IT

Intune – Couldn’t Enroll your Device

We started having issues with new enrolments to Intune. Nothing had changed that we were aware of, but registering a new device brought up the error “Couldn’t enroll your device. You can try again or send the error information to your IT admin in an email.” iOS or Android, didn’t matter:

screenshot_20160922-180510Intune Enrollment Error

After testing multiple accounts and multiple devices, I logged a call with Office 365 support, and eventually we worked out that for my account, I didn’t have a license applied. Intune sits under our Enterprise Mobility Suite package:

licenseIntune License is “Off”?

After checking other users, I found that everyone was in this ‘Off’ state. Weird, because we hadn’t done this, and Intune licensing was being managed by a group via Azure AD as per these instructions. That configuration was still in place too when I checked. I decided to do the logical thing and ‘turn it off and back on again’ – so I disabled the assignment on that page, then re-enabled the same group with the Intune license.

After then going back to the Office 365 User search, I found that all the users had now changed to ‘on’ again. The only recent event in the last few weeks was a renewal of our licenses, so I wonder if something happened in the back end as a part of that?

Anyway, if you see the ‘Couldn’t enroll your device’ message when using the Intune Company Portal app, make sure the user has their Intune license enabled!

Installing Azure AD Connect Heath ADDS on Windows Server 2012

After trialing Azure AD Connect Health for Active Directory Domain Services on a single box, I thought it was time to roll out further. It’s easy to do on a Windows Server 2012 R2 box, but older servers need a few more steps.

The Azure AD Connect Health Agent Installation guide mentions steps for 2008 R2, but nothing for vanilla 2012.

I thought I’d try the same patches, which included Windows Management Framework 4.0 through the installer file Windows6.1-KB2819745-x64-MultiPkg – but ran into a problem when trying to install:

0x80096002Windows Update Standalone Installer
Installer encountered an error: 0x80096002
The certificate for the singer of the message is invalid or not found.

I tried several things to get around this, none of which worked (including adding the Windows Identity Foundation 3.5 role and running “wuauclt /resetauthorization /detectnow“.

An obvious statement was given to me by a colleague of “Isn’t WMF 5 out already?” – which yes, it was. I downloaded Windows Management Framework 5.0 which installed fine first time, then allowed the Azure AD ADDS install to complete after a reboot (a reboot WAS required).

This should also apply to Azure AD Connect Health AD FS Agent (what a mouthful) and Azure Active Directory Connect Sync.

Skype For Business 2016 – Flashing Active Call Window

After rolling out Skype for Business 2016 with Enterprise Voice as part of the Office 2016 suite, we discovered a weird UI issue. This is nothing but a display problem, but can still be a little distracting and annoying!

On a certain call type – incoming PSTN calls – the little active call window would flash. This took some testing to realise, as logically there shouldn’t be a corellation with how a call got to your Skype for Business client, and a display issue with a call window; but it was repeatable time and time again, on multiple PCs with different logins.

I then found a Technet thread on the issue, but this was for the older Skype for Business 2015 client, which is pretty much a reskinned Lync 2013 client. That patch wasn’t applicable to Skype for Business 2016.

I then decided to log a Microsoft Premier case, which was rather quick and after showing them the problem and waiting a few days, they came back to say the problem was planned to be fixed in the Skype for Business 2016  – December 2016 patch.

We’ll see what happens in December and I’ll update this post, but in case others discover this issue, it’s not you and you’ll need to wait a few months :)

Mail Merge Crashes When Opening Data Source

word crash

Sharing another problem and resolution I came across.

Recently, staff started complaining about Mail Merge crashing at the point of selecting a data source use. It was easily recreatable, and caused this event viewer error:

Faulting application name: WINWORD.EXE, version: 14.0.7113.5001, time stamp: 0x52866c04
Faulting module name: mso.dll, version: 14.0.7106.5003, time stamp: 0x5231bdf1
Exception code: 0xc0000005
Fault offset: 0x00c23ab0
Faulting process id: 0xe48
Faulting application start time: 0x01d204e6d69112b6
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\office14\mso.dll
Report Id: 3bf6bbe2-70da-11e6-bd32-b8763fabbff5

Pretty standard for a crash. In our environment, we had changed from Lync 2010 to Skype for Business 2016, and installed Skype for Business through the Office 2016 installer rather than standalone, to make future Office product updates easier (Skype for Business standalone won’t co-exist with an Office 2016 suite install).

For some reason, this upgrade process has broken the mail merge function for Microsoft Word. The quick fix was to do a repair of the Office 2010 suite after the Office 2016 install, and mail merge worked again.

It’s worth noting that a computer that had Office 2010 suite and Office 2016 (Skype for Business only) worked fine, it was only if Lync 2010 was installed first and then removed, then Office 2016 installed.

Blank Page For Skype For Business Web App

skypeforbusiness

I had an issue recently where remote clients couldn’t connect to Skype for Business online meetings – when clicking the link, all they saw in the browser was a blank page. The tab of the browser showed ‘Skype for Business Web App’ but the page area had nothing.

This didn’t seem to affect all external clients (internal was fine), when I tested on Windows Server 2012 R2 from home it worked fine. Windows 7 however was affected, and I’m not sure on Windows 8, 8.1 or 10.

This technet post mentions it breaks ‘Conferencing Functionality and PowerPoint Presentations’ as well as ‘ White Boarding, polling’ which was caused by KB3142030. Hoping that was our problem, I uninstalled the update and rebooted – but no luck.

The next check was around .NET framework 4.6.1 which is unsupported on Exchange and Skype for Business Servers (Lync too!) but we didn’t have that installed, due to using the suggested registry setting in the linked article to block the install.

After an evening of troubleshooting and rebooting servers and firewalls that didn’t help, our support found the problem for us – a misconfigured load balancer, that had an incorrect IP for one of the front-end Skype for Business servers. Updating the IP immediately resolved the issue.

Looking back on it, that explains why I had some clients work and not others – it just appeared to be in a pattern that was OS related due to the luck of round robin routing on a load balancer!

Due to the way Skype for Business handles the web requests, by first hitting an edge server then an internal front end server, you may have multiple load balancers in the way and get partial page loading.

Another lesson learnt!