Office 365 watch – Summer 2014

Over the summer Microsoft have made some handy changes to the Office 365 UI. Some of the new additions are features I’ve wanted to see for a while and have come on board just in time for the start of the new academic year.

Start page

The lack of a coherent start page that allowed users to perform common tasks was something that seemed an odd omission from the product and didn’t make life easy for users. Previously the Office logo went off to a product page that was pretty pointless (and quite annoying). Good to see that the link now goes somewhere useful; the start page now allows users to create documents, access the key features of 365 and install Office ProPlus (if licensed).

Office 365 start screen

the new Office 365 start screen

The quote of the day is also quite amusing, albeit in a David Brent kind-of-way ;)

You can set the preference for whether you see the new start screen as the home page for all users in Office 365 settings; it’s also configurable on a per-user basis. There’s a nicely-made video on YouTube that shows where to do this if you’d like to see how…

Menu improvements for touch

The main navigation bar has doubled in size, which should make working on touch devices much easier. Noticed this rolling out last week, first appearing in OWA but now seems to be consistent across the whole O365 suite. Microsoft also allowing branding and some customisation of the menu which is a nice bonus.

Upload limit increased on OneDrive for Business

When testing out OneDrive for Business I found the 2GB file limit a bit restrictive, particularly if working with video where file sizes can balloon quite quickly. Fortunately Microsoft have upped the limit to what seems to be 10GB (based on what I’ve read elsewhere). Along with the 1TB storage upgrade means OneDrive for Business is right up there again with the competition; granted Google Drive can upload up to 5TB but good luck putting that through your internet connection!

A few more requests…

Now that MS seem to have caught up my previous wish lists here’s a few more I’m hoping for:

  • Easily visible storage meter for OneDrive for Business
    Granted it’s not so important with 1TB storage per user but it should be easier to see how much space you’ve used, either on the Start Page or front screen of OneDrive please.
  • Simpler file management in OneDrive for Business
    It’s still rather clunky to move files between folders using the web UI in OneDrive, probably something that’s due to its SharePoint origins but does require improvement.
  • OneDrive for Business client
    The desktop client is still crying out for a next-generation upgrade. It definitely needs to be more intelligent in terms of how to deal with what could potentially be 1TB of sync data and integrate more smoothly with the operating system as a coherant whole. I’d also like to see the Modern UI and Desktop versions of the app working as one rather than separately, might have to hold out until Office 2015 for progress there though

100,000 views and counting!


Hot on the heels of the 100th post I noticed the other day that I’ve also hit over 100,000 views so thought it deserved a little celebration.

When I first started this I wasn’t even expecting 100 views and thought the blog would just serve as a personal memory bank, looks like it’s proved useful to people too which is an unexpected bonus :) Thanks for reading and all your comments, now onto the next milestone of 250,000!

I wasn’t sure if celebrating 0x186a0 views was going to have quite the same headline effect…

Solving PXE boot problems on ZCM 11

pxe boot blogDuring the last week I’ve been having a look at ZCM 11.3 in preparation for when we upgrade our production zone from 11.2.3a. I wanted to check that imaging was still going to work in the same way as before as well as testing some of our new hardware that doesn’t work with the current PXE drivers.

The test environment makes use of some of our old server and comms kit including some Dell PE2950 servers running ESXi hooked up via Cisco 3750 switches.

The DHCP server was installed on a Windows Server 2012 R2 virtual machine.
I downloaded the ZCM 11.3 appliance, imported it and ran through the setup wizard, all pretty painless so far.

With the zone configured I then tried to PXE boot a client PC but it disappointly failed with an error

“PXE-E51 No DHCP or DHCP Proxy Offers received”

In the end a series of fixes were required to get PXE working, not all of them present in the official Novell documentation so I figured it might be useful to pull everything together in one place

Server services

By default the ZCM server doesn’t have the Proxy DHCP service enabled. Without this you’re going nowhere so log onto the server with Putty \ console and type the following

service novell-pbserv start

check it with

service novell-pbserv status

While you’re there it’s also worth setting it to auto-start using chkconfig otherwise it’s an easy step to forget if you reboot the server at some point in the future.


