Service design change: DNS search suffixes

Managed Workstation service design change: DNS search suffixes

What and When

We’ll be making a change to all managed workstations over a period of a week, in increasing numbers of computers. A few will get this change Friday night 9/30, more Monday night, and so on. Every managed workstation get this change by 10/7.

In the past, we’ve provided configuration of a setting which gives managed workstations a hint to address the situation where a user doesn’t provide a fully qualified name for a server they want to connect to. We are no longer providing that configuration.

This configuration setting is called the DNS search suffix.

We’ll be removing this configuration. By removing our configuration, we open the door for this setting to be managed on each computer with different values. Prior to this change users could not manage this setting themselves.

What you need to do

You may find you need to fully qualify server names, e.g. enter “homer.u.washington.edu” instead of just “homer”.

Alternatively, you may wish to customize the DNS search suffix setting on your computer. To do so, you may wish to consult one of these websites for instructions:
https://technet.microsoft.com/en-us/library/bb847901(v=exchg.150).aspx
http://www.computerstepbystep.com/dns-suffix-search-list.html

If you do customize this setting on your computer, keep in mind that you are maintaining it.

More info

We are no longer providing this configuration for a number of reasons that include:

There is no technical reason why this setting needs to be configured across all managed workstations. This setting is a usability feature. If users don’t want to enter fully qualified server names, this setting is best left maintained by each user to the values they desire.
When someone enters a non-fully qualified server name, each DNS suffix “hint” in this setting is tried until a potential match is found. This means that attempts to contact a server can be significantly delayed while each possible suffix is tried. This also means DNS servers get spurious queries for servers which don’t actually exist. Put simply, this setting is a highly inefficient way of helping users who don’t wish to fully qualify server names. Most people don’t know that they are relying on this setting, and that their reliance on this setting might actually be causing slow behavior they don’t like.
The setting has a hard limit in terms of how many DNS suffixes can be included. When this setting is managed centrally, hard decisions must be made about which DNS suffixes are included. The UW has an unusually large number of DNS domains compared to other organizations, and over the years we’ve had to turn down many DNS suffixes in the interest of serving the broadest set of customers. Removing ourselves from being in the middle of managing this setting seems like the most responsible choice.
Configuring this setting does add some small delay to boot and logon time, so removing it speeds things up.

The DNS suffixes that we previously configured for this setting are:
clients.nebula2.washington.edu
nebula2.washington.edu
nebula.washington.edu
cac.washington.edu
u.washington.edu
admin.washington.edu
washington.edu
exchange.washington.edu

Brian Arkills
Managed Workstation service owner

Service design change: Default domain

Managed Workstation service design change: Default domain

What and When

Each Windows computer has a setting called the default domain which determines which Windows domain the computer’s logon interface defaults to for user logon. This setting is relevant for Windows 7 or older computers, but doesn’t mean much on newer versions of Windows.

We will be configuring this setting to be NETID, to help encourage users still logging into NEBULA2 to make the switch we’ve been asking for.

What you need to do

After this change, users on Windows 7 computers who were previously logging into NEBULA2 may log into NETID. If they have never previously done this and/or have never configured their desktop profile for their NETID user account, they may be alarmed because it appears that many items have gone missing.

They will need to go through the steps documented at https://it.uw.edu/wares/nebula/adding-users/changing-to-netid-logins/#restore to move the missing items over to their NETID user profile.

More info

Users can override the default domain and continue to login using their NEBULA2 user account, but this is discouraged. At this time, less than 350 NEBULA2 user accounts are still active and the vast majority of customers are using their NETID user account. We do plan to turn off the NEBULA2 domain in April 2017, so customers still using their NEBULA2 user account should take this opportunity to switch.

Brian Arkills
Managed Workstation service owner

Change in printer support

As many of you may be aware UW-IT retired the Computer Maintenance Group (CMG) back in June, 2014. This group provided printer support for the Seattle campus including MWS customers until June, 2014. Since the retirement of the Computer Maintenance Group we have continued helping intermittently with printer issues for some of our customers. As of today, the Managed Workstation Service will no longer provide printer support. By stopping this support we are keeping with UW-IT’s mission to provide technology services in line with the University’s priorities.

