Reftool 9/17/20

Reftool will be unavailable at 5:15pm until 5:30pm to receive updates.

Primary and Current Affiliations

A user’s primary affiliation used to appear as bold:

Now primary affiliations is an individual field:

A KB article about Affiliation is also linked from RefTool by clicking on any of the affiliations.

Azure Active Directory Sync

Reftool now displays how long ago on premises Active Directory was synced with Azure Cloud Services:

This information can be refreshed every 2 minutes, requiring Reftool user’s to refresh the page in order to update the counter.

VPN Cut-Over 9/18/2020

Cut-Over Details

The cut-over is scheduled for this Friday, 9/18. Starting late in the evening of 9/17, customers will no longer be able to connect to the old server If they have a connection already, they will be able to stay connected until it times out (18 hours) but after that they will need to switch their server to

Common Requests

Some customers have installed the newer AnyConnect 4.x client, but are still connecting to They just need to enter when they connect.

Some customers are still running a 3.x client or were using a built-in VPN (e.g. on Mac or Linux). For those users, they need to install the AnyConnect 4.x client and point it at See: Guide: VPN Setup

Some customers may not have local admin rights. If they are on a CN, SMS checkout or COVID loaner, we can help them. If their computer is managed by another distributed IT team, we will need to refer them to that other team.

For VPN disconnects, see: VPN – Resolve Frequent Disconnects

Note that customers need to Duo auth every time they connect to the VPN. The option to select split or full tunnel is in a window that hides behind the login screen.

If customers are having trouble or are not eligible to use the new VPN, remember that we have several VPN alternatives documented.


Customers who are still using the old server have been notified via email in June, July, and August that they need to move to the new server. A final reminder email is going out to individuals on 9/17. The project team also notified ITCC and IT Pros, and an additional reminder went to IT Pros on 9/16.

Information about the new VPN and why we are changing is on the landing page:

There were over 4,000 users on the old VPN as of June. That number has fallen to just under 1,300 as of 9/14. Most VPN users have managed to move to the new server without assistance, so I do not expect them all to call us on Friday. We are still monitoring usage this week, and if it looks like we might get a lot of calls, I will add additional resources to our phone queue for Friday.

VPN Eligibility, Exceptions, Temporary Extensions, and Temp Access to the Old Server

VPN eligibility on the new server has changed over the past few months, and I apologize for the confusion. At this time, all current students, employees, associates and sponsored account holders have VPN access automatically. Look for the groups “vpnFullTunnel” and “vpnSplitTunnel” in RefTool. (See VPN – Who is Eligible for VPN Access?)

VPN Exception:

If a customer is an external person (does not have an ONID account), they need an exception in order to use the VPN. An IT Pro needs to fill out the request (we can do this for CN-supported departments), a current OSU employee needs to sponsor the request, and the request needs to be reviewed by the Office of Information Security. If OIS approves it, Service Desk adds the user to a group that grants them access.

External users will need to use a delegated account in ONID AD. We can create the account, set the password, and help the external person change it via MyCN (it’s not an ONID account, so they can’t use ONID to reset password, fyi). These requests will mostly be for vendors and contractors who need remote access to support systems on our network.

See: VPN Exception Process for non-ONID User (Internal)

Extend Access to VPN for ONID User:

If a customer has an ONID account but is not “current” – for example, a student who hasn’t been registered for a while, or an employee who is between jobs at OSU – another OSU employee who is current can sponsor them for a temporary VPN extension, up to 90 days. These requests do not need to go to the Office of Information Security, but we do need a sponsor to vouch for the person, and we need to collect a business reason for the request. I expect these requests to be rare, and we should always ask why they need VPN and explore alternatives before suggesting this option.

See: Extend Access for Non-Current ONID User (Internal)

Temp Access to Old VPN Server:

Finally, if someone has an urgent, mission-critical reason to connect to the old VPN server, we can grant them temporary access. This probably shouldn’t happen at all. And if it does, please notify me! The old server will be around for a little while just in case it is needed for some very urgent reason, but it will be shut down completely soon.

See: VPN – Temporarily Allow a User on (Internal)


I think that is everything you need to know about VPN! Questions? Please ask. I’m… here all week.