The appliance also ships with the firewall enabled but this seems to block PXE boot (!)
Solution: turn it off using the YaST tool (console onto the GUI of the ZCM server for this)


VLAN environment pre-requisites

My dev environment was set up as a series of VLANs, in this scenario make sure you have ip helper-adress configured on each VLAN interface. According to the Novell documentation you need two entries, one for your DHCP server’s address and the other for the ZCM server that’s providing the PXE service.


You also need ip-forward rules set up on your router \ L3 switch

ip forward-protocol udp 67
ip forward-protocol udp 68

Cisco switch port settings

Despite all the fixes above the client device still wouldn’t boot from the network and was beginning to wonder if it was ever going to work. The missing link was that Portfast needs to be enabled on Cisco switches (might apply in a similar way to other vendors) to ensure the port comes up quickly enough for the PXE service to work.


PortFast has been known to have been switched off and this has caused issues on the PXE boot sequence. PXE tends to boot faster and request DHCP faster than the switch can handle.
PortFast has been enabled so that the Switch can start talking to a device without going through the process of waiting for the switch and device to decide what speed they will communicate, by enabling Portfast the switch will open the port and enable packets to flow.
The normal time period for the Switch to open up a port is around 30 seconds, with PortFast enabled the clients can start talking as soon as they are switched on, and in the case of PXE boot services it would not wait for 30 seconds.

Troubleshooting tips

The server logs can be useful to help figure out how far along the path the packets are getting (or not) so you know if the problem is on the networking side or the server. To check if your DHCP requests are getting through have a look in


and you should see a line like this, where 192.160.0.X is the server VLAN’s IP address.

Received packet on
Received packet on 192.168.0.X:67 from relay agent 192.168.0.X

You should also be able to see workstation information as they check in to the imaging system, this log file is a little further into the folder tree


Cloud stories: Groupwise to Office 365 (part 2)

office 365 cloudHaving sorted out the initial connectivity issues the next stage of the process was to make a decision on what version of the Outlook client (and therefore Office) to deploy to users’ machines. Until now the college had been running Office 2007 and there would need to be a strong reason to change staff machines midway through the academic year.

Outlook, Office 365 and cached profiles

In my previous experiences with Exchange I’d always disabled Cached Exchange Mode as it always seemed to cause more trouble than it was worth, especially with users that frequently moved between PCs. However due to the fact the Exchange server is now on a shared platform and more “distant” from the local network it becomes necessary to look at it again. Initially we tried running with Cached Mode disabled but performance wasn’t at an acceptable level; moving between folders caused a noticeable delay, as did searches and listing the contents of a large inbox.

With that in mind we knew Cached Mode was going to be mandatory, this is where things get interesting. In previous on-premise scenarios it mailbox limits are generally an order of magnitude smaller than the standard offering on Office 365, however with the standard offering now 50GB per user the effects on OST files could potentially be rather problematic. If a user moves machine the time taken to build the cache again could lead to a pretty painful user experience too!

All Outlook versions prior to 2013 are pretty much a blunt instrument in terms of how they deal with the cache. Fortunately Office 2013 comes to the rescue with its new Hybrid Cache feature. More information can be found at

cached mode
configure this either manually in the Outlook profile or via GPO \ OCT

What it basically does is to cache a smaller amount of email (from 3 months upwards) then offers the user a small “There are more items in this folder on the server” link for anything older, at which point Outlook grabs the required mail seamlessly from the Office 365 servers. It’s a best-of-both-worlds scenario and, in my opinion is a key reason to upgrade if using Office 365 with the desktop Outlook client.

That said even at the 3 months setting a reasonably sized mailbox can still need 1GB+ of data to be downloaded before Outlook is ready to use. As a result we’ve recommended our users to access email via OWA if they’re on a machine they’re not likely to use again any time soon.

Self-service Office upgrade

The cache alone pretty much made up our minds to go with Office 2013, the additional integration with OneDrive for Business \ SharePoint was also another factor that will become more apparent in the coming months once our SharePoint Intranet goes online too.

