by - and the last octet of the ip address assigned in step 1.  Example: NEC - .44
  6. Select the IP assigned to the server in Step 1
  7. Select the Home directly we created in Step 2
  8. Enter a domain name.  I typically make this the servers FQDN.  DO NOT make it the domain name of the email that these are going to.  For instance, if the account you're emailing this to is then you would not want to enter or the emails will go into the "drop" folder because it's a "local" address.  In my case the FQDN is different than the email domain so I enter FQDN :)  If your emails are going to the Drop folder (more on this in a minute) then check this.
  9. OK and you'll be presented with a new pretty SMTP relay

  10. Right click on the "NEC - .45" / virtual server and select properties
  11. Ensure "Limit number of connects to" is unchecked
  12. On Access tab, click Relay, Only the list of below, Add the NEC ip address, and I uncheck the "Allow all computers which...."
  13. Messages tab.  I change the limit message size and session size to 20480 (ie 20MB).
  14. Delivery tab, I change the expiration timeout to 4 days.  
    1. Outbound security.  This will depend somewhat on where it's going, but in my case I require authentication.  This will mostly depend on how you want to setup your SMTP Relay server using that previous link in my post.  As you can see, we're moving the Microsoft Option 1, 2 or 3 to here.  So the SMTP Relay is the one authenticating with Exchange online instead of the NEC.
      1. So, I change this to Basic Auth, enter the username of my Voicemail account, password
      2. Check the TLS Encyrption option
    2. Outbound Connections, change TCP Port to 587
    3. Advanced, change the Smart Host to
    4. Hit OK to exit out of the properties.
  15. Restart the Simple Mail Transport Protocol service (not sure if this is required)
  16. Now we test it.
  17. Make a file on the desktop of the server or somewhere named Test email.  Remove the file extension from it so that it's extensionless. 
  18. Open the file with Notepad or Notepad++
  19. Enter the following 4 lines.  Notice there are no spaces
      1. If you're using Option 1 from MS then the email address entered must match EXACTLY the account you're using to send Voicemail.
      2. Option 2 and 3 it must match any email address in your Exchange online environment. (so it can be a dist list), but note that means Step 14 Outbound security will be different as well. (maybe I'll change mine and update this post at a later date)
    3. Subject:Test
    4. Test Test (this is line 4 which is the message body)

  20. Save the file
  21. Create a copy of the file
  22. Open up file explorer to C:\inetpub\voicemail\pickup and drag and drop the copy you just made into the folder.
  23. It will instantly disappear.
  24. Go to the C:\inetpub\voicemail\drop and badmail directories to see if it's there (hopefully not).  If not then you probably got the email.
  25. If it's in Queue then something doesn't match up properly and it's gone into retry mode.  This could be that the credentials are wrong, no path out, you didn't setup Office 365 properly, etc.  Basically, it can't deliver to Office 365.  If you wait long enough (4 days) it will eventually move to badmail.
  26. If it's in badmail, then most likely issue is the From email address doesn't match up properly and it was rejected.  
  27. If it's in Drop, then from my experience this typically means I forgot my own advice and made the smtp virtual server domain the same as my email domain.  To fix this expand the tree, and in the right windows double click and change the domain.

So what was the point of this post?  This is all over the googles if you search for it...  I intend for this to be one more post that shows on the googles when people like me search to setup inmail with office365 so that others hopefully don't run into the random missing voicemail when all appears to be working OHCRAP moment.  My failure is online so hopefully you don't have this failure.

Have a better option?  Post it! 

Wednesday, October 20, 2021

IIS 7 SSL Cert - There was an error while performing this operation

It was that exciting time of year again, SSL Cert renewal time!  

I say exciting, because it never fails that when Cert renewal times comes up I hit my head against some issue (I suspect it's the exact same issue year after year and I just don't remember).

