Tools Of The Trade: Moving To Office365

Getting to the cloud, specifically Office365 can be a challenge. You more than likely have hundreds if not thousands of mailboxes crammed full of user emails, network shares full of years of user documents, etc. Getting this into the cloud while respecting the business’ ability to work can be a challenge. Here are a couple of the tools I have found that are incredibly effective at helping meet these challenges. A couple of the “requirements” needed in my mind….

  • A cloud/hosted solution is ideal as this allows faster deployments instead of having to setup on-site/local resources to migrate.
  • Solution should be a “swiss army knife” in terms of out/in options for going between multiple clouds/providers/data types.
  • Affordable/scalable pricing.
  • Support to stand behind the migration product.
  • Abilities to incrementally sync data “up” so you don’t need to do everything at one time.
  • Some sort of CSV/script automation ability (who seriously wants to sit and manually do each mailbox 1 at a time?)

With those goals in mind, here are the 2 tools I use for migrations that have been very successful. One for email/mail data and the other for data/documents.

BitTitan’s Mailbox Migration
https://www.bittitan.com/products/migrationwiz/mailbox-migration

This is a great, flexible tool. You have lots of legacy/niche mail options (Lotus, Zimbra, etc.) and can go between many providers such as Gmail, O365, etc. Its cloud based so as quick as you can provide an admin account to grab the data it can begin migrating. A VERY useful component is the ability to incrementally sync the mailbox data and it has scheduling logic. This is very useful for cutover migrations, the week leading up every day you can sync mailbox data then cut MX records and sync remaining mail, no data loss and seamless process. I have also had very good accuracy in terms of no missing mail/lost items which other products I have had issues with.

Files To Go (ThinkScape)
http://www.thinkscape.com/SharePoint-Online-File-Migration-Tool

This is my goto tool when moving large quantities of network shares/user data to OneDrive/Sharepoint. My favorite feature is the pricing as its time based so you can buy it for 1-6 month increments which is very useful! It also mitigates long file names, file extension, character issues, etc. that can trip up an O365 migration. You can also do CSV file automation which really helps. It is an “on-prem” solution but the feature/functionality/cost tradeoff is worth it. Other tools can be extremely expensive whereas this is very cost effective. I believe it helps that a Microsoft O365 MVP actually wrote the product as it specifically gives the features most migration engineers care about.

Between those 2 tools, I have been able to successfully move the 2 main use cases in Office365 (email and documents) with minimal issues/cost. Hopefully that helps you as well.

Veeam Office365 Backup: Mailbox Processing Errors

Have been doing some testing with Veeam’s new Office365 Backup solution, so far pretty impressed. Did run into an interesting issue out of the box, we had some random mailbox processing errors such as:
– Failed to synchronize item changes. The operation has timed out.
– Async batch export failed with timeout.
– Mail item data export failed. There is an error in XML document.

Originally I just attributed this to “issues in the cloud” with EWS since Veeam uses this but after a day or so it became clear something else was happening here; as a safety net did some packet tracing in our firewall cluster to rule out potential security services causing the timeout. I did some additional testing and also spoke with Veeam support, their recommendation was to add the following line immediately after the <Archiver> tag in config.xml located in: C:\ProgramData\Veeam\Backup365

<Source WorkerThreads=”4″ BatchSize=”10″ BatchPart=”10″ BatchTimeout=”900″ BatchMaxItemSize=”5″ />

After adding this line and re-running the job it seems to have resolved the issue as all of our mailboxes are now backing up! Currently this issue was happening on build 1.0.0.912

Deploying Office365 ClickToRun Products

So Office click to run is the “new” deployment process for Office365 software. While a user could technically just “click and run” their own install they hopefully don’t have admin rights to do this and thus a more “enterprisey” deployment is needed, right?

First a few basics….

So lets begin……

  • I like to create folders in my root network share for each installation, O365 ClickToRun uses *xml configuration files to determine what and how the Suite gets installed. It is handy to separate this as you can limit installer to only do Skype for example. I usually do something like this:
    \\RandomPath\Office2016
    – Skype_64bit
    – NoOutlook_64bit
  • You need to save the Deployment tool (setup.exe) to the network path folder where it will be deployed. Example: \\RandomPath\Office2016\Skype_64bit\setup.exe
  • Now that we have it saved, we need to write a configuration.xml file that will live in the root with setup.exe that tells the installer what you want installed and what settings/options to push along. Below I’ll provide an example configuration which covers the basics:
    <Configuration>
      <Add SourcePath="\\Server\Share" OfficeClientEdition="32"  >
        <Product ID="O365ProPlusRetail">
          <Language ID="en-us" />
        </Product>
        <Product ID="VisioProRetail">
          <Language ID="en-us" />
        </Product>
      </Add>  
      <Updates Enabled="TRUE" UpdatePath="\\Server\Share" /> 
      <Display Level="None" AcceptEULA="TRUE" />  
    </Configuration>

    The sourcepath will be your UNC path to the install, client edition is either 32 or 64 depending. Product ID will be the product(s) you want to install, here things get a bit tricky. Microsoft has different “levels” of licensing in O365 that correspond to this so based on your licensing this will need to match, luckily they have a document that sort of attempts to help: https://support.microsoft.com/en-us/kb/2842297
    There was definitely some trial and error, if this setting is wrong and a user with different licensing attempts to login you will run into issues/errors so testing first is best. The other options are better described in this article: https://technet.microsoft.com/en-us/library/jj219426.aspx
    The article also mentions some Exclude parameters you can use to not install certain things, say for example no Outlook. Below I will provide some templates we use for various items….