With the decision made we needed to find the simplest method to deploy the new version of Office to staff. With nearly 1000 staff machines all in use at different times it wasn’t something we could push out overnight. The team-by-team migration plan also meant that we couldn’t switch in a “big bang” method as Outlook and GroupWise don’t play nicely if both are active and fighting for control of MAPI profiles.

nalwin office upgradeThe solution was to make a self-service process that users could initiate at a time convenient to them. Generally it tended to be a lunch break on the day of their migration but equally it could be done at the end of the day etc. We used ZENWorks to push out a Bundle named Office 2013 upgrade which contained a customised MSP created with the Office Customisation Tool (OCT).

If you’ve not used it before basically you run setup.exe /admin then generate an MSP file which you place in the Updates folder within the Office 2013 installation media folder structure.

More info available at

Tip: remember to include the AUTO_ACTIVATE property while configuring your OCT deployment file as avoids users seeing any pesky pop-ups asking them to activate Office when they run it for the first time

Progress indicator

We also hit a bit of a problem of our own making due to the effects our Novell environment has on Folder Redirection. Our (until now) lack of Active Directory meant we had to use some unofficial local policy ADM templates to achieve a similar effect to the native Windows GPOs. The downside of this was that we had to map to a drive letter rather than the supported method of using UNC path. As a result Office setup bombed out when run as the logged-on user, even if using the Dynamic Local Admin option in ZENWorks.

the HTA loads full-screen and disables CTRL+ALT+DEL so setup doesn’t get interrupted

The workaround was to use the SYSTEM account to run the setup executable, however it meant that we lost any form of progress indicator to let the user know something was actually happening. I knocked up a quick HTA that effectively locks the workstation with a full-screen splash page informing the user to wait for the automatic reboot, along with some quick tips on how to set up Outlook on next logon.

Fixing setup errors

In testing I found that the upgrade would sometimes fail for no apparent reason. In line with some of the gems I’ve had from Windows 8 the error messages were about as much use as a chocolate teapot… “Microsoft Office Professional Plus 2013 encountered an error during setup” doesn’t really help much.

chcoloate teapot office error
unhelpful error message mandatory, teapot optional…

Digging through temporary files yields a setup log file that gives a more detailed insight into what went wrong, although in this case the failure was listed as a fairly non-specific “1603” error. The workaround listed on the Microsoft forums that recommends deleting a couple of folders from ProgramData seemed to work so I’ve included the folder delete \ rename actions as the first steps in the Bundle to be sure.

delete directory

Bundle requirements

Recently we noticed a few machines were failing the upgrade but initially couldn’t think why as they were all built from the same base Windows 7 image and Office 2007 installation. The error we kept getting was a 1605 which means “out of disk space”… oops! Turns out the affected machines were our 1st-gen SSD PCs that only had 60GB drives. Between the ZCM cache, Office install directory and other detritus on the local drive there wasn’t enough room to install Office.

Disk cleanup was the easy fix, along with a couple of requirements on the Bundle to check for disk space, as well as to only run the installer if Office 2013 wasn’t already installed

Tip: use HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0 to check this


Outlook profile \ Launch actions

We experienced some issues when GroupWise and newer versions of Outlook were installed on the same machine, basically both programs were fighting for control of the default MAPI profile which made Outlook rather upset.

To get around this I added some additional Launch actions to our Outlook desktop shortcut to check for (and remove) any GroupWise MAPI profiles first. In older versions of Office profile information was stored in a hard-to-find location in the registry, fortunately in 2013 that’s changed for the better and you just need to look in:

HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\[profile name]

We used OCT to define that all new Outlook profiles are called Office365 by default, with that in mind I use the registry location above to check if a legitimate profile exists. If not we import a PRF file with the accounts section removed to ensure the first-run wizard appears as expected, the command to do this looks like

Command: ${ProgramFiles32}\Microsoft Office\Office15\OUTLOOK.EXE
Command Line Parameters: /importprf Z:\Office365.prf

Next time

Next post in this mini-series will cover how we migrated 400GB+ of mail data from GroupWise to Office 365 with the help of some rather nifty scripting :)

Cloud stories: Groupwise to Office 365 (part 1)

office 365 cloud

I’ve been meaning to start this series of posts for a while, documenting our journey as we move various legacy on-premise systems to Office 365 and all the fun and games we’ve had along the way. Like many email was the first item on the migration hit-list and indeed was a key driver for investigating moving services into the cloud.

