Service Desk Digest 1/22/2021

Local Accounts

The following article has important information about how to do first time login on loaners, checkout computers, and CN computers: Windows – First Time Login Remote

Most loaners and checkout computers should have the “OSUBeavers” local account on them.

CN computers should have a local administrator password listed in LAPS. They should also still have the “Supportremote” account (see Keeper) but note that it is not a local admin.

Escalation to AT Teams

The Academic Technology teams provide direct customer service for services such as Kaltura and Canvas. As such, they have asked that we escalate by reassigning tickets to their teams instead of doing task assignment.

To reassign a ticket in TeamDynamix, select “Actions” -> “Reassign…”

The service infosheets have been updated to reflect this change:

Milne Construction

The construction in Milne (including the addition of a bathroom on the main floor) is expected to be done by the end of February.

If you have questions about the project, please ask Max.

In-Person Appointments and Personal Device Support

A reminder: we are still providing in-person appointments and personal device support, but with some modifications and limitations.

As covered in the training, our support is still “remote first” meaning that we should do our best to help people via remote before making an appointment.

All in-person support is by appointment only, and all appointments should be made in Bookings. Please don’t give the Bookings link to customers – we are not quiet ready for that yet!

For personal devices, ask a senior tech for assistance before scheduling an appointment. They may have more ideas to suggest. Or, we may not want to bother having them bring the computer in if it’s unlikely we can fix it (e.g. in the case of serious hardware issues). We don’t want to waste the customer’s time or our own by having them bring in a device that is beyond our ability to repair.

If you need a refresher on appointments, please re-do the training: SD Scheduling During Covid

New VPN Client

There is a new Cisco AnyConnect client available in the downloads folder – version 4.9.05042.

The previous version has a vulnerability: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW

We don’t have a good way to push AnyConnect updates yet, so as you help customers, please make sure to check their AnyConnect version and help them update to the latest. Note that the install requires local admin privileges.

Kaltura Capture Issues: Suggest Zoom as Alternative

From Raul Burriel:

“We know that with the increase of distance learning, there’s been an increase in usage of the Kaltura Capture tool, but this also means more users having issues with the software. There are a number of variables at play here, including the user’s operating system and the version of Kaltura Capture. When a user does experience an issue, the immediate solution is to steer them to an alternate product and report the issue to Kaltura. OS, software version, and logs are helpful in reporting these issues to Kaltura. The product is supported by Kaltura and regular updates are released for the product. But since we can’t wait for a patch from the vendor, steering the user to alternate solutions – such as Zoom – will help get a user on their feet ASAP. “

Short version: if customer’s are having issues with Kaltura Capture, please make note of the relevant info and record that in the ticket for the Kaltura team. But to get the customer up-and-running, suggest they use Zoom for video recording.

Modifying Name in Zoom

From Carolyn:

“OSU is moving towards into a centralized display name that can be customized, providing the ability to provide preferences and pronouns that would be used throughout services like Zoom. Until that is in place we may disable the display name mapping and allow it to be customized. We should have an answer on this next week.”

For now, please see the work-around using the Zoom mobile app, where display name changes are still allowed: Zoom – Temporary Workaround for Editing Display Name in Zoom

CJIS Training and Fingerprinting

If you have not completed your CJIS training or fingerprinting, please do so ASAP. Let me or Max know if you have questions.

Service Desk Digest 1/19/2021

Expiration of Workstation Admin Account Passwords

For security reasons, the workstation admin (wa-) accounts expire every 90 days. Once they expire, getting back in requires intervention from another staff member. Folks who only login to their wa- account occasionally may not see a notice about the upcoming expiration.

To address that issue, we’re working on implementing a reminder script that will email you at your work and student email addresses when your password expiration date is coming up. For now, please note that you can check your account expiration date by looking it up in RefTool.

Police Department After-Hours On-Call Support

As of start of January 2021, Service Desk full-time staff are providing after-hours on-call support for the new OSU police department. The after-hours coverage is only for times when the Service Desk is closed; if Service Desk is open, dispatchers and officers should contact the Service Desk instead.

Please note that this on-call is only for the police department. It is being funded by the police department.

For more information, see: Service Desk After Hours On-Call for OSU Police Department

Office and Teams in CN Image

Up until now, the CN base image has still included Office 2016. This will be updated shortly to Office 365 or 2019 instead. We will be able to select one or the other during builds. Endpoint are working on this now. Office 365 is generally preferred unless the customer needs to use software that is not compatible with it.

