All posts by Kirsten Petersen

Service Desk Digest 10/19/2020

New NWS-Term4

In case you somehow missed it, we have a new terminal server and a new way to access it. Instructions are here: IT Pros – Access NWS-TERM3 or NWS-TERM4

Note that you will sign into the jumphost with your ONID account (which has Duo), then Remote Desktop connect to nws-term4 and sign in with your admin account.

Keeper for Passwords

We have transitioned from using KeePass to Keeper. The new tool is more secure and also provides a mobile access option.

You should have received an invitation from Keeper to set up your account. Once you have done so, please let Max know so he can add you to the Client Services group.

Keeper setup instructions: Keeper Setup

LAPS Reminder

Reminder that CN Windows passwords for local administrator account are now managed in LAPS. For more information, see: Microsoft Local Administrator Password Solution (LAPS) (Internal)

Training Reminder – Covid Appointment Scheduling

Please complete the Covid appointment scheduling training if you have not already: SD Scheduling During Covid

Service Desk Digest 10/6/2020

VPN Disconnects

NOC found a hardcoded idle timeout at the firewall that was causing disconnects of idle VPN sessions at 30 minutes. They fixed the issue this morning, 10/6/2020. The idle timeout is now 2 hours 5 mins at the firewall.

I’ve updated this KB article: VPN – Resolve Frequent Disconnects

I think this explains some of the reported disconnect issues, but not all. Many were already resolved by diagnosing local connectivity issues or updating sleep settings.

MyOSU Sunset

MyOSU will be retired the morning of 10/12/2020. Usage logs show that most customers have already moved to MyOregonState.

Service Desk is the first point of contact for support for MyOregonState. We should make an effort to answer customer’s questions. If customers are running into errors, we need to do some work to figure out what is broken, and therefore how to escalate, just as we did with MyOSU.

Jill Swenson provided some helpful steps to troubleshoot MyOregonState issues, and I have documented those here: MyOregonState Service InfoSheet (Internal)

People.oregonstate.edu Status

A second reminder email was sent last week to customers who have content in their public_html directories in the ONID home space. If customers reply to the survey asking to keep their site, it will be maintained for now. If they do not respond, it will be archived on 10/19/2020.

A few customers have asked how to access their web directories. This article was sent to customers in the announcement emails: ONID – Home Folder

I have made some updates to that article and the linked articles to clarify that you can use the map network drive, file transfer, or SSH methods from anywhere. Feel free to make other updates if you think the articles need it. They are pretty old and I didn’t test the steps.

Covid Appointment Training

Reminder: Please complete the training for our new appointment scheduling process: SD Scheduling During Covid

Service Desk Appointments During Covid

Our processes for scheduling appointments have changed a bit in light of safety needs around Covid and limited on-site staffing.

Our updated scheduling procedures are documented here: Service Desk Appointment Scheduling During Covid

In addition, we are moving to Bookings for scheduling customer appointments. Please complete this short training on the process: https://canvas.oregonstate.edu/courses/1635323/pages/sd-covid-scheduling-introduction?module_item_id=20080571

VPN Cut-Over 9/18/2020

Cut-Over Details

The cut-over is scheduled for this Friday, 9/18. Starting late in the evening of 9/17, customers will no longer be able to connect to the old server sds.oregonstate.edu. If they have a connection already, they will be able to stay connected until it times out (18 hours) but after that they will need to switch their server to vpn.oregonstate.edu.

Common Requests

Some customers have installed the newer AnyConnect 4.x client, but are still connecting to sds.oregonstate.edu. They just need to enter vpn.oregonstate.edu when they connect.

Some customers are still running a 3.x client or were using a built-in VPN (e.g. on Mac or Linux). For those users, they need to install the AnyConnect 4.x client and point it at vpn.oregonstate.edu. See: Guide: VPN Setup

Some customers may not have local admin rights. If they are on a CN, SMS checkout or COVID loaner, we can help them. If their computer is managed by another distributed IT team, we will need to refer them to that other team.

For VPN disconnects, see: VPN – Resolve Frequent Disconnects

Note that customers need to Duo auth every time they connect to the VPN. The option to select split or full tunnel is in a window that hides behind the login screen.

If customers are having trouble or are not eligible to use the new VPN, remember that we have several VPN alternatives documented.

Notifications

Customers who are still using the old server have been notified via email in June, July, and August that they need to move to the new server. A final reminder email is going out to individuals on 9/17. The project team also notified ITCC and IT Pros, and an additional reminder went to IT Pros on 9/16.

Information about the new VPN and why we are changing is on the landing page: https://is.oregonstate.edu/vpn

There were over 4,000 users on the old VPN as of June. That number has fallen to just under 1,300 as of 9/14. Most VPN users have managed to move to the new server without assistance, so I do not expect them all to call us on Friday. We are still monitoring usage this week, and if it looks like we might get a lot of calls, I will add additional resources to our phone queue for Friday.

