Add1son's Blog

A place for pondering, planning and projects

Skype For Business 2016 – Cutting out after 5 Seconds Fix

Skype For Business is a great tool and an adequate replacement for Lync within an enterprise environment.

After moving to O365 hosted exchange, a client had issues getting the cloud-based Skype For Business running on conference machines. The issue that was happening was 10-20 seconds into the call it would disconnect with no error message. The call would just close and that was all she wrote. These conference room machines were a part of the active directory environment of this client and did not have a local account login.

The issues had the following characteristics

  • Only occurs on conference room machines
  • Happens on Windows 10
  • Intermittent and random in occurrence.

This issue had me scratching my head for a little while considering the following solutions,

  • Perhaps network-based traffic QOS rules were needed given the offsite solution?
  • Maybe, bloatware was killing the connection?
  • Antivirus could be at fault?
  • Local windows firewall killing the connection?

None of the above ended up being the case and the root cause was found to be that users were not logging out and instead were clicking “switch user” which is a “fast user switching feature”.

Here is how you disable that!

  1. Open gpedit.msc and follow the following directory structure
  2. Local Computer Policy/Computer Configuration/Administrative Templates/System/Logon -> Hide Entry Points for Fast User Switching
  3. That’s it! Restart and apply group policy to verify it has been fixed

Extra credit would be creating a separate computer based OU within ADUC and apply the GPO server side for any user that logs onto these machines. This could save a considerable amount of time given the above instructions would require interaction with any communal / conference room computer that multiple users could be logged into at any given time.

How to make the most secure Windows Server ever!!1!

AKA – What to do if you install 2 antivirus products on one machine and RDP/Vsphere console are completely non-responsive.

Our guys at Symantec have done the footwork in the user forums to see if they could resolve the issue in this forum post.Boot into safe mode with networking on the Windows Hosts that you are working on by pressing F8 during the BIOS splash prior to boot. It is possible that your VM will breeze through the bios faster than you can click F8 during the boot sequence. If this is the case right click the VM -> Edit Settings -> Options -> Advanced -> Boot Options -> “Power on boot delay” -> Add millisecond value (e.g. 1000 for 1 full second)

Login to the server and after this use the following code to allow for an uninstall to be processed by the server. If multiple machines are having this issue save the following code into a .bat file and then place it in a network shared location and run it on each machine

REG ADD “HKLM\SYSTEM\CURRENTControlSet\Control\SafeBoot\Network\MSIServer” /VE /T REG_SZ /F /D “Server”
net start msiserver

At this point you will be able to uninstall the antivirus that is causing the issues and then restart your server and everything should be back up and running.

That concludes the How to portion of this post but the bigger question is how could this be avoided by the antivirus itself and/or does this occur with every antivirus? It surely would be interesting to see what products cause the most of this problem. Perhaps that will be a post for the future.

The title of this post was a bit tongue in cheek in that if not even IT staff is able to access a server it must be Fort Knox! One would think that if the primary goal is to secure a computer does that mean that the antivirus has failed in its goals or has it succeeded? It is interesting to me that an antivirus wouldn’t see another antivirus installing as being malicious or potentially causing harm. This opens a larger door in the balance between security and ease of use. Should an Antivirus product not allow you to access the sites of their competitors? This would make sure something like this wouldn’t happen but it also has the possibility to cause more issues than it is preventing.

Most people know not to install two copies of AV over one another but it does happen and most likely will continue to happen. This will also question the use of classic signature based AV in the sense that we are generally moving towards more innovative ways of capturing this sort of data in machine learning / AI integrated products. I will conclude this post with the question in that what if an AI was turned against itself in the form of having to AV products that were AI driven? Would we be in a worse spot than what inspired this blog post? Only time will tell.