Tim D'Annecy

tdannecy@gmail.com

#Windows #Powershell

Here's a script that I'm using to roll out the Quest ODM agent on PCs in my environment that do not have access to the LAN. I used Atera Service Desk to deploy it for internet-only installation.

Agent install and hosting

This script requires that you download the Device Agent from the Quest Migration for Active Directory downloads page:

Once that's complete, you will need to upload the file to a publicly accessible file share. I used Azure Files to create a storage container and provide direct access to the file. This URI will be pointed to in the script, so you cannot use something like OneDrive or SharePoint without special configuration.

Script

Before running this script, you will need to change the following XXX values:

Function Invoke-ODM_Agent_Install {

	$InstallCheck = Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Quest\On Demand Migration For Active Directory\ODMAD_AD" -ErrorAction SilentlyContinue
  
  If ($null -eq $InstallCheck) {
    Write-Host 'Downloading ODM agent.' 
    $QuestODMMSIURI = 'XXX' # Change to use your own Azure Files URI
    $QuestODMdest = 'C:\Temp\ODM\QuestODM.msi' 
    Invoke-WebRequest -Uri $QuestODMMSIURI -OutFile (New-Item -Path $QuestODMdest -Force)

    Write-Host 'Installing ODM agent.'
    cmd /c "msiexec.exe /I `"C:\Temp\ODM\QuestODM.msi`" /qn SERVICEURL=https://us.odmad.quest-on-demand.com/api/ADM AUTHKEY=XXX" # Change to use your own authkey from Quest
    Write-Host 'Finished installing ODM agent.' 
  }
  ElseIf ($null -ne $InstallCheck) {
    Write-Host 'ODM agent is already installed.'
  }
  Else {
    Write-Host 'ERROR!' 
  }

}

Invoke-ODM_Agent_Install

#telephony

Call Monitoring or call shadowing is a feature offered by Ringcentral that allows specified users to silently join other users' ongoing calls.

This functionality is desired for training and call center environments and is intended for managers or supervisors to listen in on ongoing calls between agents and external customers.

Prerequisites

Before enabling this feature, you must have the following in your environment:

  • At least 2 users.
  • At most 100 users.
  • All users must be licensed with an MVP Premium account.
  • All users must have a call out number associated with their extension.

There are two user roles for this workflow that are admin-managed from the Ringcentral web dashboard:

  • “Can Monitor”: A user with this role can join an ongoing call of any user in the “Can be Monitored” group. I will refer to these users as “managers” in this guide.
  • “Can be Monitored”: A user with this role can have any ongoing call joined by users in the “Can Monitor” group without immediate notification that this is occurring. I will refer to these users as “agents” in this guide.

I will refer to the third party callers as “customers” in this guide.

Notifications

After adding a user to the “Can be Monitored” group, they will receive the following notification email:

There doesn't appear to be a way to suppress this notification.

Create the Call Monitoring group

  1. Login to Ringcentral with an admin account.

  2. Navigate to Phone System > Groups > Call Monitoring and click + New Call Monitoring

  3. Enter a name for the Call Monitoring group. This will not be displayed to users.

  4. After entering the name, expand the “Group Members” setting. Select at least one user for “Can Monitor” and at least one other user for “Can be Monitored”. (Note: I was unable to have the same user in both categories, so a user seems to only be able to use one or the other):

  5. Save these group settings and return to the main Ringcentral view.

“Can Monitor” user setup

After the admin stuff has been completed, the manager with the “Can Monitor” role must do the following:

  1. Open the Ringcentral web or desktop app and login with their user account.

  2. Click on the “Settings” icon at the bottom left. Click on “Phone”.

  3. In the “Phone” menu, scroll down to the Heads-Up Display (HUD) section and enable the HUD by flipping the switch:

  4. Save the settings, accept the notification, and return to the main Ringcentral view.

  5. From the main Ringcental view, click on the “Phone” icon.

  6. Under the “HUD” section, click on “Extensions”. Click on the “Add an extension” button:

  7. Type the name of the “Can be Monitored” user(s) and then click the Add button:

Monitoring a call

After the admin and user changes are made, the “Can Monitor” manager can then monitor when a “Can be Monitored” agent is in an active call using these steps:

  1. The “Can Monitor” user must open the Ringcentral web or desktop app and login using their user account.

  2. Navigate to “Phone > HUD” and join the call by hovering over and clicking on “Monitor Call”:

From there, there are several tools that the “Can Monitor” manager can employ:

  • Call whisper: Talk to the “Can be Monitored” agent without the customer hearing.