Teams has not been included in the CN image because it is installed in the user profile and up until recently, we couldn’t install it before the user first logged in. However, Microsoft has provided a mechanism now that will allow us to ensure Teams is installed when the user first logs in. Endpoint are also currently working on getting this into the CN image.

If you have questions, please contact Jim Galloway.

Service Desk Digest 1/6/2021

ResNet Changes

OSU wireless is being added in the Gem, which has not had OSU wireless in the past. UHDS have been installing access points this week, so not all areas have coverage yet. The ResNet Service InfoSheet (Internal) has been updated to reflect this change.

In addition, UHDS are gradually moving residence halls to a different method for wired network registration. The process is slightly different for Tebeau, Halsell, Cauthorn, Dixon Lodge, Gem and Finley. Other buildings are gradually being transitioned to this new registration method throughout the year. For details, see: Connecting Devices to ResNet

VPN Setup on Chromebooks

Jeff has done some testing and determined that Chromebook users need to install the version of Cisco AnyConnect available in the Play Store, not the ChromeOS Web Store. However, there are two issues:

  • The Plat Store is locked out for @oregonstate.edu Google accounts
  • Older Chromebooks cannot use the Play Store

For personal Chromebooks, customers should use their personal Google account (not their OSU account) to login and then access the Play Store to install AnyConnect.

For OSU-managed Chromebooks, Jeff has access to make an exception so the customer can access the Play Store. We are also looking into allowing this for all OSU accounts.

Before escalating a request to access the Play Store, please ask the customer why they need VPN access. See VPN – Troubleshooting and Alternatives KB article for alternatives to VPN.

This information has been added to the customer-facing KB article: VPN – Setup for Android and Chromebook

Duo Mobile Support for Android 7.0 Ends 2/1/2021

Beginning February 1, Android users running version 7.0 or earlier will no longer be able to download Duo Mobile from the Google Play store. Customers running Android 7.0 or below will be notified by the OSU Duo team today, 1/6/2021.

For more information, see: Duo – Android 7.0 Support Ends February 1, 2020

Reftool 12/30/20

View More Account Details

Reftool’s “View LDAP Entry” button has been renamed to “View More Account Details“. This is a more accurate description of the data shown in the JSON section.

CJIS Flag

Users part of the OSU Police Department will now be flagged with a yellow CJIS tag. This signifies that CJIS training is needed to remote into a computer or provide on-site assistance to the Police Department.

Service Desk Blog 12/18/2020

Support for Public Safety Computers

CJIS (Criminal Justice Information Services) clearance is required in order to work on computers in Public Safety. This includes in-person work as well as remote support.

It is okay to help a Public Safety customer via phone or email, but you cannot do a remote session (i.e. look at their computer) unless you have completed your CJIS certification and been fingerprinted.

Many of us have completed the CJIS training but have not yet completed the finger-printing. Both parts are required for CJIS.

If a customer asks you if you are CJIS cleared and you are not, please ask in the “SD Internal Talk” channel for another technician to pass the call to. In some cases we may need to call the customer back.

RefTool “Login Failure” Bug Fixed

A recent bug in RefTool was causing a long integer to be displayed in the “Login Failure” field for a user. This issue has been fixed, and RefTool now shows the date of the last login failure instead.

Thanks to Michael Jereza and Lucas Friedrichsen for the quick fix!

Welcome Letter to New ONID Users Bouncing as Undeliverable

This happens when the customer activates their ONID account too soon after the account has been created. The email address has not yet been created at the relays, causing the welcome letter to bounce. IAM are aware of this issue and working on it.

The problem started after the old Cyrus mail system was completely sunset recently.

ONID Domain Functional Level Raised to 2012R2

Last night the Infrastructure team raised the functional level of the ONID domain in Active Directory to 2012R2.

It is possible that some applications may not be compatible with 2012R2. If we get a ticket about an AD-integrated application that has stopped working recently, please notify the Infrastructure team.

Service Desk Digest 11/30/2020

Canvas, Kaltura Escalations

For escalations to the Canvas and Kaltura teams, it is okay to reassign the ticket rather than creating a task.

The infosheets have been updated to reflect this:

Other teams we reassign tickets to include WAMS and Telecom. In each case, these teams provide direct customer support.

For backend teams such as NOC, Infrastructure, IAM and Endpoint, we will usually create a task instead.

Please let me know if you have questions!

Duo Coming to Canvas

The Canvas team are targeting December 15, 2020 to implement Duo in front of Canvas.

