OneDrive for Business Auto Sign In – Windows 10

Posted on by Adam Fowler

If you’re looking at starting to use OneDrive for Business and you’re working with a PCs joined to a local domain, you can now have a seamless sign in experience for end users (Note that the Group Policy setting for this is in preview according to the documentation).

OneDrive for Business from the client’s perspective has been dropped. It’s just OneDrive now, even though the backend is OneDrive for Business as part of an Office 365 subscription.

You’ll need Windows 10 1709+ for this, as that’s the first version of Windows 10 that has OneDrive baked in. There’s no deployment of the app required then, so you won’t need to use or modify OneDrive for Business. The newer client has much less syncing issues too – if you’re not sure what one you’re using, check what executable is running. OneDrive.exe is the new client, where Groove.exe is the older.

Since OneDrive is part of Windows 10 now, if you aren’t ready for this or don’t want it yet, you’ll need to use the Group Policy setting ‘Prevent the usage of OneDrive for file storage’ which is found in Computer Settings > Policies > Administrative Tempates > Windows Components > OneDrive (note that this is different to the location of where the above new policies sit for OneDrive, which is one level down straight under Administrative Templates).

If you’re migrating from an existing install, then you’ll need to follow this process. Otherwise if you’re starting fresh, there’s a great guide here to go through.

The short version of these steps is:

  1. Windows 10 1709 already has OneDrive, so no deployment required.
  2. Get the ADML and ADMX Group Policy files and deploy them in your environment. Make sure they’re the latest ones too, which you should be able to get from any Windows 10 1709 PC in the path %localappdata%\Microsoft\OneDrive\BuildNumber\adm\
  3. Configure your Group Policies to the settings you want, but the one you’ll need for auto sign in is “Silently configure OneDrive using Windows 10 or domain credentials“. This setting should set the regsitry key [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive] “SilentAccountConfig”=dword:00000001. With this setting, there’s an extra registry settings to configure:[HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive] “EnableADAL”=dword:00000001 – This setting enables Modern Authentication for OneDrive.

That’s it!

After this is configured and you log on, the OneDrive client will automatically sign in as the logged on user – assuming you’re properly set up on the Azure AD and Office 365 side of things. There’s no prompt, no notification and users can start using it straight away at their convenience.

Note that if you disabled OneDrive from running at first user login (usually via the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run with something like “C:\Windows\SysWOW64\OneDriveSetup.exe /silent”, you’ll need to retrigger the install. That /silent switch will make OneDrive install and sign in automatically with the above settings.

If you’re planning on moving user’s home drives to OneDrive, you’ll need to manually move the files or run a script like this to migrate the data – or find a paid solution.

Update 26th April 2019:
I had this broken for a while, and found many others that also had it broken. For me, after spending months with OneDrive for Business support, I ended up working out the Group Policy was corrupt in some way. Completely disabling the policy and creating a new one with the identical settings worked.

For context, I had one Group Policy object that disabled OneDrive. A second one with a higher link order, was targeted at certain users and groups to enable OneDrive. That second one was somehow the problem – maybe an update to ADMX files broke it?

Anyway, re-doing that, and using the reg key to deploy OneDriveSetup.exe to run at login with the switch ‘/thfirstsetup’ was all that was needed, and it worked again.

If you’re having problems yourself with this, put a user and computer in an OU that has all policy inheritance disabled, create new GPOs and try to get it to work that way.

Outlook 2016 Secondary Mailbox Cached Mode

Posted on by Adam Fowler

After migrating to Outlook 2016 from 2010, I noticed this inconsistency.

If you use secondary mailboxes in Outlook, you’re probably going to want them in Online Mode rather than Cached Mode. With Cached Mode on, you’ll have an OST file created for each extra mailbox you add, and you’ll hit performance issues if you have over 500 folders over all mailboxes added to the account.

One of the ways to avoid these performance issues is turning off ‘Download shared folders’ in the mailbox settings:

‘Download shared folders’ disabled

This can be done manually, or company wide with the Group Policy setting “Disable shared mail folder caching” found in User Configuration / Administrative Templates / Microsoft Outlook 2016 / Outlook Options / Delegates. Enabling this will disable and grey out the option as per the screenshot above.

However, I was previously doing this through a registry setting ‘CacheOthersMail’ under HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\outlook\cached mode with the value set to 0. This worked on Outlook 2010 fine I believe, but in 2016 it did something slightly strange. Although clicking on a secondary mailbox’s folders showed they were in Online Mode with the status bar status of ‘Online’, the ‘Download shared folders’ tickbox was still enabled. I’ve confirmed this on both CTR and MSI versions of Office 2016.