This time changing the cert in IIS 7 I'm greeted with "There was an error while performing this operation. Details: A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)

It should be noted that when this occurred the site went down!  I was able to select the old cert and hit okay and all was well again.  Select new cert, OK, and error with site down again.

NOTE: I have since found another way to produce this issue with it's own fix.  I have modified the below with Fix 1 and Fix 2.  You may have to do BOTH of the below as I recently discovered.

I found a lot of solutions out there and I'm sure they work, but I didn't see the easy one that worked for me.  I also found some that say the solution is that you have to have "export private key" checked when importing the certificate (note that this IS NOT NEEDED).

FIX 1: I had my certificate imported from a pfx without the option for export private key.  It was stored under Local Computer - Web Hosting (this is true of the old cert and new cert).

In the binding screen I selected the "Localhost" certificate.  Hit OK

I then immediately hit edit again.  Selected the new certificate from the drop down and hit OK.  Click Close, go to your site and verify it's using the new cert.

FIX 2: I had a new certificate that I imported via the IIS Server Certificates option.  No matter what I would continue to get the error following my directions above.  I found a post online where a commenter mentioned that they had to import from MMC rather than IIS.  Deleted the cert that I had imported via IIS.  Had cmd open so went to it and typed MMC, File - Add/Remote Snap-in - Certificates - Computer Account - OK. Expand Web Hosting - Certificates. Right click import my new cert changing file type to *.* and selecting cert.  DO NOT check the box for exportable.

Then went back to IIS and followed my FIX 1 steps.  Worked great.

No error, very minimal downtime (when localhost cert is selected). Happy happy

Now, will I remember this next year?  Or remember to check my blog notes?  Probably not.

Thursday, July 16, 2020

Trend Micro Worry Free Business - very slow opening of apps

We recently switched from Webroot to Trend Micro Worry Free (I now believe this was a mistake).  Almost immediately I started getting reports of "computer slowness" and started noticing this myself.  Primarily I had issues with Onedrive having issues synchronizing, opening Chrome and Edge (chromium) very slow, clicking links in emails (again opening browsers) slow, logging into Windows after a reboot long delay, slow loading of additional tabs / webpages, and other areas.

This appears to be a well known issue when using Trend Micro with "Unauthorized Change Prevention Service".  Watching the task manager when doing many of the tasks and I could see this service jump to the top.
Unfortunately, many of the TM options are dependent on this service, but at the end of the day I'm a firm believer that machines need to be speedy, so I disabled the service.  Note: I also disabled the Behavior Monitoring as this is dependent on the service.

If you're reading this while "thinking" of moving to Trend Micro I would advice you to take a test drive first.  I've found several issues which support is working through, but it's been a bumpy road.

  1. Extreme slowdown when scheduled scans run (as opposed to what we're used to seeing with Webroot).
  2. Unauthorized Change Prevention Service slowdown.
  3. Issue with builds prior to 6.7.1319 being unable to restore to domain OU's.
  4. Issue with many of our installs prior to 6.7.1319 being unable to update to latest build automatically - support still looking into issue.

Tuesday, June 2, 2020

Dot net 3.5 install error

I've had lots of issues in the past with being unable to install Dot Net 3.5 on Windows 10.  Typically, I can easily load the Win10 ISO, mount it, and use DISM with the sources switch.  Today I started encountering 2 laptops running Windows 10 that I continued to have issues and errors.

ISO mounted and received "the source files can't be found".  This was with the latest Win10 Iso download.

Checked WSUS and feature on demand is checked.

Easy fix is to bypass WSUS temporarily...
UseWUServer set to 0
Install Dot Net 3.5
Set the reg key back to 1

Monday, March 30, 2020

Windows Server 2016 RDSH - Start Menu stops working

On our farm of Windows Server 2016 RDSH (Remote Desktop Session Host) I've had seemingly random issues with the start menu stopping working.  This likely correlates with a Windows update being applied, but it's hard to tell as you do not always know immediately that it's stopped working (users complain days later or never complain and you notice when doing other maintenance, etc).

