OneDrive Full: Corporate Level Issue

Key Points:

Approaching SharePoint Site Storage Limit

Get access to user files from office admin portal

Storage Metrics

Delete all versions

In our Org we had allocated 150GB OneDrive space out of 5TB for all staff due to SOE constraints. However, one employee (Mr X, x.xyz)  has complained that he got a notification saying 'Approaching SharePoint Site Storage Limit'. After initial investigation we found that  his drive is full 100%. But it looks like it is not. We have attached a screenshot of a file 'Archive Aug16.pst which shows 92.4GB size but the actual size of that file is just 3.43GB (screenshot attached for ref.).

We identified and remediated this issue by following the below steps: 

Manage Site Owners if you as an owner doesn’t have access to the user profile

https://yourorg365-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/home

note: change yourorg365 to actual domain

more features > user profiles > open > manage user profiles > search user > manage site collection owners > add your name

Get access to files from office admin portal user

However, if you have retention policy applied then user won’t be able to delete these files after OneDrive becomes full

So, go to the compliance portal https://compliance.microsoft.com/?rfr=AdminCenter

Click Compliance

Show all >> information governance > retention > click ‘org defined retention - 7 years’ > Applies to content in these locations > Edit (OneDrive account) > OneDrive accounts > Exclude accounts > Click Exclude accounts > enter OneDrive URL https://yourorg365-my.sharepoint.com/personal/x_xyz_yourorg_com  and click done > Save

note: change yourorg365 to actual domain and x_xyz to actual user defined in your AD

Access user profile using office admin account

URL https://yourorg365-my.sharepoint.com/personal/x_xyz_yourorg_com

Click the settings icon 

 (seen at top right corner before your signed in account profile icon) and then click OneDrive Settings > Click More Settings > and under ‘Features and Storage’ click ‘Storage Metrics’

Select the file to be deleted under Site Settings > Storage Metrics > site collection and click ‘Version history’ (seen on right side of the selected file) and ten Delete All Versions. So in this scenario if you have 1GB single file, your OneDrive will show 35GB utilized because of 35 versions.

In fact we had approx.. 35 versions of the file in question.

Actual file shows 3.43 GB at the user end

At site collection storage metrics the same file shows over 92GB because of multiple versions of the same file (in our case we had over 32 versions)

Once you delete all versions you should also clean deleted files from recycle bin to see your OneDrive freeing up space.

site settings > Apps > Recycle Bin

Azure hosted VMs: VEEAM Backup Ports and MFA

Office 365 App ID, App secret and App Password Setup Guide for VEEAM Backup integration

Communication port requirement:

https://helpcenter.veeam.com/docs/vbo365/guide/vbo_used_ports.html?ver=40

..Read this blog post to learn how to start with multi-factor authentication enabled accounts in Veeam Backup for Microsoft Office 365.

MFA setup

https://www.veeam.com/blog/setup-multi-factor-authentication-office-365.html

https://www.veeam.com/veeam_modern_authentication_office_365_wpp.pdf

https://www.veeam.com/wp-modern-authentication-microsoft-office-v3.html

Verifying office365 account: https://portal.office.com/account

copy on-prem exchange mail flow receive connectors

how to copy on-prem exchange mail flow receive connectors to a new exchange server via powershell command

New-ReceiveConnector  -TransportRole FrontEnd "AppsDB Relay Connector" -Server **MEX01P -Bindings 0.0.0.0:25 -RemoteIPRanges ( Get-ReceiveConnector "**MV1MEX001\AppsDB Relay Connector" ).remoteIPRanges

Connectivity analyser

https://testconnectivity.microsoft.com/

Time sync reference client-server

Domain clients stopped syncing time with PDC

This morning, few users started reporting time miss-match between current time and laptop time/ member server time. 

try this command for syncing w32tm /config /syncfromflags:domhier /update executed from PDC, primary domain controller. Also make sure that the timeserver is fetching time from time.windows.com

To determine if a domain member is configured for domain time sync, examine the REG_SZ value at HKLM\System\CurrentControlSet\Services\W32Time\Parameters\Type. If it is set to "Nt5DS" then the computer is synchronizing time with the Active Directory time hierarchy.

Also, check from client machine via cmd prompt

net time \\’your domain name’

To check what was the last successful sync time

w32tm /query /status 

to see if there is time mismatch.

Exchange Online: How to enable your tenant for modern authentication

The Office 365 tenant/resource host (Exchange Online, SharePoint Online and Skype for Business Online) will need to be configured to accept a modern authentication connection. Here is the per service state of modern authentication by default :

• Exchange Online - ON by default.
• SharePoint Online - ON by default.
• Skype for Business Online - ON by default.

