Category Archives: All Groups

Service Desk Digest 11/13/2020 – Tanium, Big Sur, Exposure Notifications, Username Changes

Tanium Client Being Pushed to Managed Computers

The Tanium client has been tested internally and Infrastructure are now ready to start pushing it out to managed computers.

Tanium gives our security team more visibility into the university’s security posture. In testing, the deployment has been transparent to customers.

Devices in UIT will receive the Tanium client today. CN customer computers will receive the client starting Tuesday, November 17.

Service Desk does not have much documentation on Tanium at this time. See: https://oregonstate.teamdynamix.com/TDClient/1935/Portal/KB/ArticleDet?ID=120392

Big Sur Not Recommended Yet

If customers ask about whether they should upgrade to macOS Big Sur, let them know we are not recommending that yet. For more information, see:

Oregon Exposure Notification Program Reminder

Reminder that this was announced to the OSU community this week and Service Desk are the point of contact for helping members of the OSU community install the mobile app. Please escalate questions we can’t resolve to the Web team.

For more info: Oregon Exposure Notifications (Internal)

ONID Username Changes Reminder

Reminder that we are still unable to do username changes for people who have an Exchange Online mailbox. We can still process username changes as before for all other users (those who do not have an EOL mailbox).

For employees, we can still set a new or additional first.last@oregonstate.edu email address to match their name.

The Office 365 team are working on resolving the username change issue. Please set tickets out for a bit to review later when this option is available again.

Oregon Exposure Notifications Pilot

OSU is working with the Oregon Health Authority to pilot a covid-19 exposure notification program. Students and employees will be notified about this soon and asked to opt in.

Details about the program – including install steps – are here: beav.es/enx

And documentation in our KB is here:

The Service Desk may get some questions about installing the smartphone app, so please take a look at the instructions. Note that the app is not searchable in the Google Play store or Apple store. Some older phones may not meet the minimum hardware requirements to run the app.

Questions about how the program works and about privacy are addressed on the site at beav.es/enx.

For technical issues we can’t solve, please escalate to WAMS.

Let me know if you have questions!

Service Desk Digest 10/19/2020

New NWS-Term4

In case you somehow missed it, we have a new terminal server and a new way to access it. Instructions are here: IT Pros – Access NWS-TERM3 or NWS-TERM4

Note that you will sign into the jumphost with your ONID account (which has Duo), then Remote Desktop connect to nws-term4 and sign in with your admin account.

Keeper for Passwords

We have transitioned from using KeePass to Keeper. The new tool is more secure and also provides a mobile access option.

You should have received an invitation from Keeper to set up your account. Once you have done so, please let Max know so he can add you to the Client Services group.

Keeper setup instructions: Keeper Setup

LAPS Reminder

Reminder that CN Windows passwords for local administrator account are now managed in LAPS. For more information, see: Microsoft Local Administrator Password Solution (LAPS) (Internal)

Training Reminder – Covid Appointment Scheduling

Please complete the Covid appointment scheduling training if you have not already: SD Scheduling During Covid

Service Desk Digest 10/6/2020

VPN Disconnects

NOC found a hardcoded idle timeout at the firewall that was causing disconnects of idle VPN sessions at 30 minutes. They fixed the issue this morning, 10/6/2020. The idle timeout is now 2 hours 5 mins at the firewall.

I’ve updated this KB article: VPN – Resolve Frequent Disconnects

I think this explains some of the reported disconnect issues, but not all. Many were already resolved by diagnosing local connectivity issues or updating sleep settings.

MyOSU Sunset

MyOSU will be retired the morning of 10/12/2020. Usage logs show that most customers have already moved to MyOregonState.

Service Desk is the first point of contact for support for MyOregonState. We should make an effort to answer customer’s questions. If customers are running into errors, we need to do some work to figure out what is broken, and therefore how to escalate, just as we did with MyOSU.

Jill Swenson provided some helpful steps to troubleshoot MyOregonState issues, and I have documented those here: MyOregonState Service InfoSheet (Internal)

People.oregonstate.edu Status

A second reminder email was sent last week to customers who have content in their public_html directories in the ONID home space. If customers reply to the survey asking to keep their site, it will be maintained for now. If they do not respond, it will be archived on 10/19/2020.

A few customers have asked how to access their web directories. This article was sent to customers in the announcement emails: ONID – Home Folder

I have made some updates to that article and the linked articles to clarify that you can use the map network drive, file transfer, or SSH methods from anywhere. Feel free to make other updates if you think the articles need it. They are pretty old and I didn’t test the steps.

Covid Appointment Training

Reminder: Please complete the training for our new appointment scheduling process: SD Scheduling During Covid

Service Desk Appointments During Covid

Our processes for scheduling appointments have changed a bit in light of safety needs around Covid and limited on-site staffing.

Our updated scheduling procedures are documented here: Service Desk Appointment Scheduling During Covid

In addition, we are moving to Bookings for scheduling customer appointments. Please complete this short training on the process: https://canvas.oregonstate.edu/courses/1635323/pages/sd-covid-scheduling-introduction?module_item_id=20080571

Reftool 9/17/20

Reftool will be unavailable at 5:15pm until 5:30pm to receive updates.