Searching the internet you find a number of solutions, but the most crazy (in my opinion) solution I found was the one that actually worked! 

In this post user MrManual says to delete and recreate a registry key dealing with the Firewall.  One, like me, would think this crazy and continue on trying all the other solutions only to have the issue remain (or return shortly).

Finally, figuring it's best to try a crazy solution than rebuild the server I open powershell and give it a go:

Remove-Item "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System" New-Item "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System"

Click start menu and GASP it opens!

Note: other ideas on the thread do work, but seemingly only temporary.  I still suspect this to have something to do with the crappy UPD's.
On the note of UPD's one might ask "if you hate UPD's so much why not switch to fxlogic?  I mean, it is free afterall..."

Saturday, March 21, 2020

Dell Latitude 7480 / 7490 loud fan issue

We have a lot of Dell Latitude 7480 / 7490 laptops deployed.  When I first got them in we had lots of issues and complaints about the loud fan speed.  Under load this is understandable, but many times this would be with no load.   This is a common issue early on for these models as one can see from the numerous posts online:

In the past when I would get one of these laptops it was a matter of ensuring the BIOS was up to date and the issue would be gone.  Lately, my own laptop (7490) started having high pitch fast fan noise.  Of course I remembered right away that I had recently updated the BIOS to 1.13.1.
I quickly decided to do a BIOS downgrade to 1.11.0 to see if that would help.

No more loud fan noise at this point... Having issues with your fan always running top speed? Try an older BIOS version and call Dell rep to complain.

I recently allowed a BIOS update to install and the issue came back on a Latitude 7490.
I then installed the Dell Power Manager application and found a section called "Thermal Management".  Under this section you can choose "Quiet", this instantly made the computer more bearable. 

Sunday, September 15, 2019

Have a device (Roku or other) that won't connect to wifi?

I have a sister-in-law that bought a new Roku express this weekend.  She spent 4 hours fighting an issue where it wouldn't connect to her wifi claiming that the passcode is incorrect.  She searched forums, called xfinity support, and Roku support all to no solution.  She found that she should enter the MAC address in the router which didn't help.  Reset her router passcode, but why when every other device is working on the wifi just fine with that passcode. Change the WPA2 AES settings to something else.  Again why, the other devices are working fine.

Finally she decides to call me.  After about 20 seconds looking at her router settings I advise making the 2.4GHz and 5GHz wifi networks the same password.  Since the Roku Express only supports 2.4GHz it's trying to connect to 2.4, but since they are different passcodes and the same SSID there is nothing indicating to her that she needs to enter the 2.4GHz passcode.  In fact she didn't even know it or that there was ANY difference as Xfinity staff set it up.

Immediately this resolved the issue

Make them the same SSID and Passcode and let it just work.  The device will connect to the frequency it wants / supports and the end user doesn't need to care.  Or if you insist on different passcodes for some reason, make the SSID different as well as a visual indicator.

Thursday, June 27, 2019

Testing your website for weak ciphers and protocols

With recent deployments and integrations of systems I have had to ensure that several websites are secure. After digging around and setting registry keys I figured someone else has done this already, so I started looking for a quick script.

One better I found this handy software:

These guys have it setup so you can set the Schannel, and Cipher Suites plus orders.
Then click the site scanner and you'll see the familiar Qualys SSL Labs site.

Monday, February 18, 2019

Wyse ThinOS and RD Gateway with Broker - External Access

The other day I was able to get my hands on a Dell Wyse 3040 with ThinOS unit. I wanted to test out connecting to a Windows Remote Desktop Gateway with Connection Broker and RDSH from home. My intended end users are at remote sites with VPN connections, but I had other ideas for some remote workers to utilize these devices (without VMWare or Citrix) to connect in.

