Windows 10–1709 and OneDrive UX

OneDrive receives some well deserved attention in every upgrade of Windows 10. The road to an exciting user experience is paved with some hiccups, but once 1709 came around – most of the quirks were sorted out.

OneDrive is still seen in the system tray as two clouds (blue for OneDrive for Business and white for the personal edition). Spotting them in the task manager reveals a different confusion still.

image

image

One of the advocated new improvements is the ability to maintain sparse-files, or pointers, or – well, the point beeing; the file is not on disk and will only be retrieved from the cloud when needed (or requrested). The ability needs toggling under the Settings for each cloud (business or personal) and named Files On-Demand (or this can be enabled via group policy per machine)

image

Technically Files On-Demand is an attribute set for each file. The state is called Pinned or Unpinned and can be toggled via the “attrib” command. No idea why they chose to maintain an older command rather than enabling this via Powershell only.
To make files available offline; attrib -U +P /s

image

The end-user isn’t required to know this and can toggle the options from  right-click option when selecting any file or folder. The names aren’t the same, but rather offer a more end-user friendly name.

image

Applying the Free up space option will clearly show the progress of altering the attribute by saying Applying properties….

image

As a way to educate the user and offer a clear view of the state of any folder (offline, online, issues or syncing) there is a new column added (as opposed to the previous overlay on the icons) named Status. Personally this seems to be an improvement (allows for sorting for example).

image

Remember the system tray icons? A bit more useful this time around – if you left-click them once the following status will be shown.

OneDrive for Business

image

OneDrive

image

The reason for this write-up is based on the experience of migrating all OneDrive content to OneDrive for Business. Odd thing once I was completed. (1) is the OneDrive for Business and (2) is OneDrive. For some reason the consumption of data differs with just above 100gb. Where did this go? The below is from settings of the OneDrive-client.

image

Comparing the folder on disk looks like this shows that both are roughly 237gb – so this seems odd. Verifying online via the Manage Storage button shows some correct numbers and verifiying basic folder structure from the web-interface provides some additional confidence. Accessing the OneDrive for Business via the admin-center for Office 365 and spinning up the Reports for usage – shows that 8mb is currently consumed?

Are there any more ways to confirm how much data I got?

image

As OneDrive for Business is essentially a glorified interface for Sharepoint – there are certain limitations defined. There are restrictions on files both in OneDrive and OneDrive for Business, however OneDrive for Business has far more annoying limitations. Sample output to resolve the 181 conflicts – a number far lower than expected to be honest.

image

Note to self: WMI does not adhere to RPC-standards

Every single project…. every single firewall guy, and every single requirement list that I had to dig into…

Windows Management Traffic leverages the same ports as RPC traffic (TCP 135 for initial connection, and after that a random port within a defined port-range), however it does not adhere to the RPC specification and will therefore not be correctly identified by any firewall (yes, any firewall) as RPC traffic. Most firewalls tries to dynamically identify the specific port for the session within the dynamic range, however this requires that lots of things are RPC and not MSRPC.

Cisco wrote it pretty clearly;

As Microsoft switched from using pure RPC to use DCOM (ORPC) calls, those non-epm calls will be used more and more. Windows RPC/DCOM services use the RPC Endpoint Mapper to accept initial communications on port 135 and then dynamically transition to ports for the service.

Just open all the high-ports.

Checkpoint statement

Cisco statement

Troubleshoot:

Testing RPC ports with PowerShell (and yes, it’s as much fun as it sounds)

Wireshark-article if you ever need to troubleshoot

 

Office 365, App-V and Windows 10 – 1607

Oh, the joy of reusing technology. Office 365 leverages the App-V technology, however slightly modified and primarily used as a delivery method with no isolation. App-V in comparision is used more for its isolation and to be honest – not so much for its delivery mechanism.

In addition – since Windows 10 – 1607 the App-V client is now a Windows Feature.

Now, for fun – lets try these steps;

  1. Install Windows 10 – 1607
  2. Install any version of Office 365 ProPlus

Find a Visio drawing and open it. Most likely it will be opened with the Visio Viewer – which is a component part of Office 365 ProPlus. Visio Viewer is just an ActiveX component and will therefore load the drawing inside Internet Explorer 11.

image

let’s add a third-step to this process….