Unlike many organisations we weren’t moving from Exchange, our on-premise system was actually Novell Groupwise. The large increase in storage space was the biggest draw for us to go cloud but mobile access also played a part. Novell were very short sighted in not providing a (free) mobile app for Groupwise as the majority of users weren’t willing to mess around with manual IMAP settings nor were they particularly enamoured with having to pay for a 3rd party app to read email on their phones, which these days is a bread-and-butter feature requirement for any enterprise-grade product (imo).

Although moving to a cloud-based service is often marketed as a click-and-forget experience it’s not entirely accurate unless you’re setting up from scratch. This post covers a few lessons we learnt and some tips to help you avoid them…

Firewall Rules

We use a combination of standard firewall and proxy web filter to direct traffic in and out to the Internet at large, a pretty common setup for an organisation of our size with ~2500 workstations.

1401412783_firewallHowever we soon found out that this wasn’t as simple as first thought. Although our firewall can identify traffic based on application some of the login processes for the Outlook client were only identified as vanilla SSL, I guess some of the Autodiscover processes may be the reason for this.

At first we thought the solution might be fairly simple, at my last place I used Microsoft’s Forefront Online Protection for Exchange (FOPE) which gave a defined list of IP ranges to allow mail from so was hoping Office 365 would be similar… we were wrong!

It started well enough, Microsoft gives what looks like a helpful list of addresses to allow here…

We dutifully added all of them to the firewall then watched as Outlook played it’s own game of Russian Roulette with logins, some would work and others would fail miserably with messages like the example below about an encrypted connection being unavailable. Trying to continue with the unencrypted version also failed.

The next logical step was to check the firewall logs and see what was going on, lo and behold there was a bunch of blocked traffic from the affected machine, type listed as SSL (in addition to the Office 365 traffic that was allowed by our rule). At first glance the listed IPs looked pretty similar to some of the ones on the Microsoft link so I punched them into the very helpful CentralOps domain dossier to do a bit of detective work into what they really were.

Surprise! The IPs were owned by Microsoft, One Redmond way. Over the course of a couple of days I’d collected (and kept adding) these new address ranges but new ones kept coming. After a while another surprise was that some were listed as being owned by Akamai, which is the CDN Microsoft use to deliver content for the Office 365 web interface. We expected that for OWA but not for the desktop client but there it was clear as day in the logs.

In the end we decided that there was no way we were going to be able to keep up with how rapidly the addresses were changing and give our users a decent experience (our pilot users didn’t have a fun time getting set up with Outlook) so we were forced to push all Office 365 traffic trough our proxy server instead. We didn’t want to do this if we could help it as our firewall is much faster at processing large amounts of traffic than the proxy – no choice for now but thus far it’s stood up to the load pretty well.

A well-written TechNet article explains how Microsoft have built the CDN network for Office 365 and why they’re only supporting wildcard URL rules for filtering…

…which is great but until the firewall vendors catch up and put it in their core feature sets many network admins won’t be happy. The issue crops up more when using the desktop Outlook client but that’s a fundamental reason for choosing Microsoft over Google so a workaround had to be found to give a reliable first-run experience.

Proxy issues with Outlook

Now that we had the basic traffic issues on the way we thought Outlook would kick into life quite easily but there was one more sting in the tail. Autodiscover still wasn’t working reliably despite having proxy authentication disabled for all Office 365 domains (seems a common recommendation from various proxy suppliers) so we needed to dig a bit deeper.

We ran the Outlook first-run wizard with TCPView running alongside and noticed something odd…

Our proxy settings were pushed out via a GPO setting, along with a manual exceptions list for various IP ranges and internal sites. Because our internal domain is the same as our external one we added to the list of proxy exceptions (and created an internal DNS record) so we expected to see connections going out via the proxy server address… except we didn’t.