This post isn't about setting up RDSH, RDGateway, etc.  This is in line with getting ThinOS 8.6+ working with your RD Gateway and RD Connection Broker to RDS Hosts.  Something that in hind sight was very easy, but took me a bit to weed through the online posts, ini settings, etc.

I used Wyse Management Suite to configure the device (online trial). This has been a great option and works very well.  For production I will be deploying WMS Standard onsite.

Windows Remote Desktop environment layout:
The environment consists of the following layout. 
  • All servers running Windows Server 2016
  • 1 server with RD Gateway and Web installed together.  We'll refer to this as
  • 1 server with Connection Broker installed (NOT in HA config)
  • 2 servers running RDSH and the desktop being published - Collection Name: Desktop Resources
  • Dell Wyse 3040 ThinOS 8.6_013 connected to my home network. NO VPN to main datacenter.
Goal: To get the 3040 to connect through the and broker the connection to the proper RDSH server.  I want it to prompt the user for login upon boot and upon disconnect to logout of the gateway and prompt for login again (Shared workstation).

WYSE config:
I'm going to break this down by section in the WMS portal.  Then I will do my best to put the wnos.ini out.  Obviously there are other areas to configure, I'm just giving the basics for the RDGateway to work.

Require Domain Login: First area of interest to me was to disable the "Require domain login".  I want the thin client to load and prompt with the connection to the RD Gateway. 

Certificates: Depending on the CA you used on your Gateway you'll need to import the certificates.  I used Godaddy so I had to get the .cer for the Root and Secondary.  This was as easy as going to my site, viewing the certs, and then downloading (copy to file) the GoDaddy Root CA and GoDaddy Secure CA to files.  From there you will upload both files into Apps & Data tab under the File Repository (select certificate for the type).
Now you can check the option for certs and you will see all of the certs you need listed.

Security Policy: I set mine to Full
TLSCheckCN: enabled
VNC: I turned on VNC to allow ease of testing

Visual Experience:
Action after all sessions exit: "sign off automatically"

Microsoft Broker:
Broker Server:
This should be set to your gateway server.  Include the https:// but do not including anything past the FQDN.

Sessions to connect automatically: Desktop Resources
This is the collection name.  Since in this case I'm pushing out a collection of desktops there is only the collection name and not app names.  

Microsoft RDP Settings:
Enable NLA: Enabled  
In my environment I have this on for all servers.

That's it.  Restart the device to apply and test it out.  Notice that when you logout it puts the workstation back at the login screen, perfect for shared workstations!
Note that I did NOT put any Direct RDP Connections in as this isn't needed.

here's the devices wnos.ini as delivered from WMS.

Signon=Yes SaveLastDomainUser=no LastUserName=No
AddCert="Go Daddy Root CA - G2.cer"
AddCert="Go Daddy Secure CA - G2.cer"
SignOn=No ExpireTime=0 RequireSmartCard=No SCRemovalBehavior=0 DisableGuest=No
SecurityPolicy=full SecuredNetworkProtocol=Yes TLSMinVersion=1 TLSMaxVersion=3 DNSFileServerDiscover=Yes TLSCheckCN=Yes
AutoSignoff=10 Shutdown=no Reboot=no
SysMode=Classic toolbarclick=No ToolBarAutoQuit=No EnableLogonMainMenu=No
AutoLoad=2 VerifySignature=yes
ConnectionBroker=MICROSOFT \
host= AutoConnectList="Desktop Resources"
SessionConfig=all \
SessionConfig=rdp \
EnableNLA=yes EnableRecord=no EnableRFX=yes EnableTSMM=no ForceSpan=no enablegfx=no EnableUDP=yes EnableVOR=yes USBRedirection=rdp defaultcolor=2 MaxBmpCache=128 RDPScreenAlign4=no AutoDetectNetwork=yes EnableRdpH264=yes 

Tuesday, September 18, 2018

Office 365 "Belongs to:" incorrect / activation

When re provisioning laptops and desktops that utilize Office 365 installations the subscription login doesn't update properly. Although this can be fixed as sugested by many by logging into the old users OWA account, Install Status, and deactivate this doesn't help any when the user account no longer exists.
The user can wait the 31 days until it begins to complain that it's unlicensed, but that's not good product administration in my opinion. I don't want my users to have to worry about it, period.