Canvas has been exempted from Duo until now to ensure that the OSU community had built up a practice of using two-step login before we risked enabling this in front of the university’s most important app. This change is not expected to negatively impact students.

Comms are starting to go out this week. I will share more information as plans firm up.

UIT Customer Experience

Team,

A reminder about this note from Andrew:

“We are officially changing our department name to Customer Experience. I am excited about this name as it clearly communicates our mission to help our community have a positive experience around technology. Please update your email signatures to reflect this change.”

For some example signatures, please see: https://oregonstate.teamdynamix.com/TDClient/1935/Portal/KB/ArticleDet?ID=27738#branding

Our distribution list names have been updated, but the name “Client Services” still appears in a number of web pages, KB articles, etc. If you see the old name somewhere, let me know and we’ll get it updated.

Update organizational chart for Customer Experience: https://oregonstate.box.com/s/a8m8w1pmhychdnle6gobdtkvime9mwvk

macos Big Sur Update

On Tuesday, I sent an email to 471 Mac users in CN (based on JAMF asset info) advising them not to upgrade to Big Sur at this time.

Since the release was available on November 12, 35 CN Macs have been upgraded. About half of those are owned by IT or Ecampus staff, probably because they wanted to test things for their customers.

There have been about 16 tickets to the Service Desk so far. (Ticket report: https://oregonstate.teamdynamix.com/TDNext/Apps/Reporting/ReportDetail?ID=197330) I am only aware of one computer that “bricked” after upgrade, and I don’t have the ticket number for that one yet. It was an Engineering-supported computer, and we advised the customer to contact Apple. They did fortunately have a backup before upgrading.

James does not yet have packages he can push out for ESET or AnyConnect. He said he would have more time to focus on this next week. We have working installers for both, and our documentation has been updated.

Of the 35 Big Sur computers, 30 of them had the MDM profile approved. I have made tickets for the other 5 to get that resolved. Only 6 of them have a working version of ESET right now, and only 3 have a working version of AnyConnect.

At this point, we are not yet blocking the install on CN computers. We have advised folks not to upgrade, and they seem to be paying attention to that warning. James also reports that Apple is not making the upgrade very obvious yet. 

I’ll plan to send another update to the CN Mac users once we know more about the feasability of pushing ESET and AnyConnect out. For now, we can make tickets for the ones who have upgraded and help them get those applications working properly.

Documentation:

Service Desk Digest 11/13/2020 – Tanium, Big Sur, Exposure Notifications, Username Changes

Tanium Client Being Pushed to Managed Computers

The Tanium client has been tested internally and Infrastructure are now ready to start pushing it out to managed computers.

Tanium gives our security team more visibility into the university’s security posture. In testing, the deployment has been transparent to customers.

Devices in UIT will receive the Tanium client today. CN customer computers will receive the client starting Tuesday, November 17.

Service Desk does not have much documentation on Tanium at this time. See: https://oregonstate.teamdynamix.com/TDClient/1935/Portal/KB/ArticleDet?ID=120392

Big Sur Not Recommended Yet

If customers ask about whether they should upgrade to macOS Big Sur, let them know we are not recommending that yet. For more information, see:

Oregon Exposure Notification Program Reminder

Reminder that this was announced to the OSU community this week and Service Desk are the point of contact for helping members of the OSU community install the mobile app. Please escalate questions we can’t resolve to the Web team.

For more info: Oregon Exposure Notifications (Internal)

ONID Username Changes Reminder

Reminder that we are still unable to do username changes for people who have an Exchange Online mailbox. We can still process username changes as before for all other users (those who do not have an EOL mailbox).

For employees, we can still set a new or additional first.last@oregonstate.edu email address to match their name.

The Office 365 team are working on resolving the username change issue. Please set tickets out for a bit to review later when this option is available again.

Oregon Exposure Notifications Pilot

OSU is working with the Oregon Health Authority to pilot a covid-19 exposure notification program. Students and employees will be notified about this soon and asked to opt in.

Details about the program – including install steps – are here: beav.es/enx

And documentation in our KB is here:

The Service Desk may get some questions about installing the smartphone app, so please take a look at the instructions. Note that the app is not searchable in the Google Play store or Apple store. Some older phones may not meet the minimum hardware requirements to run the app.

Questions about how the program works and about privacy are addressed on the site at beav.es/enx.

For technical issues we can’t solve, please escalate to WAMS.

Let me know if you have questions!