Primary and Current Affiliations

A user’s primary affiliation used to appear as bold:

Now primary affiliations is an individual field:

A KB article about Affiliation is also linked from RefTool by clicking on any of the affiliations.

Azure Active Directory Sync

Reftool now displays how long ago on premises Active Directory was synced with Azure Cloud Services:

This information can be refreshed every 2 minutes, requiring Reftool user’s to refresh the page in order to update the counter.

VPN Cut-Over 9/18/2020

Cut-Over Details

The cut-over is scheduled for this Friday, 9/18. Starting late in the evening of 9/17, customers will no longer be able to connect to the old server sds.oregonstate.edu. If they have a connection already, they will be able to stay connected until it times out (18 hours) but after that they will need to switch their server to vpn.oregonstate.edu.

Common Requests

Some customers have installed the newer AnyConnect 4.x client, but are still connecting to sds.oregonstate.edu. They just need to enter vpn.oregonstate.edu when they connect.

Some customers are still running a 3.x client or were using a built-in VPN (e.g. on Mac or Linux). For those users, they need to install the AnyConnect 4.x client and point it at vpn.oregonstate.edu. See: Guide: VPN Setup

Some customers may not have local admin rights. If they are on a CN, SMS checkout or COVID loaner, we can help them. If their computer is managed by another distributed IT team, we will need to refer them to that other team.

For VPN disconnects, see: VPN – Resolve Frequent Disconnects

Note that customers need to Duo auth every time they connect to the VPN. The option to select split or full tunnel is in a window that hides behind the login screen.

If customers are having trouble or are not eligible to use the new VPN, remember that we have several VPN alternatives documented.

Notifications

Customers who are still using the old server have been notified via email in June, July, and August that they need to move to the new server. A final reminder email is going out to individuals on 9/17. The project team also notified ITCC and IT Pros, and an additional reminder went to IT Pros on 9/16.

Information about the new VPN and why we are changing is on the landing page: https://is.oregonstate.edu/vpn

There were over 4,000 users on the old VPN as of June. That number has fallen to just under 1,300 as of 9/14. Most VPN users have managed to move to the new server without assistance, so I do not expect them all to call us on Friday. We are still monitoring usage this week, and if it looks like we might get a lot of calls, I will add additional resources to our phone queue for Friday.

VPN Eligibility, Exceptions, Temporary Extensions, and Temp Access to the Old Server

VPN eligibility on the new server has changed over the past few months, and I apologize for the confusion. At this time, all current students, employees, associates and sponsored account holders have VPN access automatically. Look for the groups “vpnFullTunnel” and “vpnSplitTunnel” in RefTool. (See VPN – Who is Eligible for VPN Access?)

VPN Exception:

If a customer is an external person (does not have an ONID account), they need an exception in order to use the VPN. An IT Pro needs to fill out the request (we can do this for CN-supported departments), a current OSU employee needs to sponsor the request, and the request needs to be reviewed by the Office of Information Security. If OIS approves it, Service Desk adds the user to a group that grants them access.

External users will need to use a delegated account in ONID AD. We can create the account, set the password, and help the external person change it via MyCN (it’s not an ONID account, so they can’t use ONID to reset password, fyi). These requests will mostly be for vendors and contractors who need remote access to support systems on our network.

See: VPN Exception Process for non-ONID User (Internal)

Extend Access to VPN for ONID User:

If a customer has an ONID account but is not “current” – for example, a student who hasn’t been registered for a while, or an employee who is between jobs at OSU – another OSU employee who is current can sponsor them for a temporary VPN extension, up to 90 days. These requests do not need to go to the Office of Information Security, but we do need a sponsor to vouch for the person, and we need to collect a business reason for the request. I expect these requests to be rare, and we should always ask why they need VPN and explore alternatives before suggesting this option.

See: Extend Access for Non-Current ONID User (Internal)

Temp Access to Old VPN Server:

Finally, if someone has an urgent, mission-critical reason to connect to the old VPN server, we can grant them temporary access. This probably shouldn’t happen at all. And if it does, please notify me! The old server will be around for a little while just in case it is needed for some very urgent reason, but it will be shut down completely soon.

See: VPN – Temporarily Allow a User on SDS.oregonstate.edu (Internal)

Questions?

I think that is everything you need to know about VPN! Questions? Please ask. I’m… here all week.

Office 365 Login Changing

Update from the Office 365 team:

“Tuesday, 9/8/2020 10pm – 12am, O365 login process update At 10 PM. The Infrastructure team will be changing Office 365 login process.  There will be no interruption to o365 services.  Users will a receive a newly themed login page and be forced to login as their sessions expire, this includes both browser and desktop application sessions.  This change does not include any MFA requirements.”

We may get questions from customers about this change. It is my understanding that this change is preparation for requiring Duo for login to Office 365 in the future. However, Duo will not be required yet.