  • Call barge: Talk to all parties on the line. This is like a conference call.

  • Call takeover: Drops the “Can be Monitored” agent from the call, leaving the manager and the customer on the line.

  • Call recording: Begins a recording session with no notice to the customer or the agent. These recordings are stored in the “Call history” tab in the Phone section of the Ringcentral web or app interface.

#telephony #Windows

Ringcentral requires audio files to be saved as .mp3 files.

To do this, you'll need to convert your audio that you recorded in the Voice Recorder from .m4a into .mp3 using the app Audacity and the ffmpeg plugin. Audacity and ffmpeg are open source programs that can convert audio into different formats. Audacity is the main program and ffmpeg is an extension that Audacity uses to open .m4a files.

Install Audacity and the ffmpeg extension

Before you'll be able to convert the file, follow these steps to get Audacity and ffmpeg set up on your computer:

  1. Download the Audacity installer: https://github.com/audacity/audacity/releases/download/Audacity-3.1.2/audacity-win-3.1.2-64bit.exe
  2. Run the file and install Audacity with default settings: image-20211130111005914
  3. Navigate to the ffmpeg downloader page: https://lame.buanzo.org/ffmpeg64audacity.php
  4. Click on the link for the ffmpeg v.2.2.2 installer: image-20211130111421621
  5. Run the file and install ffmpeg with default settings: image-20211130111510466

Convert your audio file

After the setup is complete for both apps, follow these steps to convert your audio file:

  1. Open Audacity and navigate to File > Open and select your .m4a file: image-20211130111754961
  2. Navigate to File > Export > Export as MP3: image-20211130111904955
  3. Choose where you want to save the file and leave all options as default. Click the Save button: image-20211130112121743
  4. Leave the export options as default. Click the OK button: image-20211130112225196

After the window closes, your conversion will be complete. You can close Audacity without saving the file.

Navigate to the location where you saved the .mp3 file and upload it to Ringcentral.

#Sharepoint

I am creating an onboarding/new hire Sharepoint List at one of my clients and wanted to display a column/field only if a box is checked.

To do this, I created two columns:

  • ReplacementHire = Boolean Yes/No checkbox

  • PreviousUser = Text field

I wanted the PreviousUser field to only appear if the ReplacementHire box is checked.

To do this, I opened my Sharepoint List and did the following steps:

  1. Click on the New button on the left side of the page.

  2. In the Form view, click on the book/edit icon at the top right and click “Edit columns”

  1. Click on the three dots next to the column that you want to hide. Click “Edit conditional formula”

  1. In the popup window, paste in the following: =if([$ReplacementHire] == true, 'true', 'false') From what I gather, the if statement reads, if the box is checked (true), then 'true' (meaning display the field), else 'false' (if not, hide the field).

  2. Click OK and then Save. Refresh the page and test.

There was also some headache in the field/column name. What you typed in originally for the column name will be the “anchor” or name in the URL.

To get this anchor, do the following:

  1. Navigate to the Sharepoint site, click on Site Contents.

  2. Find the form, click on the three dots, and click Settings.

  3. On the Settings page, click on the column title under the Columns section.

  4. On the Column setting page, check the URL in your browser for anything after &Field= This info will be the “anchor” that you use for the =if([$anchor] == true, 'true', 'false') in the Conditional Format window.

Just putting this here for my future reference.

#telephony

If you're setting up a phone or faxing system, you're going to need to make test calls and faxes to verify that things are working.

I wanted to write down the test numbers that I've used that are working as of 2021-Nov-12.

Phone numbers with voice utilities

These numbers can be called and have tools that can test functionality or connection issues with your phone.

Initial list from https://shaun.net/resources/test-phone-numbers/ and https://thetestcall.blogspot.com/

Country Number Note
Canada +1 416 342 9562 Voice echo
Canada +1 250 412 5922 Voice echo
Ireland +353 1 687 7776 Voice echo
United Kingdom +44 20 8759 9036 Caller ID check
United Kingdom +44 20 3026 4621 Voice echo
United States +1 800 444 4444 Caller ID check
United States +1 213 621 0002 Test tone
United States +1 631 791 8378 Voice echo
United States +1 510 315 1211 Voice echo and callback
United States +1 802 359 9100 Voice echo and latency check

Phone numbers for simple call placement

These numbers can be used to test a successful call placement, without any utilities.