  • Install Skype (64bit) Only For Use In A Terminal/Citrix Environment:
    <Configuration>
    <Add SourcePath=”\\RandomPath” OfficeClientEdition=”64″ >
    <Product ID=”LyncEntryRetail”>
    <Language ID=”en-us” />
    </Product>
    </Add>
    <Updates Enabled=”TRUE” UpdatePath=”\\RandomPath\Updates” />
    <Display Level=”None” AcceptEULA=”TRUE” />
    <Property Name=”SharedComputerLicensing” Value=”1″ />
    <Property Name=”PinIconsToTaskBar” Value=”FALSE” />
    </Configuration>
  • Install Visio (64bit)
    <Configuration>
    <Add SourcePath=”\\RandomPath” OfficeClientEdition=”64″ >
    <Product ID=”VisioProRetail”>
    <Language ID=”en-us” />
    </Product>
    </Add>
    <Updates Enabled=”TRUE” UpdatePath=”\\RandomPath\Updates” />
    <Display Level=”None” AcceptEULA=”TRUE” />
    <Property Name=”PinIconsToTaskBar” Value=”FALSE” />
    </Configuration>
  • Install Office 2013 (64bit), NO OUTLOOK
    <Configuration>
    <Add SourcePath=”\\RandomPath” OfficeClientEdition=”64″ >
    <Product ID=”O365ProPlusRetail”>
    <Language ID=”en-us” />
    <ExcludeApp ID=”Outlook” />
    </Product>
    <Product ID=”LyncEntryRetail”>
    <Language ID=”en-us” />
    </Product>
    </Add>
    <Updates Enabled=”TRUE” UpdatePath=”\\RandomPath\Updates” />
    <Display Level=”None” AcceptEULA=”TRUE” />
    </Configuration>

Once your xml file has been written to accommodate the needs, save the xml into the path where you saved your setup.exe file. Then run the following command:
\\RandomPath\setup.exe /download \\RandomPath\configuration.xml

The first section calls the location of setup.exe (Office Deploy Tool), next option triggers the download command which basically allows Office to go out, download the installers/packages for office and the last field points it at your configuration file so it knows what to configure/install.

Once this has been done, you can simply use same command but with the /configure command to install:

\\RandomPath\setup.exe /configure \\RandomPath\configuration.xml

That simple script above will deploy Office on the desired machine using your desired configuration data. Use Group Policy or 3rd party software deployment of choice at this point to mass deploy. 

A few gotchas/comments….

  • If you are deploying this on RDS/Terminal servers, you MUST have one of the following “desktop virtualization” entitlement licenses: ProPlus, Ent E3, Ent E4, Gov E3, Gov E4. You also MUST include Shared Computer Activation in the xml configuration file (see my example for RDS above)
    <Display Level=”None” AcceptEULA=”True” />
    <Property Name=”SharedComputerLicensing” Value=”1″ />
    Some of the Office suite sticks the licensing tokens in “not roaming profile friendly” locations so be prepared to test, Skype is a good example. You would think Microsoft’s own stuff would work well with roaming profiles in an RDS world but not so much.
  • Like most things Microsoft licensing, ProPlus and Shared Computer Activation is not pleasant. It will store a token in the user’s folders, have seen issues with it “expiring” or becoming corrupt causing licensing/activation issues with certain users. Keep in mind you have 5 “licenses” to use on various machines/PCs, Shared Activation should not count against this however. The server will need constant internet access to maintain licensing/activation as well, would be wise to ensure your internet gateway is allowing most IP/URLs that O365 uses as there are quite a few: https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2
    Office checks activation every 30 days so users need to have “phoned home” at least once in that time period to prevent Office going into “reduced functionality” mode.
  • If you are planning to work Office into an image, don’t sign in to the Office 365 portal to install Office 365 ProPlus from the software page. If you do, activation occurs automatically. After the installation is complete, don’t open any Office programs. If you open an Office program, you are prompted to sign-in and activate. Even if you don’t sign in and you close the Activate Office dialog box, a temporary product key is installed. You don’t want any kind of Office 365 ProPlus product key installed in your operating system image.
  • Should just plan on bookmarking this page as you will have some kind of “goofiness” over time with Office licensing, especially in a shared activation world: https://technet.microsoft.com/en-us/library/dn782859.aspx
  • We saw constant ongoing activation/login prompts on Skype For Business deployed in an RDS/Citrix environment. Appears some of the licensing tokens are kept in Local App Data instead of roaming so we did a “quick fix”. At logoff we basically copy the appdata in local to their roaming profile, then on login we copy it back so Skype “works”, not pretty but it works.
    #Copy Skype App Data To Roaming Profile
    xcopy “%LOCALAPPDATA%\Microsoft\Office\15.0” “%APPDATA%\SkypeConfig” /E /C /Y /I#Copy Skype Roaming Profile Data
    xcopy “%APPDATA%\SkypeConfig” “%LOCALAPPDATA%\Microsoft\Office\15.0” /E /C /Y /I
  • Had some situations where users would get “This feature has been disabled by your administrator”. This comes down to Online Content being disabled. Quick fix to restore:
    Windows Registry Editor Version 5.00
    [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Internet]
    “UseOnlineContent”=dword:00000002
    [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\SignIn]
    “SignInOptions”=dword:00000000
    More info: https://support.microsoft.com/en-us/kb/3039000

Overall the Click To Run technology is pretty nice, Microsoft could do things to further simplify the process but it is not too bad. The biggest challenges we have seen in a production setting have been Click To Run ProPlus licensing used in a Citrix/Terminal Server environment as you encounter licensing/activation with users. You also need to remain vigilant that a user is provided the “correct” licensed version of Office to use with the features they are licensed for!