Logging out on the account page and logging back in also does not update the "belongs to" field.


  • Reinstall Office - wow, what a waste of time for something that should be easy
  • Do an online repair - Again, this works, but it takes awhile depending on your connection.
  • Run a quick script - YAY (but again, what the heck is MS thinking, this should be easy!)
Thanks to our good friends over at Spiceworks and in particular Marcragusa for this post.

additionally, there is a lot out there covering this once you know its an issue.

Open up a cmd prompt as administrator
  • cscript.exe "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /dstatus
  • then run
  • cscript.exe "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" /unpkey:XXXXX

I have to do this fairly often so I slapped together a weak powershell file with this. Since I'm not overly skilled with PS I have to retype the last 5 of the key back in, but at least I don't have to remember the commands. Maybe someone can take the output of the first one and pull out the last 5 for the second command automagically.

Invoke-Command -ScriptBlock {cscript.exe "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus}
$prodkey = Read-Host "Enter the last 5 characters of the product key"
Invoke-Command -ScriptBlock {cscript.exe "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /unpkey:$prodkey} -ArgumentList $prodkey

Monday, July 30, 2018

Office 365 Outlook prompts for password

We have a deployment of Office 365 with ADConnect SSO enabled. Additionally, with the implementation of modern authentication (MA) we have set the flag to true.

We also enabled MA for Skype online even though we do not use it fully currently.

More info on Modern Authentication:

We started seeing issues where Outlook would prompt for password, especially after password change. After much searching we found the following reg key that is recommended by MS when MA is utilized in order to force outlook to use MA.

We deployed the keys with GPO Preferences.
Dword: 1

Skype for Business:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Lync\ AllowAdalForNonLyncIndependentOfLync
Dword: 1

We've had a few users where this issue started again. 
Settings - Accounts - Access Work or School - select user - disconnect.  Fixes every time, instantly so far.

Wednesday, July 11, 2018

Windows 10 Fall Creators Update 1709 fails to apply (update 1803 I experienced same issue)

I recently had a number of Dell Latitude e7450 laptops that would rollback the installation of 1709. I also had several of the exact same model laptop that installed successfully.
In most cases I would be left with no indication of why it failed. I attempted installation from WSUS, Windows Update Assistant, and Windows Media Creation to USB.

I updated drivers, bios, all applications, removed AV (note had most succeed with AV), repair windows update, rename the softwaredistribution folder, etc, all to no effect.

Only when using the Windows Media Creation tool and then running the update from USB did it give me any workable indication of what was going wrong. (double click setup from the USB drive)

"We couldn't install Windows 10.  We've set your PC back to the way it was right before you started installing.  0x8007042B - 0x3000D  The installation failed in the FIRST_BOOT phase with an error during MIGRATE_DATA operation"

That helps! MS even gives a "click here" for troubleshooting codes that pertain. Unfortunately, none of them are this code.  Google foo gave some info and short time later I was looking at the C:\Windows\Panther\  folder.  In particular the C:\Windows\Panther\NewOs\Panther\setuperr.log.

Almost at the very bottom I found a line stating:
Error WRITE, 0x000000B7 while gathering/applying object: File, C:\Users\username\AppData\Roaming\Microsoft\Windows\Recent [2017_09_1_3177.pdf.lnk]. Will return 0[gle=0x00000002]
Error 183 while applying object C:\Users\username\AppData\Roaming\Microsoft\Windows\Recent [2017_09_1_3177.pdf.lnk]. Shell application requested abort[gle=0x00000002]
Abandoning apply due to error for object: C:\Users\username\AppData\Roaming\Microsoft\Windows\Recent [2017_09_1_3177.pdf.lnk][gle=0x00000002]
Apply failed. Last error: 0x00000000

The recent folder under AppData\Roaming\Microsoft\Windows ended up being the issue for every computer that I had issues updating to 1709 or 1803!