VPN Eligibility, Exceptions, Temporary Extensions, and Temp Access to the Old Server

VPN eligibility on the new server has changed over the past few months, and I apologize for the confusion. At this time, all current students, employees, associates and sponsored account holders have VPN access automatically. Look for the groups “vpnFullTunnel” and “vpnSplitTunnel” in RefTool. (See VPN – Who is Eligible for VPN Access?)

VPN Exception:

If a customer is an external person (does not have an ONID account), they need an exception in order to use the VPN. An IT Pro needs to fill out the request (we can do this for CN-supported departments), a current OSU employee needs to sponsor the request, and the request needs to be reviewed by the Office of Information Security. If OIS approves it, Service Desk adds the user to a group that grants them access.

External users will need to use a delegated account in ONID AD. We can create the account, set the password, and help the external person change it via MyCN (it’s not an ONID account, so they can’t use ONID to reset password, fyi). These requests will mostly be for vendors and contractors who need remote access to support systems on our network.

See: VPN Exception Process for non-ONID User (Internal)

Extend Access to VPN for ONID User:

If a customer has an ONID account but is not “current” – for example, a student who hasn’t been registered for a while, or an employee who is between jobs at OSU – another OSU employee who is current can sponsor them for a temporary VPN extension, up to 90 days. These requests do not need to go to the Office of Information Security, but we do need a sponsor to vouch for the person, and we need to collect a business reason for the request. I expect these requests to be rare, and we should always ask why they need VPN and explore alternatives before suggesting this option.

See: Extend Access for Non-Current ONID User (Internal)

Temp Access to Old VPN Server:

Finally, if someone has an urgent, mission-critical reason to connect to the old VPN server, we can grant them temporary access. This probably shouldn’t happen at all. And if it does, please notify me! The old server will be around for a little while just in case it is needed for some very urgent reason, but it will be shut down completely soon.

See: VPN – Temporarily Allow a User on SDS.oregonstate.edu (Internal)

Questions?

I think that is everything you need to know about VPN! Questions? Please ask. I’m… here all week.

Office 365 Login Changing

Update from the Office 365 team:

“Tuesday, 9/8/2020 10pm – 12am, O365 login process update At 10 PM. The Infrastructure team will be changing Office 365 login process.  There will be no interruption to o365 services.  Users will a receive a newly themed login page and be forced to login as their sessions expire, this includes both browser and desktop application sessions.  This change does not include any MFA requirements.”

We may get questions from customers about this change. It is my understanding that this change is preparation for requiring Duo for login to Office 365 in the future. However, Duo will not be required yet.

*** Update: This change has been rescheduled to Saturday, 9/12.

Service Desk Digest 9/2/2020

Upcoming Events

  • September 4-5 – Oracle maintenance will cause an outage for Banner and several related systems. OSU employees were notified via Inform.
  • September 8 – A new version of the ADFS login will be implemented and will include Duo two-step login. This means login to Office 365 and Outlook for the Web will now require Duo. This should have no impact on Outlook clients.
  • September 8-11 – HMSC computer moves to new Marine Studies Building (MSB). Customers will not be on-site for move-in until the following week. We may get follow-up questions about remote desktop and printing as their IP addresses are changing.
  • September 10 at 7pm – All Zoom meetings will require a passcode. Customers with scheduled meetings are being notified now. For more information, see: https://is.oregonstate.edu/zoom/passcode-requirement
  • September 18 – The old VPN server sds.oregonstate.edu will be shut down. All users will need to switch to vpn.oregonstate.edu. For more information, see: Guide: VPN Setup
  • September 23Fall term starts
  • October – A couple of weeks after school starts, the myOSU portal will be fully decommissioned in favor of MyOregonState. For more information, see: MyOregonState Service InfoSheet and https://is.oregonstate.edu/dx/my/launch
  • October 19 – Most people.oregonstate.edu sites will be shut down. See People.oregonstate.edu survey email 8/25/2020 for details.

Important Reminders

  • Personal Device Support – we do provide scheduled appointments for personal device repair. It is by appointment only (no drop-ins). Please exhaust all remote support options first, and do not schedule appointments for computers that are likely un-fixable. Schedule appointments with Jeff (or Ken if Jeff is unavailable). Remind customers to arrive on-time and follow social distancing and face covering guidelines. Questions? Ask Jeff or Max.
  • CN In-Office Appointments – we are also still providing in-office appointments for CN customers. Please exhaust all remote support options first. Schedule with Robin (or Ken if Robin is unavailable). Remind customers to follow social distancing and face covering guidelines. Questions? Ask Robin or Max.
  • Loaner Laptops – We still have covid loaner laptops available. Employees may request a loaner laptop using the request form. Students may contact HSRC.