Ceasing this support is in line with UW-IT’s mission to support the University’s environmental and sustainability initiatives, in this case, UW Managed Print Services.

If you need assistance installing, uninstalling or troubleshooting a printer there are written instructions available on our IT Connect site: https://it.uw.edu/wares/nebula/other-it-services-and-help/printing/.

Below are some printer options in the event you have a printer that needs to be serviced:

UW Managed Print Services

UW Managed Print Services is available for a monthly fee, and includes equipment (multi-functional devices that can copy, print, scan and fax), supplies (except paper) and service from Ricoh. See http://f2.washington.edu/mps/.

Local Computer and Printer Repair Shops

Departments can work directly with the following local vendors with which UW-IT has historically had good working relationships:
Xerox Printers: Integrity Business Systems; 888-840-0844
HP Printer repair: CPR Computer and Printer Repair;cprnw.com/hewlettpackard.htm; 1-800-955-4075
Computer Repair: Up Time Technology (on N 45^th)) uptimetech.com; 206-547-1817.

Please send an e-mail to help@uw.edu if you have any other questions.

On-going Problems H: and I: Drives

Last month we experienced a significant incident where the server infrastructure behind H:\ and I:\groups was unable to accept new connections. We applied a workaround, moving all user home directories and group directories to new server infrastructure, which also has much newer software, before we had completed testing and validation. Since then, we’ve had a series of smaller, intermittent incidents, the continuing nature of which makes them all the more frustrating. Work to identify the cause(s) of these issues and resolve them continues. We are also looking at alternatives, including changing the underlying technologies in use. As we’ve seen, however, such changes can have undesirable impacts of their own.

Managed Work Station FY17 Rates

FY17 rates for Managed Workstation services are now available.

As of 7/1/2016 the new FY17 rates for Managed Workstation service have been approved by Management Accounting & Analysis (MAA). MAA provides final approval of rates for all cost-recovery centers at the UW.

The rates are:

* Managed Workstation rate: $34.50/desktop/month

* Managed Workstation file storage: $.15/GB/month

* Windows File Storage: $.37/GB/month

* Consulting Services: $98.50 Hour

If you haven’t provided an eligibility group that you manage for your department, you really need to do that. Contacts for Managed Workstation departments should contact us to transition from the temporary eligibility groups we created on your behalf last summer. To see whether you still have a temporary eligibility group visit https://support.nebula.washington.edu/myIT/myNebulaDepartments.aspx. If the group listed starts with u_nebula_temp then you need to take action. This allows you to tell us who your active users are.

If you have any questions or concerns, please contact me.

Managed Workstation service will update MyIT pages that provide estimated costs with FY17 rates soon.

Managed Workstation H: and I:\groups troubles

On 6/15/2016, we experienced a significant incident where the server infrastructure behind H:\ and I:\groups was unable to accept new connections. The cause of that incident is now understood. We applied a workaround of moving the 90% of file directories that were affected by this incident to new server infrastructure, which was already in use for 10% of our file directories. As mentioned at the time, we were hesitant to make that change because we weren’t fully confident that the new server infrastructure was ready for a bigger load, but at the time it appeared to be the quickest and best way to restore service.

Since then, we’ve had a series of incidents that were smaller in scope. This is because one of the 4 new servers continues to have problems, which seems to be tied to something that happens in the very early morning. The other 3 new servers don’t experience these same problems, and the incidents since 6/15 have only affected the same set of customers that leverage the 1/4 of file directories hosted by that one server. Those recurring incidents do not prevent new connections like the 6/15 incident, instead there is a slow degradation of performance to the point where it is very noticeable. The eOutage messages sent about those incidents have been pretty generic, so we thought it important to provide more detail than what has been communicated via eOutage.

We recognize that these continuing problems are impactful and undesirable, and continue to work hard to identify what is causing those problems and to seek solutions.

