You may see this error if you’re using Azure AD Applications via the older GUI. Since there are zero Google results on it:
…this is just a quick post to say that the cause of the error seems to be due to a browser timeout – restart your browser and you should be fine!
Softerra Adaxes is an Active Directory management & automation tool which I’ve grown very fond of.
First I reviewed Softerra Adaxes, then I actually bought Softera Adaxes and even did a brief case study for them. I thought it would now be good to share how far we’ve come through using this tool, and what the experience is like for those considering this option of automation. Here’s my thought process and how I personally approached the rollout, along with my experiences along the way:
Initially to me, the idea of having an ‘Outlook rules’ style approach to building a system that automated user management was enough to me. We’d been creating accounts manually for a long time, and the process was documented but took 20 minutes or so to perform. There was also a lot of room for human error, especially when someone was interrupted while creating an account.
There was of course the ‘selfish’ reason of not wanting to do these user management tasks myself, but it’s hard to pass those tasks off with the inherit risks or lack of knowledge of the tools being used to ease the process. This is what had held me off writing my own giant PowerShell script to automate all the steps.
After mucking around with the Adaxes basics, I started to realise that this software solution seemed to actually deliver on what I was personally looking for – something that wasn’t complex, but also let me define whatever criteria, business rules and caveats to the user creation process that I wanted. On top of that, there was inbuilt webpages where I could deliver these options to other staff requiring no software installs, and the ability to show or lock down whatever I chose, to both control and protect the Active Directory environment.
It did take a few weeks to set up properly, but I wouldn’t have really spent more than an actual day’s worth of work in those few weeks doing it. That was just to create a new user in all the various systems I wanted, with our unique user setting requirements. I wouldn’t say the entire system is so simple and easy to navigate that you can get cracking, but it’s also not complex. Once you find the setting or understand how Adaxes achieves a solution, it’s not difficult to set things up.
The inbuilt functionality of website templates – where you can create multiple sites displaying whichever fields you like to whichever users you like – is a good way to deliver the solution to end users. You can have a page for IT and another page for Finance with completely separate functions to best fit each use case.
For me, it was great that I could create websites with zero programming requirements. It’s all driven by a GUI, and somehow it’s still very flexible in what it can do. It might be frustrating to someone who actually writes code, but that’s not who would normally be using this solution. I really feel it’s aimed at someone like me, the IT Pro/Sys Admin who wants to automate and allow others to use the tools, without needing to code or expect others to run PowerShell commands themselves.
Basic site with one option – menu and right side options can even be hidden if required.
Once I’d finished the user creation process and published the method of doing so to a website, I had internal staff muck around with it and use it, purely for new user creations. The feedback I received was immediately positive – that 20 minute or so process had been reduced to a few minutes, and even generated out an email saying the account creation was done. This in itself to me was the tick of a successful project, and I knew I could do a lot more around automation and empowering others to do repeatable tasks.
Some of the problems I hit on the user creation automation were:
After the user creation process was settled, I started to create more automation tasks. Deprovisioning was an obvious one, and was a lot easier than user creation as well as taking a lot less time to set up. This command would clean up all the bits and pieces from an account, including home drives and Exchange settings (along with moving the mailbox to a different database). This was rolled out relatively quickly.
I should also note, the logging is very helpful. If someone triggers a command from the website, they can see if it was successful or not, or where it failed. It made testing easy to do, but I was also able to read through logs via the GUI on the server to find out more about what failed and why.
Updating options on one of the web interfaces – no coding required.
I then decided to wait for common scenarios to come up and build them as needed. We often had ‘returning staff’ which if their Active Directory account still existed, I couldn’t use my user creation method when the account already exists. This took a rethink of how I’d designed my rules so far, and decided to re-do a lot of it in a more modular fashion. Because there’s the ability to copy and paste rules, this was a lot easier than I expected. The end result was that I’d have a list of modules to run against a task – e.,g. a new user would call commands such as ‘enable email’ and ‘enable Skype for Business’ which my new ‘returning staff’ would call ‘re-enable email’ but the same ‘enable Skype for Business’ command as a new user. This now meant I could move a mailbox from one database to another and unhide the user from the Global Address Book when they returned, but because all users have their Skype for Business disabled, that step was the same in either scenario.
