www.neil.blog memo to myself. do the dumb things i gotta do. touch the puppet head.

December 23, 2018

Microsoft product line confusion driving me up the wall

Filed under: rants,tech — Tags: , , — npd @ 10:36 am

One of the most challenging things I’ve been facing lately at my job is keeping up with the constantly changing and intractable product lines from Microsoft. I used to have a pretty solid grasp of feature differentiation between different versions of Windows, Office, and Server. It was all relatively consistent and available in my brain for recall. If you needed to know the basic differences between Windows Server editions, or whether Microsoft Project ships with Office 2003 Standard, or whether you need an Exchange Standard User CAL to connect an Outlook client running on Windows XP to an Exchange 2007 Standard server, I knew it. Granted the CAL requirements have always been a bit tricky, but you could figure it out.

But something changed once Microsoft started pushing Office 365. I think Microsoft has started to lose something important in their marketing and product line designations that is making me as confused as the least-computer-savvy person I’ve ever taken a tech support phone call from who says “My Microsoft is broken!”

There’s a comment on the orange site from last year that I think about regularly from user basch, which scratches the surface on what’s bothering me so much.

that is just a microcosm of how bad the situation is. I dont think microsoft fully understands how impossible it is to have a conversation with a lay person using microsofts correct terms. “no not skype, what you want is skype for business (a completely different unrelated product), then you want to access a folder in your microsoft office 365 group team site document library (no not teams, thats different) through the onedrive client, unless in this case you want to use the sharepoint app, err no the onedrive app, err no the OUTLOOK GROUPS, no not the outlook app, the outlook groups app (not office groups??? why????) app because the sharepoint AND onedrive app dont have that feature. You can access your group team site onedrive files from sharepoint, or outlook groups, or onedrive, but if you use the teams app you can only see the files stored in channels, which are the same as folders in your onedrive/sharepointteamsitedocumentlibrary except they are also chat rooms in teams. If you want to scan something you need officelens or onedrive, but not sharepoint or outlook groups because they dont have a scan button nor teams, because that cant upload to groups/channels/subfoldersinteamsitedocumentlibraries, so you need onedrive which has a scan button. once you open onedrive (ios) you need to click sites to get to groups, because groups are in the sites tab, even though no other onedrive interface uses the sites nomenclature, nor is sites often used sans teams. then click the group name, then click documents (because thats the only option unless you make other document libraries. if you make non shared20%documents libraries, they are inaccessable from some clients such as OWA/attachgroupfiles. so dont ever ever make them, but you will still have to click documents ever time you click the group. every time. but if you want to make another document library to partition some large files into a different document library, to prevent accident giant syncs of data, you will need to click sync again. for every document library. on every persons computer.) If someone scans something to the root of the shared20%documents folder, its inaccessable from teams because it didnt make it to a channel. And if they made a different document library, its roulette whether or not varous clients can see it or if they just autoassume shared20%documents. Oh it looks like you did all this is in your microsoft account not your office account, now you have to start over and cant move your data automatically. Yes Im sorry that onedrive personal is different from onedrive corporate which is different from a (onedrive) office 365 groupteamsitedocumentlibrary…. … here let me teach you the EASY WAY to do this. MEMORIZE tenent.sharepoint.com/sites/groupname/Shared%20Documents, and just type that right into the address bar, its much faster to MEMORIZE that string than it is to navigate the user interface. i promise you should memorize it to save time. no really im not kidding, i emplore you to memorize the url structure instead of learning the interface. fine, we can continue, lets walk through all the clicks one more time.then onenote gets involved in the mix, which gets stored in onedrive. but the surface pen can only call the onedrive that accesses onedrive personal (msa) not onedrive individual corporate, because there are two onenotes, one built into windows one into office. the pen eraser can not be reprogrammed to use the PAID FOR CORPORATE onenote, just the free app. so never click the button on the only peripheral of the three thousand dollar computer you just bought, because it will lead you somewhere you dont want to go. so now onenotes are stored in the wrong onedrive. also for some reason your computer still has the onedrive for business client, formerly, sharepoint sync, formerly groove (acquired from ray ozzie who also tortured you introducing Lotus Notes to the world, back in the day) which is depricated, lets update you to onedrive, formerly live mesh, but now the correct client to use to access your aad onedrive for business. yes im sorry, one drive for business is no longer developed but you use onedrive not for business to access your onedrive for business which is different from your personal onedrive, and also different from groups. yes you could use the share feature to share documents in your individual (corporate not personal) onedrive with others, but the more correct way to sustainablty collaborate is by using gropu onedrives. and yes, you still have to click sync for each group/document library again on your second third and fourth computer, because sync settings cant be stored in the cloud or pushed to other users. if you want to mount your group/onedrive/sharepointteamsitedocumentlibrary as a drive letter without caching and syncing it we need to install a third party zeedrive service, because windows cant remount sharepoint drive letters on reboot well.
and microsoft wonders why people prefer dropbox/box….
tldr: teams vs teamsites (completely different). i can add people to groups or teamsites from outlook groups or teams, right? yes you can add people to teamsites from teams, but they are completely different things. msa onedrive vs aad onedrive vs group onedrive (not called a onedrive usually but accessable through the onedrive web/windows/mobile client using the onedrive api.) onenote vs onenote 2016. skype vs skype for business. channels vs folders, vs document libraries vs teamsites vs groups vs teams!>??!?! 🙁 🙁 :(seriously why the fuck does my phone have onedrive, sharepoint, outlook groups, outlook, AND teams to get to files stored in and out of my office 365 groups, oh and lens can only scan to my aad onedrive, not a group. no messages cant pass between exchange, yammer, teams, and skype, except when they sometimes do poorly between teams and skype (for business of course, not skype.) why is outlook groups the only app with a follow button. from why when i follow an office 365 group team site document library (what should be called a group onedrive!!!) does it NOT show up in either onedrive nor sharepoint. why is the follow button different in teams, outlook groups, and the sharepoint web interface! yes there is a desktop teams app, but its really a copy of chrome without any chrome running web app locally on your computer, using at technology called electron which packages a client version of a javascript engine repackaged as a server repackaged as a client. i digress. but its sure not .net. and yes they use chrome, not edge. which isnt internet explorer. nor file explorer.