As we explore solutions we are also trying to limit any undesirable impacts from changes, but we recognize that moving too slowly isn’t acceptable. As we try to move quickly, we are making some changes that we’d normally move more slowly on, with more customer notification.

We really appreciate your patience with us, and please know that we continue to work hard to provide a reliable service that meets your needs.

OUTAGE: H:, I:\groups, i:\snapshots

We are in the process of applying a workaround to resolve this incident.

The workaround involves a change we had planned to make in the future to upgrade the server infrastructure behind these file services. We’ve moved one large customer over to this new infrastructure already, and had planned to move another before moving all customers. That timeline is accelerating to now because the new server infrastructure is not affected by the cause of this incident.

One of the reasons we had wanted a slower timeline was to ensure we had settings tuned and adequate capacity to minimize the impact of this change. So there may be some minor issues after we’ve finished swinging everything over to the new server infrastructure, which we’ll address as issues arise.

In our initial testing of this change, we’ve seen that some client computers need a reboot to figure out the new underlying server location. In our testing that was around 10% of client computers, and is tied to information cached on the client computer so isn’t something we can easily be fixed other than with a reboot.

Group directories (i:\groups) are in the process of being moved now and should be available again in the next 15 to 30 minutes. Home directories will be moved after that, but there is another incident with a service we depend on which may affect our ability to quickly redirect home directories. So at this time, we don’t have an ETA for restoration of home directories.

Disabling Nebula2 user accounts

We have begun disabling unused NEBULA2 user accounts.

This does not relate to eligibility groups, nor will it result in the loss of any Nebula services – it is only about whether your NEBULA2 user account is enabled or disabled.

What and when:

The disabling of unused NEBULA2 accounts begins today. If your NEBULA2 account hasn’t been used in more than 37 days, it will be disabled.

What you need to do:

If your NEBULA2 account has not been used recently, this is a courtesy notice. If, for some reason, you still need your NEBULA2 user account, you can re-enable your account by going to the UW Groups Service at:

https://groups.uw.edu/group/3b253114a3444fe5a5f7d1f5d9bc831a/member,

Follow the steps below:

In the “Add members” box type in your UW NetID
Click on “Do it”

Your NEBULA2 account will be re-enabled within 1 hour and it will have the same password as it did previously.

More info:

For more information, please refer to https://it.uw.edu/wares/nebula/adding-users/nebula2-user-disables/

If you have any questions or concerns, please contact the UW-IT Service Center via help@uw.edu.

RE: Microsoft Infrastructure documentation migration/consolidation

I’m back to report that this work is complete. All www.netid.washington.edu pages have a redirect to the new IT Connect location. If you have bookmarks or links to www.netid pages, you can now update them.

Here is an orientation for the refactored documentation site:

Use of UWWI has been replaced. ‘UWWI user’ and ‘UWWI group’ has been replaced with NETID user and NETID group. Exceptions include a few pictures (hunting down source files) and references which are out of our direct control (e.g. the UW NetID Support Tool still uses “UWWI” so our documentation must continue to reflect that). Feel free to let us know about “UWWI” instances you think we missed. J
The Communications page notes how to get ahold of us for urgent issues, and introduces the service mailing lists and how to subscribe or unsubscribe. Child pages include an index of all the MI service documentation (including pages not in IT Connect), all service newsletters, and all service notifications (since 2012). In addition to being an archive, this provides a different way for service customers to keep in touch—instead of being on this mi-announce mailing list, you can monitor that location instead. I’d stress that the index page is a good way to find things quickly.
The Service Design page includes capability maps that outline what we provide and our thoughts about the future, the architecture guide, and policy documents. This is mostly content that IT staff might need to reference to find out how the service is designed. Some of this content has gotten minor updates, and I’ve noted gaps for future documentation. Documenting our Entra ID integration is the most notable gap.
The Other Help page includes content which is only indirectly related to the MI service. These are typically topics for which we are the subject matter experts for or where additional explanation or background will help the UW community. The venerable ‘Windows domain setup at UW’ document is a good example of the type of document here. Clearly separating these documents provides a clearer expectation boundary about how these documents relate to the MI service. The FAQ is under here and has gotten a topical re-organization and some pruning. If you haven’t seen the extensive Entra ID terminology part of that FAQ, it’s worth a look.
And then the rest of the top-level pages are aligned with the capabilities the MI service provides: Software, Authentication integration, Entra ID, and Delegated OUs.
- The MS product activation document is under a Software page in anticipation of other software capabilities being added to the MI service in the future.
- The LDAP configuration, Getting Started: NETID Trusts, and Firewalls with NETID domain are high volume documents under the Authentication integration page.
- The Entra ID tenant guidance and Entra ID Applications pages are high interest documents under the Entra ID page. I’d recommend reviewing these if you haven’t seen them.
- The Delegated OUs page has many child pages, too numerous to mention. It is worth pointing out that all capabilities which are constrained to OU customers are under here, things like DFS, AD-CS based certificates, and DDNS.