3. Open an elevated Powershell prompt and type Enable-AppV. Press the enter-key
image

Once you attempt to re-open the Visio-drawing you will most likely see a blank Internet Explorer-page instead of the Visio Viewer ActiveX component. The below is from a minimal window.

image

All Microsoft components and suddenly we have a break scenario? The details are actually clarified in a knowledgebase-article relating to Skype for Business, Internet Explorer and App-V;

By default, Explorer.exe and Internet Explorer are listed there. Therefore, when the iexplore.exe process runs, it has the APPVEntsubsystem32.dllloaded in Internet Explorer. When Office C2R detects that APPVEntsubsystem32.dll is loaded into Internet Explorer, it does not load jitv.dll or APPVISVSubsystem32.dll into Internet Explorer. As a result, there is no registry redirection support.
When the JavaScript that’s running in Internet Explorer tries to create any ActiveX objects that are part of the Office C2R package, that operation fails and the Office C2R and SharePoint integration are broken. Office C2R and App-V dynamic virtualization aren’t designed to co-exist; therefore, Office C2R disables Dynamic Virtualization when it detects that AppV client binaries are loaded in Internet Explorer to prevent double hooking.

The article unfortunately provides no fix for a Windows 10 – 1607 unless someone is wanting to decrease the feature set for App-V. Browsing the web allows a little gem to be spotted in the comment section of Dan Gough’s amazing blog – the comment is from an Andrew G:

and also there is a registry key suggested by MS:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClickToRun\OverRide
keyname=AllowJitvInAppvVirtualizedProcess (reg_dword)
keyvalue=1

Searching for this registry key on google presents only a few results (one spiceworks thread) are found. A hidden gem, I presume?

Add the registry key and immediately the Visio drawing can be opened without issues

image

2017-08-22 Update

According to Roy Essers – these registry keys will be automatically created on Windows 10 – 1703

Windows 10–1607–LinkedConnections

So, lots of things have to fall into place for this to take effect, but here we go….

If you have UAC enabled (in some form or another) and have users that are able to run in two different contexts (elevated and non-elevated) with the same user account – it means that they are local administrators on the device. It also means…

.. that if they map a network drive in one context it will not be visible in the other context by default.

Microsoft created the great Linked Connection which will automatically allow the mapping of a network drive to be visible in both contexts.

Well, since roughly October 2016 this stopped working if you were running Windows 10 – 1607 with the October 2016 patch, and the user was local administrator on the device and mapped a drive in one context and also expected the EnableLinkedConnections to provide a smooth user experience – it simply stopped working.

To add insult to injury – if you map a drive within a login-script; the default context is elevated so the non-elevated process (such as explorer.exe) will not show the mapped drive.

As far as I can tell this is not listed as a known defect. Therefore its not listed as a fixed defect in the March 2017 patch for Windows (so, october.. november… december.. 6 months in total in a non-working state). According to Google (oh, what a reliable source for anything named Microsoft) Windows 10 – 1607 was noted as Business Ready (Current Business Branch) since 29 November 2016.

image

Ready for business, eh? Well – at least one step further….

Group Policy Preference and Scheduled Tasks

For some reason it’s always the details in the basics that are the longest hurdle to get over. This particular topic is something that always needs to be re-googled before the last details are sorted out.

Purpose

To create a schedule task to either run as the system-account or the interactive user via Group Policy Preference.

The detail:

When resolving SYSTEM the normally resolved identity is BUILTIN\SYSTEM. Interactive is normally not able to resolve at all. This normally results in the following error client side when attempting to apply the Group Policy

‘0x80070534 No mapping between account names and security IDs was done.’

What should be done?

Click the Change User or Group and select the domain of your environment, and proceed to select the Builtin-container. This will resolve both Interactive (running in the user context of the logged on user) and system to NT Authority.

image

End-result;

image

or

image

MSI EXIT CODE 1935

If the Windows Installer engine fails with a generic exit code of 1935 – I usually spent a few hours troubleshooting the machine in pure nerdy interest. Here are a few tips gathered to save myself and hopefully someone else time.

Quite often the issue lies that you are chasing a red-herring. The error code you may get back is either a generic access denied or a file not found. Reviewing all the activity with Process Monitor quite seldom gives any direct hints as there are numerous red herrings that will lead one astray.

After 1h tracking this particular issue – gathering ones thoughts for the future seemed the easiest.

ERROR:Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.42",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64"'

 

In order of preference – try the following

Ensure that the folder C:\WINDOWS\WINSXS\TEMP and C:\WINDOWS\WINSXS\INSTALLTEMP exist and that the administrative group aswell as the system account has full access to it.