Another valuable idea I had was to let users control the membership of Active Directory groups that they were the owner of. After some mucking around, I created a website solely for that purpose. The great part about it was that whomever logged onto the site (with passthrough authentication so no extra typing required) could only see groups they were an owner of, based on the Manager field in Active Directory. This gives anyone in the company who is in control of a group, the ability to add or remove members without any IT assistance required. Perfect for application owners who control who can get to their application or not via a security group.
My next task will be the automation of a user name change. With the updated modular design, I can copy out the steps that I need and modify them to my new requirements; of course finding the hour or two to build and test this is the hardest part. (Note: Between the week of writing this and publishing, I’ve now done it.
I’ll give praise to both the Adaxes forums and their helpdesk support via email- almost always, within 24 hours max (and usually 4-5 hours) I’d get a specific and clear answer on how to do something I couldn’t work out personally, and it was from someone who knew the product rather than a basic 1st level helpdesk type response.
I hope this gives a real impression of my experience and opinion of Softera Adaxes at a high level, after using it for an extended time. There’s no real gaps to the product that I’ve found. and you can pick and choose as to how much customisation you want to do through PowerShell scripting. I’m still happy with the product, and it will continue to evolve with us.
Windows 10 has been publicly available since 29th July 2015. Since then, Microsoft have been encouraging users to upgrade in many ways – consumers had a year window to upgrade from Windows 7/8/8.1 for free, along with Windows Update prompts reminding consumers that they can do so.
There’s always going to be complaints with any new operating system, but the in-place upgrade process has been the best yet from Microsoft. Gone are the days when any IT professional would strongly avoid it, it’s a much more stable and revertable method.
The upgrade has been optional, but we’re now getting much closer to being forced to go Windows 10 (not that I think this is a bad thing). The two big ways this is happening are:
New PCs with Windows 7 or 8.1 are going to be much less common come November 1, 2016. The top OEM vendors won’t be allowed to do this anymore (E.g. Lenovo, HP, Dell). You could still go to a whitebox builder and buy an OEM version of Windows 7, it just won’t be a pre-packaged option anymore. Windows 7 is very old now, and it’s unrealistic to expect Microsoft as well as all the hardware manufacturers to continue supporting it with new drivers.
The other main driver is Intel’s 7th generation of i series chip, Kaby Lake. This has already been released and seen in some laptops, with desktop CPUs due to be released early 2017. Microsoft is drawing a line in the sand and saying there will be no support at all if you’ve got this new CPU. I have yet to get my hands on a device with these new CPUs to try, so it will be interesting to see if anything breaks with this combination of OS and CPU.
Windows 7 has had a very good run, with great reasons; but the vast improvements that have taken us to Windows 10 (not to mention the better security architecture), as well as internal support for cloud services means this is the way of the future.
If you haven’t started the transition to Windows 10 it’s time to get planning, before you hit the above roadblocks and haven’t put the planning and preparation into the change.
Another Smartwatch! How does it compare?
I’ve reviewed the Fitbit Blaze (to /r/fitbit reader’s disgust, as I’m not a fitness freak) and the Samsung Gear 2 Neo – neither of which I loved.
I was hoping the Microsoft Band 2 would be a different experience for me. I still wasn’t fussed about the fitness side of things, so they won’t be covered in this review. A special came up where it was $249AU rather than the $389RRP which was enough of a push to order one.
A few days later, the box arrived. Inside was the nicely presented Band 2:
Semi-unboxed Microsoft Band 2
Setup wasn’t too bad – for my Samsung Galaxy S6, I had to download the Microsoft Health App and sync to my Band 2 (which took me a while to work out, I had to first remove the Band 1 I’d mucked around with ages ago but Microsoft still remembered, before adding the Band 2. That wasn’t clear at all!). Once that was done, I went through the config and changed a few settings around the shortcuts; I hid things like golf which I’d never use.