Cleanup profile:
I went to the path in question and dumped the entire recent folder.  Started upgrade again and success!
What a pain, why can't the error descriptions be descriptive and helpful.

Thursday, June 7, 2018

Office 365 - Add Shared Mailbox's Calendar to mobile device

With all the recent changes to Office 365 I found that it's become confusing as to how to easily add a Shared Mailbox OR Room Calendar to a users mobile device.  This works for both Native iOS calendar app or the Outlook for iOS / Android app.

This post goes over the new features
Calendar Sharing in Office 365

Additionally, this post goes over sharing your calendar!
Share your calendar in Outlook on the web for business

And finally, this has instructions for opening a shared mailbox in a seperate window so that you can access the necessary share button which is critical step.
Open and use a shared mailbox in Outlook Web App

Natively, when you create a new Shared or Room mailbox and assign delegates from the O365 Admin portal the new mailboxes / calendars will automatically show up in your Outlook for PC application after a short period.  They do not however automatically show up on your mobile device.  Instead, you must access the Shared / Room mailbox directly and add each user as a delegate which in turn emails an invitation to the users.  The user must then accept the invite from the mobile device which will add it to all of their mobile devices.

  1. First, we've created the Shared mailbox we want and added the "members".  This will automatically add the mailbox / calendar to those users Outlook for PC application. 
  2. Log into OWA with an account that has permission to the Shared Mailbox / Room that was just created.  Click the user account in the top right corner.  Click the "Open another mailbox..." option.

  3. Type in the name of the mailbox / room and ensure it finds it in the list.  If you don't have the proper permissions then you'll get an error "Something went wrong".  It can take some time after assigning permissions to yourself before they properly propagate.
  4. The mailbox will open in a new window.  Open the calendar.
  5. Click the Share button at the top middle.  This will open up the "Share this calendar:Calendar" window.
  6. Search for the person you want to add and give them the proper permission level.  Then click "Share"
  7. This will send an email invitation to the user. They will need to open the email invitation from a mobile device!

  8. From iOS native app the calendar is listed.
  9. Or from the Outlook for iOS / Android
  10. If the user wants to remove the calendar they can click on the i / information option on the right side (iOS) or settings gear (Outlook for iOS / Android) and at the bottom is the remove option.

Hopefully MS will give the option of having these calendars auto deploy to mobile device same or similar to the way it does with outlook for PC in the future.

Thursday, March 29, 2018

Veeam Backup Error Code 32768

Last night we received the following error on a previously working server.

Failed to create VM recovery checkpoint (mode: Veeam application-aware processing) Details: Job failed (''). Error code: '32768'.
Failed to create VM recovery snapshot, VM ID 'f74ddb15-6900-4f62-ad2a-31ed600531f1'.  

Host: Windows Server 2016
VM: Windows Server 2016 - hosting Quickbooks database manager and Azure AD Connect

Several updates had been applied to the server the day prior.  Additionally, AD Connect had been updated to version 1.1.750

Additional error from eventvwr: 
Log Name:      Application
Source:        VSS
Event ID:      8229
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
A VSS writer has rejected an event with error 0x800423f4, The writer experienced a non-transient error.  If the backup process is retried,
the error is likely to reoccur.
. Changes that the writer made to the writer components while handling the event will not be available to the requester. Check the event log for related events from the application hosting the VSS writer. 

Some googling ended up with this hit:

Open the appwiz.cpl, select "Microsoft SQL Server 2012 Express LocalDB" and repair.  This will require a reboot.

We are now able to create checkpoints of the VM again without issue.