Run SFC /SCANNOW

Similiar posts;

One of possible solutions to: Visual C++ 2008 Redistributable installation error 1935 with HRESULT 0x8007005

Error 1935 when you try to install Microsoft Office 2010 or 2007

Troubleshooting 1935 and 2908 errors during installation

WMI Hotfixes for Windows 7 x64

##################################################
WMI
##################################################
You cannot overwrite an exported event log file by using the Wevtutil.exe tool in Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012
http://support.microsoft.com/kb/2797789/en-us
Files Updated:
Wevtsvc.dll
6.1.7601.22213
1,650,176
09-Jan-2013

Profile loading takes a long time due to full DFS namespace sync with PDC
http://support.microsoft.com/kb/2915094/en-us

Files Updated:
Profprov.dll
6.1.7601.22575
33,792
18-Jan-2014

Profsvc.dll
6.1.7601.22575
225,280
18-Jan-2014

Profsvc.ptxml
Not applicable
648
13-Jul-2009

Userprofilewmiprovider.mof
Not applicable
10,708
13-Jul-2009

High memory usage by the Svchost.exe process after you install Windows Management Framework 3.0 on a Windows-based computer
http://support.microsoft.com/kb/2889748
Files Updated:
Wmidcprv.dll
6.2.9200.16398
180,736
04-Jul-2013

Wmiprvsd.dll
6.2.9200.16706
724,992
26-Sep-2013

Wmiprvse.exe
6.2.9200.16398
432,128
04-Jul-2013

Wmidcprv.dll
6.2.9200.16398
180,736
09-Jul-2013

Wmiprvsd.dll
6.2.9200.20813
724,992
26-Sep-2013

Wmiprvse.exe
6.2.9200.16398
432,128
09-Jul-2013

Wmidcprv.dll
6.2.9200.16398
129,536
26-Sep-2013

Wmiprvse.exe
6.2.9200.16398
328,704
26-Sep-2013

Wmidcprv.dll
6.2.9200.16398
129,536
26-Sep-2013

Wmiprvse.exe
6.2.9200.16398
328,704

An update that prevents a “0xC0000034” error message when you try to install Windows 7 SP1, Windows Server 2008 R2 SP1, or Windows Embedded Standard 7 SP1 is available
http://support.microsoft.com/kb/2533552/en-us
Alot of files are updated

Forwarded events cannot be displayed in Event Viewer on a Windows 7 or Windows Server 2008 R2-based computer
http://support.microsoft.com/kb/2794427/en-us
Files Updated:
Wevtsvc.dll
6.1.7601.22213
1,650,176
09-Jan-2013

Wmiprvse.exe process crashes when you run a WMI script on a computer that is running Windows 7 or Windows Server 2008 R2
http://support.microsoft.com/kb/2833001/en-us
Files Updated:
Cimwin32.dll
6.1.7601.22296
2,059,264
10-Apr-2013

Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7
http://support.microsoft.com/kb/2617858
Files Updated:
Repdrvfs.dll
6.1.7601.21824
453,632
21-Sep-2011

An application or service that queries information about a failover cluster by using the WMI provider may experience low performance or a time-out exception
http://support.microsoft.com/kb/974930
Files Updated:
Clussvc.exe
6.1.7600.20517
4,579,840
28-Aug-2009

Cluswmi.dll
6.1.7600.20517
540,160
28-Aug-2009

Cluswmi.mof
Not Applicable
76,540
28-Aug-2009

Cluswmiuninstall.mof
Not Applicable
176
13-Jul-2009

Office 365 / 2013 and App-V – Exclude apps

With the latest release (June 5) of Office Deployment Tool there is the ability to exclude applications when creating a package. For example, if you don’t want to deploy – say Lync? – even though you are technically licensed for it.

How does it work?

Create your XML-file

The XML defines what product you want to deploy / create an App-V package for.

A reference can be found on Technet, with the entire list of all applications that can be excluded. Do note that each application you want to exclude is a new line within the XML-file

image

<Configuration>

<Add SourcePath="c:\media\" OfficeClientEdition="32" >
<Product ID="O365ProPlusRetail">
<Language ID="en-us" />
<ExcludeApp ID="Access" />
<ExcludeApp ID="InfoPath" />
<ExcludeApp ID="Lync" />
</Product>
</Add>
<Display Level="None" AcceptEULA="TRUE" />
<Property Name="AUTOACTIVATE" Value="1" />
</Configuration>

Run the command-line

Download source media;

 setup.exe /download c:\media\configuration.xml

Create the App-V package;

setup.exe /packager c:\media\configuration.xml c:\media\package

Now you have a package!

Just to deploy!

Remember, Office is only supported to be deployed as a global package when using App-V

 

Read more about this on Technet!

Office and its poor handling of slow-links

Office is and has been a core application for a quite a while within most Windows environments.  This is a small list of things that have been adopted to make the user experience better for users not located close to the file-servers, or articles that allow you to understand why things happens.

Slow network performance when you open a file that is located in a shared folder on a remote network computer
Known issues with Office if Desktop or My Documents is redirected
An Office program is slow or may appear to stop responding (hang) when you open a file from a network location
Excel workbooks may open slowly over the network
Slow performance when you browse the My Documents folder in the document library in Windows 7 or in Windows Server 2008 R2

and for the PST / OST-files;

Limits to using personal folders (.pst) files over LAN and WAN links
Network Stored PST files … don’t do it!

Access

Using a wan with ms-access? How fast, how far?