One thing I’d enabled was the Notification Centre, which was soon disabled again because I realised I didn’t want my wrist vibrating each time a notification turned up on my phone. Just the important stuff was what I wanted, and each of those (phone, sms, email) had it’s own app anyway.
Once it was on my wrist, I felt I couldn’t get it comfy and in the right spot. I’d opted for the large model as I’d measured and medium was too small, but there was something a bit lumpy about it.
Microsoft Band 2 Time Display
I knew battery life was still going to be an issue, with a best of 48 hours from the Band 2, but on paper the rest of the boxes were ticked for me:
Supported by iOS, Android and Windows Phone (so I’m not stuck on a type of mobile phone)
SMS/Email Notifications
Sleep Tracking (with the ability to turn off display at night)
Colour, readable screen.
Gizmodo recently ranked the Band 2 as their 5th best smartwatch (I have no idea why the pictures of the watches are on bikes, rather than wrists), which is a fairly reasonable ranking (even though I disagree with their reasons).
Anyway, if you’re after a detailed review on what the device is and does, there’s plenty of online content about that. Here’s what I found personally after using it for a while:
My Experience – Positives
Although the band can seem clunky and uncomfortable, it’s a matter of getting used to it. For me that only took a day, now I don’t notice it on my wrist at all. It’s not lumpy or awkward after a day (I was wearing an analog watch before this), so if you try one on and it feels weird, that will probably pass.
I also didn’t mind that it’s designed to be on the inside of your wrist. From a resting position, there’s less wrist turn required to see the bottom of your wrist rather than the top.
The screen is easy to read, the buttons easy to press. Touch is responsive, and I found navigating around easy to do. What surprised me the most though, was the device’s ability to write messages:
https://www.youtube.com/watch?v=I-PcGVWLZJo
It works really well and for a short message, I’d generally not bother taking my phone out of my pocket.
Alerts about meetings, SMSes, calls etc work quite well. Feeling a small vibration on your wrist and glancing at it is still much better than fishing your phone out of your pocket.
I also like setting an alarm on the Band 2 itself rather than my smartphone. They don’t sync up, so you’ll have to turn your phone’s off… but a vibrating wrist is a nicer and quieter way to wake up than a sound, especially when you have a sleeping child in the next room.
The setup of the Band 2 is somewhat customisable, where you can decide which icons are shown or not, and what order they display in. There’s also a few third party apps such as The Associated Press’s news, but I didn’t find anything particularly interesting (news isn’t something I want to read on this screen).
My Experience – Negatives
Negatives, there’s a few. Battery life annoys me more than I’d hoped. Charging via the car wasn’t putting through enough juice, so over an hour each day wasn’t enough to keep it going. Charging at home while I get ready in the morning seems to be enough as long as I do it daily. I’ve already forgotten my Band more than once because of this change in routine.
Worse than the battery on the Band 2, is the heavily reduced battery life on my Samsung Galaxy S6 running Microsoft Health (required for the Band 2). For the first time ever, my phone was going flat before a working day was done:
Battery usage of Microsoft Health
That’s a lot of errors!
Microsoft Australia contacted me on Twitter when I posted about this. They said to reinstall Microsoft Health, which I’d already done. From there it was suggested to contact Microsoft Band support online, which was actually either Australian based, or more likely at least in an Australian time zone.
Their recommendation (after telling me “we’ve got you back”) was to reset the Band itself. Skeptical, but without any other option, I tried it. As mentioned previously, the setup process is pretty quick so it’s nowhere near as bad as resetting a smartphone.
Since then, the battery usage of Microsoft Health on my phone isn’t even listed, and my phone’s battery life seems to be back to normal. No errors either! I’m surprised this made a difference, but there you go.
Microsoft Band 2 vs Fitbit Blaze
This is a close one. Fitbit Blaze has a superior battery life, over double of the Band 2. It also (to me) looks a bit nicer, but I do like the watch look (Moto 360 is the winner in that area!), but the Fitbit Blaze is more of a fitness watch first. The Band 2 tries to make everyone happy, and I think does a better job of that. Support was better on the Band 2 by far too.