Bizarrely it seemed Outlook was ignoring the proxy server completely and trying to connect directly – which on a standard user’s machine won’t work. Cue some furious Googling which showed that it wasn’t just us experiencing the same problem…

The only solution was to create a proxy auto-configuration file that explicitly says to use the proxy for the Office 365 URLs. As soon as we did this and switched the GPO over to Auto-Detect Settings Outlook kicked into life. I’m not sure if this issue has been sorted in Office 2013 SP1 but it’s not a listed fix and recent posts in the thread above suggest it’s still an unresolved issue.

Next time

Next post in this mini-series will cover some decisions you’ll need to make about what version of Office you use on your machines and how it can affect your 365 experience.

Recovering from a failed Windows 8.1 update

hp 8.1Today I had a little challenge to repair a friend’s laptop where Windows had got stuck into an infinite loading \ reboot loop. Typically it decided to do it just as the user had some important end-of-course documents to complete so needed a quick turnaround. With a couple of hours to spare waiting for the World Cup games to start I gave it a shot.

The laptop itself was pretty new, an HP Pavillion 14 “Sleekbook” – upon firing it up the HP branded loading screen spinner gave it away as Windows 8.x

The startup process didn’t last long before it rebooted but there was just enough time to spot an error message along the lines of “attempting to recover previous installation” before it fell over.

Gut instinct suspected a failed 8.1 update as the error message seemed to suggest it was trying to roll back to a previous OS rather than your average Windows Update. With that in mind I wanted to get into some sort of recovery environment…

“Joys” of UEFI

At this point I soon remembered that the old-school F8 Safe Mode methods are pretty useless on UEFI \ Windows 8 so needed to look elsewhere for diagnostics.

None of the classic keystrokes (F2, Delete)  seemed to do anything so quickly hunted down the HP service manual which tells me Esc is now the magic key. Hit that then F11 to get to Recovery to get into the Windows Recovery Environment.

I didn’t want to do anything drastic with the machine (i.e. the usual MS advice to Reset \ Refresh) so went in with the idea to use the Advanced Tools to dig a bit deeper. However before I got that far I noticed something rather odd…

boot another

I was pretty certain the owner of the laptop wouldn’t have installed a dual boot system and after clicking the option above I got some evidence to back up my initial corrupted update theory. A list of three operating systems appeared:

  • Windows Setup
  • Windows 8.1
  • Windows 8

The Windows 8 option appeared with the usual logo but the other two looked generic. With that in mind I tried booting the Windows 8 option but that failed in the same style as what I first saw. Went back in again and tried the Windows 8.1 option instead, to my surprise the system got a bit further and started running a chkdsk.

That took quite a while as the laptop is an odd mismatch of a (fast) i5 CPU with a (painfully slow) HDD but eventually got to a Windows GUI where it started rolling back \ restoring the previous version of the OS. Once that process completed I was back into a working Windows 8.0 environment with a message stating that the 8.1 update had failed and that the previous install had been restored.

I suspect the laptop may have either ran out of battery or been turned off during the 8.1 update, somehow leaving the boot loader a bit confused about which OS to load and resulting in the infinite reboot.

We’re not out the woods yet

I wanted to give the laptop back completely sorted so ran the 8.1 update myself, only to find it refused to install from the Windows Store with this very helpful error…

something“Something happened” – maybe aliens…

Fortunately someone on TechNet has already found a more sensible explanation and suggested clearing out the C:\Windows\SoftwareDistribution folder, which worked a treat.

Once the HDD had slowwwwwllly chugged its way through the install I was left with a clean 8.1 Update 1 install. Jumping back into the Recovery Environment then “use another operating system” option had gone, confirming everything had been cleaned up.