Brian Arkills

Microsoft Infrastructure Service Manager

UW-IT

From: Brian Arkills Sent: Thursday, April 28, 2016 3:15 PM To: ‘mi-announce@uw.edu’ <mi-announce@uw.edu> Subject: Microsoft Infrastructure documentation migration/consolidation

We’re combining our documentation into IT Connect. A few exceptions that don’t work well on that platform will remain in the UW-IT Wiki.

What and When:

Over the next several weeks, we will be migrating the Microsoft Infrastructure documentation into IT Connect (https://it.uw.edu). Our documentation will live under https://it.uw.edu/wares/msinf/.

Our content has been splattered across multiple locations, including a web hosting platform we run for ourselves. It doesn’t make sense for us to run something separate, and consolidating on IT Connect should improve discoverability of that content.

Related to the service rename previously announced, we’ve already moved most of the content that was previously in the UW-IT wiki space named UW Windows Infrastructure to the IT Connect location noted above.

What You Need to Do:

This notice is partly advisory so you know to expect some changes, but you may also have an action to take.

If you host links to our content or have bookmarked pages, you may want to update them. Where we can, we’ll put in page redirects to the new location and maintain those old pages for 3 months to facilitate this. Because this documentation migration is not complete and will span a couple week period, we’ll send another note when we’re done so you know when to do that activity.

More Information:

Unfortunately, not all of our content can move to IT Connect. A few things will need to be on the UW-IT Wiki platform. We’ll clearly link to those pages, have navigation aids from those pages back to IT Connect, and clearly note that this wiki space is an ancillary location. That ancillary UW-IT Wiki space is https://wiki.cac.washington.edu/display/MSINF/Microsoft+Infrastructure, and it’ll have things like request forms, the public proposals with analysis we’ve previously shared, and other documents with flexible editing needs.

The web location www.netid.washington.edu will retire in about 3 months. It served us nicely for 10 years. J

Brian Arkills

Microsoft Infrastructure Service Manager

UW-IT

20150929: Entra ID Help Desk Card

The Entra ID Help Desk Card is being implemented to help ensure users have an easy way to get assistance.

What and When:

Today the Help Desk Card capability in our Entra ID tenant is being enabled. When users click on the help icon in applications which support this, they’ll be presented with contact information which can allow them to easily get help.

The following information will be present:

UW IT

+1 (206) 221-5000

help@uw.edu

http://www.washington.edu/itconnect

What You Need to Do:

Nothing, this notice is informational only so you aren’t surprised by the change.

More Info:

Please refer to https://support.office.com/en-US/client/results?Shownav=true&lcid=1033&ns=O365ENTADMIN&version=15&ver=15&services=INTUNE_O365%2cYAMMER_EDU%2cSHAREPOINTWAC_EDU%2cMCOSTANDARD%2cSHAREPOINTSTANDARD_EDU%2cEXCHANGE_S_STANDARD&HelpID=O365E_CustomHelpDesk for more information about this capability.

Brian Arkills

UW Windows Infrastructure Service Manager