hacker news user basch

Now that Windows is now being delivered as a service, and you can buy such a thing as a Microsoft 365 license in Office 365, the ambiguity of all of this is sure to only get more preposterous (Microsoft 365 Business includes an upgrade to Windows 10 Pro but not the base license itself for whatever that is called these days exactly?)

ZDnet says “Don’t let the alphabet soup of acronyms here intimidate you. E3, E5, A1, K1, etc. are all plan designations carried over primarily from Office 365.” oh good, we all had a solid grasp on what they meant there so no worries.

It all makes me think of that classic Bill Gates email rant from 2003 about the hassle of installing Windows Movie Maker. He knew it then, that something is seriously wrong with the branding and product lines of Windows. I resent that I have to keep up with Microsoft’s whims and continue to push and support their absolutely asinine products.

December 12, 2018

Cisco Catalyst not passing traffic after upgrade

Filed under: Uncategorized — Tags: — npd @ 8:37 am

I typically go onsite for switch software updates. They’re just about the only thing that I don’t have a good failback mechanism for in most of the networking stacks that I support. If a host server update fails, I can reset it through iLO or iDRAC. If a firewall update fails, I mostly have High Availability configurations so a single failure won’t ruin my night. However, I always am present for Cisco Catalyst updates. The failure scenarios are too many, and my recovery options too few. 

This past Friday I was doing a simple update, from 15.1 to 15.2.4(E6) on a pair of non-stacked Catalyst 2960X’s. I’d done two previous updates on this environment without issue, and after my onsite maintenance windows had been delayed a few times, I had to just schedule it to be done remotely. What could go wrong?

I backed up all my configurations and downloaded the latest Cisco-recommended software on my switch, set it to /overwrite and /reload. I watched the upgrade status proceeding normally, remembering that there is often a long period where the switch is unresponsive due to console display errors during upgrades. Then I saw it start to reboot. And I waited.

After 20 minutes my remote session didn’t come back up. I connected to the VPN and found that I could ping and ssh to the switch, but couldn’t ping any connected network devices. Logging in to the switch and running terminal monitor I started looking for what the problem could be. show ver shows me that the upgrade was successful. I can ping other switches and servers from inside this switch. So what’s wrong?

After a few minutes, the following message comes up in the terminal:

%ILET-1-DEVICE_AUTHENTICATION_FAIL: The FlexStack Module inserted in 
this switch may not have been manufactured by Cisco or with Cisco's
authorization. If your use of this product is the cause of a support
issue, Cisco may deny operation of the product, support under your
warranty or under a Cisco technical support program such as
Smartnet. Please contact Cisco's Technical Assistance Center for
more information.

But I’m not using any FlexStack modules, and all my hardware is legitimate. What’s going on? I search this message in Cisco support forums and find the link to Bug ID CSCur56395. Which states:

If this issue is seen AFTER UPGRADE, then hard power-cycle is required

Great.

You can try a reload but this won’t work. You can try a downgrade back to the previous version, but I don’t know if this will work (let me know if it does). Seemed too risky to me, and I’ve never done it, hope to try it in the lab if I can recreate the issue. In my case I had to call a coworker who lives nearby to go onsite and power the switch down. 

Sorry if you read this far hoping for a quick solution to this problem. Time to call your datacenter smart hands, or lace up your boots and head onsite yourself. If you are lucky, you are onsite already, laptop balanced on top of the KVM, reading this post, in which case you are very lucky! Just unplug the switch for 5 minutes, do some stretches, plug it back in, and all will be well again.

Postmortem notes for next time:

  • My hosts should be balanced between switches. Fix that next time I’m onsite. This outage wouldn’t have required repair at 11pm on a Friday if the host had just failed over to the other switch.
  • UPS should have had a network card in it. Not sure I would have done it in this scenario, but in some cases it would be helpful to be able to reset one of the power banks in the UPS using telnet from inside the failed switch. In this case there was no management card in the switch, and I would rather not risk a dirty shutdown of Exchange. But had I been prepared for this, I could arrange servers and switches accordingly into each of the APC’s power banks to minimize unsafe shutdowns while still allowing remote reboots.

Powered by WordPress