Steps

This article explains how to enable your Exchange Online tenant to support modern authentication.

1. Connect to Exchange Online using remote PowerShell: refer here ventej.blogspot.com
2. Run the following command:
• Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true
3. Verify that the change was successful by running the following:    
• Get-OrganizationConfig | ft name, *OAuth*

Ref: Microsoft article

Multiple credential prompts in the Outlook client

User Impact

Users may have received repeated credential prompts within the Outlook desktop client.

This issue only impacted customers using basic authentication. Customers were able to use Modern Authentication to mitigate impact for affected users; however, this process may have required several hours to take effect for some customers.

For some customers who have disabled Modern Authentication, there was a secondary issue that was causing the client to attempt to use Modern Authentication regardless of the setting.

Scope of Impact

This issue affected a subset of customers and users who were connecting to the service using basic authentication and utilized service-based search or a Focused inbox.

Incident Start Date and Time

Monday, May 4, 2020, at 7:00 AM UTC

Incident End Date and Time

Monday, May 11, 2020, at 5:05 AM UTC

Root Cause

A recent update to the Exchange Online service contained a code issue that caused repeated credential prompts for basic authentication users.

Glossary

Representation State Transfer (REST) – These APIs are service endpoints that support sets of HTTP operations, which provide, create, retrieve, update, or delete access to the service’s resources. More information can be found here - https://docs.microsoft.com/en-us/rest/api/azure/.

OAuth – Modern Authentication, an authentication protocol. More information can be found here - https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols.

Actions Taken (All times UTC)

Tuesday, May 5

4:00 AM – Telemetry indicates that this was when the deployment which triggered the regression was deployed. Support cases indicate credential prompts earlier than that, however, they may be isolated and not related to the regression exposed by this update.

1:43 PM – We received reports that customers were seeing credential prompts when trying to access Exchange Online using the Outlook client.  We started an investigation, but were unable to gather meaningful reproduction data.

Wednesday, May 6

3:28 PM – We determined that requests using OAuth 2.0 (Modern Authentication) were returning 401 errors, but that OAuth 2.0 wasn’t enabled.

6:50 PM – We concluded that the problem manifested in Representational State Transfer (REST). This service doesn’t support OAuth 2.0; with the Outlook client trying to use OAuth, credential prompts will appear.

7:20 PM – We reviewed recent changes to see if this may have disabled OAuth. We also discovered that this affects any user who used a service-based search or a Focused Inbox. Users with modern authentication wouldn’t have been affected.

11:38 PM – We found that the regression was exposed by a service update for Exchange Online. When a user makes an authentication request, the service is generating a value which is not correctly parsed, therefore not correctly validating OAuth 2.0 as expected. At this stage, the problematic change had reached 45% of customers worldwide. We stopped the change from reaching any more of the cloud, and started developing a fix.

Thursday, May 7

12:57 AM – We made sure that the fix was enabled in all build versions and updates, so that subsequent service updates would be streamlined with the fix, and prevent all future credential prompts. To make sure that the fix doesn’t impact the rest of the service, engineers estimated this would take approximately three days to complete development, testing and rollout.

2:21 AM – We finished developing the fix and started testing.

3:07 PM – We completed testing and prepared the fix for deployment.

7:39 PM – We started deploying the fix.

Friday, May 8

4:02 PM – The fix reached 33% completion.

Saturday, May 9

6:01 PM – The fix reached 86% completion.

Sunday, May 10

2:41 AM – The fix reached 92% completion.

Monday, May 11

5:05 AM – We confirmed that the fix had completed and declared the incident resolved.

Microsoft Next Steps

Findings	Action	Completion Date
A service update caused a regression which didn’t correctly validate OAuth 2.0 and caused users to experience repeated credential prompts under specific scenarios.	We're reviewing our update and validation procedures to prevent similar issues from reoccurring and to identify issues before initiating deployment.	June 2020
	We're reviewing our deployment and patching procedures to more quickly identify the source of impact and mitigate impact in a more timely fashion.
	We’re adding extra validation steps within our code to prevent this issue from happening again

Google Drive Recover Files

I accidentally deleted all files and folders from google drive when I switched from one laptop to another. What to do?

Nothing to worry or even we don’t have to try a one of the great third party software like www.easeus.com

All what you have to do is to restore files by yourself by just doing 3 simple steps:

Login to Google Drive and Restore from your Trash

Steps:

Open google chrome internet browser and go to drive.google.com/drive/trash

Login

Right-click the file you'd like to recover and Click Restore.