At first I thought nothing of this, as it seemed to be working as intended. However, after a while I worked out that having it configured this way lead to performance issues, and people who had over 500 folders had cases where the inbox would stop updating. Changing the tickbox setting resolved the issue, despite the secondary mailboxes before and after this showing as ‘Online’. I didn’t dig into this any further so I can’t explain what was actually going on, but at a guess it was still doing some sort of sync or connection on each folder despite it being in Online Mode.

My advice is – make sure the ‘Download shared folders’ tickbox is off rather than just checking that the folders show as being ‘Online’. If you really need a secondary mailbox in cached mode but want to disable it by default, you could add it as a seperate mailbox account which will have it’s own cached mode settings.

 

 

Updating the On-Premises Power BI Data Gateway

Posted on by Adam Fowler

Power BI’s on-premises data gateway needs updating from time to time – Microsoft are pretty good at communicating this to the Office 365 tenant administrator via email when required.

One of those times is now at the time of writing this blog post – due to end of support of TLS 1.0 on March 15th 2018. The installer itself is pretty much a next, next finish wizard, but there’s a few tricks that can cause the wizard to fail.

The gateway installation failed.

The error logs may not spell out what the problem is. I saw:

Product: EgwComponents -- Installation failed.


Windows Installer installed the product. Product Name: EgwComponents. Product Version: 1.15.6170.1. Product Language: 1033. Installation success or error status: 1603.

The reasons I’ve seen reported online are:

  • Installer not being run as Administrator (UAC may be in the way) – right click the installer and ‘Run As Administrator’
  • Installing .NET 4.6
  • Disable any Anti-Virus product

None of those fixed it for me, but I soon realised an obvious one – check for pending reboots. Windows update had run and was waiting for a restart, after that the installer worked perfectly. It won’t be the last time I forget to turn it off and back on again.

Excel – Something Went Wrong While Downloading Your Template

Posted on by Adam Fowler

Excel 2013 and 2016 have a great inbuilt feature of having online pre-built templates available for different purposes. You find them by going to File > New. Templates such as Family Budgets or Back to School Planners. They’re hosted by Microsoft and download the template as you need them:

List of Excel 2016 Templates

Normally you’d pick the template you want, and use the create option:

Creating an Excel 2016 Template

However, there’s a scenario I found that this doesn’t work, and you’ll see the message ‘Something went wrong while downloading your template’:

Something went wrong

After digging around for a bit, I found this Technet thread which mentioned uninstalling Visio Viewer to fix it. Seems strange, but I tried this and it worked. I wasn’t happy with that as a solution though, so logged a Microsoft case.

I went through the process of capturing fiddler traffic and logs, but was then asked a simple question: Was Visio Viewer 32 or 64 bit? I had a look and it was 64 bit, however the Office 2016 suite itself was 32 bit. I quickly guessed that 32 and 64 bit wasn’t a good mix for Office products, even if they were installed separately.

Sure enough, using Visio Viewer 32 bit with Excel 2016 32 bit fixed the problem.

 

TL;DR – Visio Viewer needs to match your Office/Excel install – 32 bit or 64 bit for both.

Azure AD DS Health Monitoring Agent Temp Files

Posted on by Adam Fowler

There’s a known issue with the Azure AD DS Health Monitoring Agent, which is a part of the Azure AD Connect Health offering from Microsoft.

I’m a big fan of this service, which after installing a small agent on each DC, will alert you of any issues such as replication failing, or a DC unavailable.

However, there’s a problem with how the agent handles its temporary files. As covered on this TechCommunity post, the utility creates a lot of temp files in C:\Windows\Temp locally on each DC. They’re 1/2KB each, but I see around 288 daily being generated. These are never cleaned up.

One one domain controller, since I’ve been running the utility from the 16th September 2016, there are now ~133,000 temporary files. The actual size of these log files is a small 90mb, but the space on disk due to how allocating blocks works, takes up 519MB. I’m going to assume there’s many factors that can change the size and number of log files.

Many people will have small drives for their DCs, and also having lots of files in a folder can cause weird performance issues.

The files are in a format such as 20160915T024226Z-20160915T031125Z-SERVERNAME-6acbd4cb99a1448d848298a59b6fc6e2.json.gz – so it’s easy to set up a daily scheduled task to delete anything older than a day. There’s a couple of examples on how to do this here.

Microsoft has advised this won’t be fixed anytime soon (at least Q3 2018 is what I’ve heard), so it’s worth checking out that C:\Windows\Temp folder and even doing a one time delete if it’s full of log files!