Office 365 Login Changing

Update from the Office 365 team:

“Tuesday, 9/8/2020 10pm – 12am, O365 login process update At 10 PM. The Infrastructure team will be changing Office 365 login process.  There will be no interruption to o365 services.  Users will a receive a newly themed login page and be forced to login as their sessions expire, this includes both browser and desktop application sessions.  This change does not include any MFA requirements.”

We may get questions from customers about this change. It is my understanding that this change is preparation for requiring Duo for login to Office 365 in the future. However, Duo will not be required yet.

*** Update: This change has been rescheduled to Saturday, 9/12.

Service Desk Digest 9/2/2020

Upcoming Events

  • September 4-5 – Oracle maintenance will cause an outage for Banner and several related systems. OSU employees were notified via Inform.
  • September 8 – A new version of the ADFS login will be implemented and will include Duo two-step login. This means login to Office 365 and Outlook for the Web will now require Duo. This should have no impact on Outlook clients.
  • September 8-11 – HMSC computer moves to new Marine Studies Building (MSB). Customers will not be on-site for move-in until the following week. We may get follow-up questions about remote desktop and printing as their IP addresses are changing.
  • September 10 at 7pm – All Zoom meetings will require a passcode. Customers with scheduled meetings are being notified now. For more information, see:
  • September 18 – The old VPN server will be shut down. All users will need to switch to For more information, see: Guide: VPN Setup
  • September 23Fall term starts
  • October – A couple of weeks after school starts, the myOSU portal will be fully decommissioned in favor of MyOregonState. For more information, see: MyOregonState Service InfoSheet and
  • October 19 – Most sites will be shut down. See survey email 8/25/2020 for details.

Important Reminders

  • Personal Device Support – we do provide scheduled appointments for personal device repair. It is by appointment only (no drop-ins). Please exhaust all remote support options first, and do not schedule appointments for computers that are likely un-fixable. Schedule appointments with Jeff (or Ken if Jeff is unavailable). Remind customers to arrive on-time and follow social distancing and face covering guidelines. Questions? Ask Jeff or Max.
  • CN In-Office Appointments – we are also still providing in-office appointments for CN customers. Please exhaust all remote support options first. Schedule with Robin (or Ken if Robin is unavailable). Remind customers to follow social distancing and face covering guidelines. Questions? Ask Robin or Max.
  • Loaner Laptops – We still have covid loaner laptops available. Employees may request a loaner laptop using the request form. Students may contact HSRC.

Common Issues

  • Compromised Accounts and Exchange Online – We are seeing some follow-up issues on compromised accounts since the migration to Exchange Online. In particular, some users are also blocked by Microsoft, which requires action by the Office 365 Tier 2 team to fix (IAM cannot fix this). We have also seen some users have a mail rule set that deletes all incoming mail, and one user hit the max sending limit for a 24 hour period and could not send mail. Our processes and documentation need to be updated to reflect these issues. For now, please be aware of it and check customer mail settings if they have been recently compromised and are now having email issues.
  • Valid email messages going to junk – Please explain to customers that this is because we are now using Microsoft’s spam filtering tools, which are helping a lot, but sometimes have false positives. There is no “fix”, so no reason to escalate the ticket. Please help customers mark as not junk and/or update safe senders. If they are concerned about legitimate mass mailings being marked as junk, the Office 365 admins may be able to permit it and there is a request form for that here: Valid e-mail address going to the junk mail folder
  • VPN Disconnects Frequently – A few people have reported that the new VPN disconnects more often than the old one did. So far everyone reporting this issue who has resolved it did so by either adjusting their computer’s sleep settings, or troubleshooting underlying network connectivity issues. Please see the troubleshooting guide here: VPN – Resolve Frequent Disconnects
  • Outlook Email Issues – Please don’t reinstall Office to resolve Outlook issues unless you know why you are doing that. It’s disruptive to the customer, and wastes time if it does nothing to solve their issue. I have seen several tickets where we reinstalled Office 3 or more times without troubleshooting the customer’s issue. In one recent example, we reinstalled Office twice for a customer whose account had been hacked and had a mail rule deleting all mail. 🙁 I’m working on some new guides (for example: Exchange Online – Can’t Receive Email). Ask clarifying questions, collect errors, search the KB, and use your google powers. And let me know what else you’d like to see in the KB!