Common Issues

  • Compromised Accounts and Exchange Online – We are seeing some follow-up issues on compromised accounts since the migration to Exchange Online. In particular, some users are also blocked by Microsoft, which requires action by the Office 365 Tier 2 team to fix (IAM cannot fix this). We have also seen some users have a mail rule set that deletes all incoming mail, and one user hit the max sending limit for a 24 hour period and could not send mail. Our processes and documentation need to be updated to reflect these issues. For now, please be aware of it and check customer mail settings if they have been recently compromised and are now having email issues.
  • Valid email messages going to junk – Please explain to customers that this is because we are now using Microsoft’s spam filtering tools, which are helping a lot, but sometimes have false positives. There is no “fix”, so no reason to escalate the ticket. Please help customers mark as not junk and/or update safe senders. If they are concerned about legitimate mass mailings being marked as junk, the Office 365 admins may be able to permit it and there is a request form for that here: Valid e-mail address going to the junk mail folder
  • VPN Disconnects Frequently – A few people have reported that the new VPN disconnects more often than the old one did. So far everyone reporting this issue who has resolved it did so by either adjusting their computer’s sleep settings, or troubleshooting underlying network connectivity issues. Please see the troubleshooting guide here: VPN – Resolve Frequent Disconnects
  • Outlook Email Issues – Please don’t reinstall Office to resolve Outlook issues unless you know why you are doing that. It’s disruptive to the customer, and wastes time if it does nothing to solve their issue. I have seen several tickets where we reinstalled Office 3 or more times without troubleshooting the customer’s issue. In one recent example, we reinstalled Office twice for a customer whose account had been hacked and had a mail rule deleting all mail. 🙁 I’m working on some new guides (for example: Exchange Online – Can’t Receive Email). Ask clarifying questions, collect errors, search the KB, and use your google powers. And let me know what else you’d like to see in the KB!

Service Desk Digest 8/14/2020

In-Person Support for Personal Devices

Since mid-March we have not been taking in-person appointments for personal devices. Starting today, we are bringing that service back. This includes personal devices for OSU employees and students.

We should still exhaust all remote support options before scheduling an in-person visit. If a request obviously requires an in-person visit (e.g. someone is asking us to replace a busted hard drive) please go ahead and schedule it.

For now, schedule primarily with Jeff. Remind customers to be on time, wear a face covering, and follow social distancing guidelines. We will keep our interactions with customers as short as we can, and may ask to take their computer and have them come back later to pick it up.

I’m working on updating our response templates to better communicate how we are handling appointments. I’ll have another update on this early next week.

As a reminder: we have COVID loaner laptops for employees if they need one, and HSRC has loaner laptops for students in need.

Mandatory Trainings for Incoming OSU Students

We are starting to get questions again about the OSU-wide mandatory trainings for incoming students. Sometimes folks get the invite but can’t login to the training. I’ve updated the KB article with referral info: Cannot Access Mandatory Student Training

Software

ESRI Desktop will expire at the end of the month. The software team are working on getting this renewed.

ArcGIS renewal has gone through and Pelkey placed new licenses in \\software. Folks with named user licenses should have renewed automatically. Contact Pelkey on Teams if you see issues.

Office 365 Training

We are talking about putting together some training on basic tasks in the Microsoft 365 environment (including Outlook on the Web, Teams, file collaboration via Teams/OneDrive/SharePoint, etc.). What are some things you’d like to know more about in the 365 suite? Message me on Teams with your wish list.

VPN Update

The VPN project team met yesterday and discussed exception requests for people with active ONID accounts who are not VPN eligible. The team agreed that if an OSU employee sponsors an ONID user for VPN access, Service Desk can grant it.

We do not yet have a process to do the granting. IAM is working on that right now. For now, please refer such requests to me (not to OIS).

Note that students who are “eligible to register” already have VPN access, but that is a flag set in Banner for which UIT is unsure of the logic. If someone thinks they should be eligible to register but aren’t, we should refer them to the Registrar or Grad School.

Compromised Account Process Reminder

The process to handle a compromised account (or suspected compromised account) is documented here: SD – Compromised Account (Internal)

In particular, please note that if a customer self-reports a likely compromise, we should do the following:

  1. Help them immediately change their password
  2. Notify them that their account may be deactivated anyway to ensure that bad actors are not still using it.
  3. Report the issue via escalation to IAM.

This process may be revised in the near future, as IAM and OIS are still reviewing it. Let me know if you have questions.

Bookings Support Training

With the help of Jenesis Long, I’ve added a training module for IT staff to help us support Microsoft Bookings.

Please complete the training soon, and let me know if you have any questions or feedback.

Jenesis’ team will be running workshops for advising groups soon to do initial Bookings setup.

As a reminder, Service Desk is the first point-of-contact for Bookings, and the service infosheet is here: Bookings – Service InfoSheet (Internal)

Athletics IT

Due to staffing issues in Athletics, the Service Desk will be assisting Athletics employees with IT support for the near future.

Athletics have not been on-boarded as CN customers, and we do not have local administrative access to their computers at this time. That may change in the near future.

Please do not refer Athletics customers. Do your best to assist them. See below for options if you get stuck:

  1. Please check the KB first. We will add information to the Athletics internal infosheet as we gather it: https://oregonstate.teamdynamix.com/TDClient/1935/Portal/KB/ArticleDet?ID=27573
  2. Richard Turk is serving as the UIT liaison to Athletics at this time; contact Richard (after checking the KB) for any questions we would normally have brought to Athletics IT, e.g. about department-specific software, network shares, etc.