*** Update: This change has been rescheduled to Saturday, 9/12.

Service Desk Digest 9/2/2020

Upcoming Events

  • September 4-5 – Oracle maintenance will cause an outage for Banner and several related systems. OSU employees were notified via Inform.
  • September 8 – A new version of the ADFS login will be implemented and will include Duo two-step login. This means login to Office 365 and Outlook for the Web will now require Duo. This should have no impact on Outlook clients.
  • September 8-11 – HMSC computer moves to new Marine Studies Building (MSB). Customers will not be on-site for move-in until the following week. We may get follow-up questions about remote desktop and printing as their IP addresses are changing.
  • September 10 at 7pm – All Zoom meetings will require a passcode. Customers with scheduled meetings are being notified now. For more information, see: https://is.oregonstate.edu/zoom/passcode-requirement
  • September 18 – The old VPN server sds.oregonstate.edu will be shut down. All users will need to switch to vpn.oregonstate.edu. For more information, see: Guide: VPN Setup
  • September 23Fall term starts
  • October – A couple of weeks after school starts, the myOSU portal will be fully decommissioned in favor of MyOregonState. For more information, see: MyOregonState Service InfoSheet and https://is.oregonstate.edu/dx/my/launch
  • October 19 – Most people.oregonstate.edu sites will be shut down. See People.oregonstate.edu survey email 8/25/2020 for details.

Important Reminders

  • Personal Device Support – we do provide scheduled appointments for personal device repair. It is by appointment only (no drop-ins). Please exhaust all remote support options first, and do not schedule appointments for computers that are likely un-fixable. Schedule appointments with Jeff (or Ken if Jeff is unavailable). Remind customers to arrive on-time and follow social distancing and face covering guidelines. Questions? Ask Jeff or Max.
  • CN In-Office Appointments – we are also still providing in-office appointments for CN customers. Please exhaust all remote support options first. Schedule with Robin (or Ken if Robin is unavailable). Remind customers to follow social distancing and face covering guidelines. Questions? Ask Robin or Max.
  • Loaner Laptops – We still have covid loaner laptops available. Employees may request a loaner laptop using the request form. Students may contact HSRC.

Common Issues

  • Compromised Accounts and Exchange Online – We are seeing some follow-up issues on compromised accounts since the migration to Exchange Online. In particular, some users are also blocked by Microsoft, which requires action by the Office 365 Tier 2 team to fix (IAM cannot fix this). We have also seen some users have a mail rule set that deletes all incoming mail, and one user hit the max sending limit for a 24 hour period and could not send mail. Our processes and documentation need to be updated to reflect these issues. For now, please be aware of it and check customer mail settings if they have been recently compromised and are now having email issues.
  • Valid email messages going to junk – Please explain to customers that this is because we are now using Microsoft’s spam filtering tools, which are helping a lot, but sometimes have false positives. There is no “fix”, so no reason to escalate the ticket. Please help customers mark as not junk and/or update safe senders. If they are concerned about legitimate mass mailings being marked as junk, the Office 365 admins may be able to permit it and there is a request form for that here: Valid e-mail address going to the junk mail folder
  • VPN Disconnects Frequently – A few people have reported that the new VPN disconnects more often than the old one did. So far everyone reporting this issue who has resolved it did so by either adjusting their computer’s sleep settings, or troubleshooting underlying network connectivity issues. Please see the troubleshooting guide here: VPN – Resolve Frequent Disconnects
  • Outlook Email Issues – Please don’t reinstall Office to resolve Outlook issues unless you know why you are doing that. It’s disruptive to the customer, and wastes time if it does nothing to solve their issue. I have seen several tickets where we reinstalled Office 3 or more times without troubleshooting the customer’s issue. In one recent example, we reinstalled Office twice for a customer whose account had been hacked and had a mail rule deleting all mail. 🙁 I’m working on some new guides (for example: Exchange Online – Can’t Receive Email). Ask clarifying questions, collect errors, search the KB, and use your google powers. And let me know what else you’d like to see in the KB!

Reftool 8/27/20

This Reftool update brings multiple quality of life changes.

Application routing for search was simplified.

Upon pressing the “Search” button for a query: “query”, results will be displayed under the following URL.

The original routing: domain.oregonstate.edu/reftool2/search/query;searchType=type;filterType=filter;searchAliases=bool

The new search route: domain.oregonstate.edu/reftool2/search/type/query

A “Share” button has been added to the right of the results panel, it allows users to share search results.

Note: this will only display if results are returned.

Clicking the share button will copy a shareable Reftool query to the clipboard.

It will take the previous form in order to export parameters: domain.oregonstate.edu/reftool2/search/query;searchType=type;filterType=filter;searchAliases=bool

Chronological History

History will now display newest queries first. This will not affect previously saved cookies, only new queries. It might be preferable to clear history to remove cookies in the old order.

Smooth Scrolling

Upon pressing the “LDAP Entry” button, a smooth scrolling animations will play. The button will smooth scroll to either the LDAP entry or the previously pressed button.

Note: this animation was not compatible with the Chrome browser in testing.