I’d rate them on par with each other, and you’ll need to work out what’s more important to you on features and differences to pick which one you prefer. Neither are a bad choice!
Summary
I like the Band 2, and it’s a big jump from the Band 1 which felt unresponsive and bulky (I tried one for a few days). I’ll keep going on about poor battery life, because it bothers me so much – hopefully with advancements in OLED screens which have power savings on dark screens due to no backlight… maybe the Microsoft Band 3 will have one. Give me a week without charge and I’ll be happy, so Sunday nights can be charge night!
That aside, it’s an all rounder that does everything it does reasonably well. Readability is quite high, anything that shows up as a notification I can quickly tell what’s going on. Navigation can take a little time to learn; not that it’s difficult, it’s just different to how you’d use a smartphone.
I still think it’s overpriced at $300AU, even though that’s a heavy discount from the RRP of $380. The $250 price I paid makes me feel a little better, but from the outside it doesn’t look like it should cost as much as it does. That price pain applies to all mainstream smartwatches really, and since they’re in the early stages still, we should see a ramp up of the technology used in them in the next few years to come.
Microsoft releases buggy patches now and then (more commonly now sadly).
Today’s stuff up is KB3097877 which breaks a bunch of things, including things like causing Outlook to crash when reading HTML emails.
Best practise is to have a target group from WSUS that these patches go to first, before going company wide – but either way, you’ll want to remove the patch from the affected PCs.
How do you do this? This is my recommended safe approach:
Step 1. Disable the patch in WSUS.
Just do this now, before anyone else gets it. You’re not going to break anything by choosing the ‘Decline’ option on a patch in WSUS. Make sure you do it to each OS version or product you manage (e.g. Windows 7 32 bit, Windows 7 64 bit, Windows 8 32 bit etc).
Step 2. Test uninstalling the patch manually
Before you go nuts and try to fix all the things at once, do a quick test or two. If you manually uninstall the patch, does it successfully uninstall? Reboot and make sure the PC seems happy (check event viewer!). Reboots may take a while doing system state backups and rolling back the patch.
Step 3. – Set WSUS to Uninstall the patch.
It’s a bit counter intuitive to approve a patch to then set it to remove, but that’s how WSUS works. Find the patch by searching for the KB, and once you right click ‘Approve’, you’ll get the option to choose ‘Approved for Removal’. Make sure you’re targeting the correct Computer Group. If you can’t use WSUS, work out how to get your PCs to run a command like this: “wusa /uninstall /kb:3097877 /quiet /norestart” – without the /norestart, they’ll restart :)
Step 4 – Test Windows Update uninstall
Test another PC’s ability to use Windows Updates to uninstall the patch. ‘Checking for updates’ either through the Windows Update GUI or the good old ‘wuauclt /detectnow’ command will do the trick. Similar to Step 2, check it uninstalls and reboot. You can also check C:\Windows\WindowsUpdate.log to make sure it’s happy (this doesn’t apply to Windows 10 as that log doesn’t exist).
Step 5 – Trigger your PCs to check for Windows Updates
Depending on your group policies, Windows Updates will check at certain intervals and may auto download or auto patch. Easiest thing to do is trigger all your PCs to check Windows Updates now. There’s an easy PowerShell way of doing this here, but requires WinRM to be enabled – you should have this on if you want to be able to do a bunch of cool stuff to your PCs. Otherwise, try psexec which will have the same result. This can take a long time to do! Optional component – WOL your PCs first.
Step 6 – Reboot
Now that you’re ready to clean up, test reboot a PC or two and make sure the patch goes away. If that happens, then schedule all your PCs to reboot. You should have a way of doing this already – SCCM can do it well, you can create a once off scheduled task and push that out to PCs, or a bunch of other ways.
Step 7 – Report in WSUS
WSUS has some nice client reporting options. Search for the KB again, right click and choose ‘Status Report’. This is usually not too lagged in it’s information, and you can check to make sure none of your PCs have the update any more. If there’s only a few, it may be easier to manually fix the remainder.
Happy cleaning up!