All that was left was to sort out some working AV protection (usual expired trialware) and the laptop was ready to go back home to its happy owner :)

Office 365 & Windows 8 summer wishlist

While using products every now and again I wonder about what features could really help improve the experience of what’s currently there. For Windows 8 on initial release it was GUI fixes that eventaully found their way into the product via the 8.1 and Update 1 releases. This post is a similar for Office 365. The recent release of the iPad apps has already solved one of the issues I touched on when reviewing the mobile offering a few months back so who knows, maybe these ideas might end up the same…

Remove dependency on Microsoft accounts

thumb_UserOne of the things that infuriates me (and no doubt many other people) with Windows 8 and Office 365 is the fact that key features still rely on a personal-use Microsoft account. For example, signing into a non-domain joined Windows 8 device requires a Microsoft Account to use the Windows Store. Equally Windows and Office always wants to use the consumer-grade SkyDrive regardless of whether the user should be on SkyDrive Pro instead.

Even my favourite product of the moment, OneNote has an annoying setup process that won’t let me create a Notebook in Office 365 but instead defaults it to my personal SkyDrive. To get it to work I have to go into the OneDrive for Business web interface, create a Notebook there and then click to open it in the app. Really counter-intuitive and has caught out a few people already.

The end result of makes it far too easy for data to end up in the wrong place and causes confusion and extra administrative effort to get the additional accounts set up, while the whole time there’s a perfectly good Office 365 account sitting twiddling its thumbs!

Hopefully Microsoft can find a way to tweak their authentication systems to make Office 365 accounts work for device authentication and the Windows Store. Also a bit of extra code in Windows 8 to disable SkyDrive if the user logs in with an Office 365 account would make life a lot easier.

Enterprise Windows Store


The concept of an app-store model in theory has a lot more potential than is currently being realised in my opinion. What I’d like to see is the ability to use Azure to publish an organisation-specific Store. That way we could create a list of pre-approved apps that the user can quickly pick and choose what they want installed. MDM or GPO could then be used to redirect any managed device’s Store link to the organisation version instead of the consumer Store.

Organisations could then allow users choice in what they put on their devices but at the same time avoid any unauthorised costs or apps that aren’t suitable. It could also be a way to publish internal apps onto a private Store without having to mess about with sideloading.

Other options for the Store could be site-licensed apps, available to all users at the organisation or perhaps filtering the Store e.g. make all free apps available but purchases need to be approved via a specified Office 365 user. With Apple’s VPP in place they’re slowly coming round to the idea of enterprise-level management of the store so Microsoft needs something similar \ better.

Improved OneDrive for Business client & UI

In theory OneDrive for Business should be a killer product, 1TB of storage with all the management functions is great, however the implementation on Windows devices isn’t quite up to scratch. The desktop client for OneDrive for Business feels a generation behind it’s consumer counterpart in terms of ease of use and flexibility. With such huge amounts of cloud storage available for use the all-or-nothing sync system currently provided simply isn’t good enough when put up against the likes of Dropbox.


The Metro Modern UI app seems to have a more sensible approach and shows files available then downloads as required, however this doesn’t extend to the Desktop client that most Windows applications will interact with. What we need is something that works in a similar way to the Windows 8.1 OneDrive integration where the user can choose how much \ little they want actively synced. That said any new version needs to be a bit clearer about what’s going on than the OneDrive client, as it’s not easy to tell at a glance what’s local and what isn’t

The web UI also needs a huge makeover, again to bring it up to scratch vs. the consumer version. Drag and drop is limited (moving a file from one folder to another is way more complicated than it should be), as are simple operations such as renaming and deleting files. If file management and the browsing view can be made to match the standard of the web apps and online editing experience Microsoft will have done a great job.

Some interesting comments popped up in a recent LinkedIn thread that sum up the general feeling around the pros and cons of the current OneDrive for Business incarnation and it’s ability to usurp file shares as the next generation of document storage.

Larger file support in OneDrive for Business

Quite a simple request but one that’s popped up already for us – some users need to store >2GB files on their Office 365 accounts. Currently this isn’t possible due to the 2GB limit on uploaded files. It’s mainly video files for projects and I was surprised at how low the limit is set in comparison to Google Drive (10GB) and Dropbox (also 10GB). Hopefully this will be something Microsoft addresses soon what with the 1TB storage upgrade.


Get every new post delivered to your Inbox.

Join 49 other followers