Phone numbers with texting utilities

These numbers can be used to test texting functionality.

Country Number Note
United States +1 650 456 4556 US to US only – SMS/MMS echo
United States http://www.smseverywhere.com/send.htm Test SMS

Fax numbers with utilities

These numbers can be faxed to or from to test the functionality of your faxing system.

Country Number Note
Australia +61 1300 368 999 Send to and receive receipt confirmation back
Australia +61 0396 400 999 Send to and receive receipt confirmation back
United States +1 888 473 2963 Send to and receive receipt confirmation back
United States +1 855 392 2666 Send to and receive receipt confirmation back
United States +1 650 530 9014 Send to and receive receipt confirmation back
United States +1 855 330 1239 Send to and check quality on https://www.faxtoy.net/
United States +1 213 294 2943 Send to and check quality on https://www.faxtoy.net/
United States https://faxzero.com/ Send fax and test receipt

#networking

A company I'm working with is using a Neat Bar [A] and Neat Pad [A] for Zoom calling. They also use Meraki network devices for wireless (MR 42) and switching (MS 250).

As explained in the Neat documentation [A], the Neat Pad and Bar cannot continue through the setup screen when using Meraki devices with default options for DHCP.

In our environment, we have a wireless SSID that is set to bridge clients to a Wireless VLAN subnet. This SID is using a Pre-Shared Key (PSK), it's not hidden, and is using both 2.4ghz and 5ghz bands with band steering. The DHCP server is running on the Switch Virtual Interface (SVI) configured on the Wireless VLAN subnet.

When trying to connect the Neat Pad and Bar to this SSID, the setup screen allows them to connect, but it say that it's not connected to the internet. The workaround for this is to configure the DHCP options in the SVI to include an NTP time server IP.

The steps are as follows:

  1. Open the Meraki dashboard in a browser.

  2. Navigate to Switch > Routing & DHCP:

  3. Click on the row to open up the Switch Interface config:

  4. In the section “DHCP options”, click the “Add a DHCP option” button. Select “NTP Server (42)”. Copy/paste in one of the direct IPs from the NIST Internet Time Servers page: https://tf.nist.gov/tf-cgi/servers.cgi

After that, you might need to reboot the Neat devices, but the Neat Pad screen should say that the wireless connection has internet access and allow you to continue the setup.

#Windows #HyperV #todo

I tried setting up a new Windows 10 VM in Hyper V with default options, but I sometime receive the following error when going thru the installation:

Windows cannot find the Microsoft Software License Terms. Make sure the installation sources are valid and restart the installation.

I thought it was an issue with my Windows 10 ISO, but the MD5 checked out OK.

I found that the fix is to change the Minimum Ram setting in the Dynamic Memory option from 512 MB to something like 1024 MB and it boots up OK.

#networking

I just upgraded to Google Fiber 2Gig and there doesn't seem to be much documentation about what each of the ports mean on the two devices that they provided:

I was able to find some FCC documents about each:

I contacted Google Support and got as much info as I could.

Google Multi-Gig Router ports

Google Multi-Gig Router ports

I have the model number GFRG300. There are 1 RJ-11 port, 5 RJ-45 ports, 1 USB port, and one SFP+ port. Starting from the top:

  • Green RJ-11 port with phone handset icon: Line for VOIP phone

  • 3 yellow RJ-45 ports with arrow icons: 1 gbps LAN ports. (Ports intended for devices connected to LAN, e.g. PCs, NASes)

  • Red RJ-45 port with globe icon: Secondary copper WAN connection. Unknown speed. Google Support stated that Router does not support dual WAN uplinks. (Port intended for setups where direct ONT fiber connection is not available and requires a modem and copper RJ-45 for uplink. Not intended for LAN connections. )

  • Bronze/copper RJ-45 port with the text “10” and arrow icons: 10gbps LAN port. (Port intended for a multi-gig switch or the Wifi Mesh Tri-Band Extender.)

  • Blue USB port: Intended for tech-support/troubleshooting service. Google Support stated there is no network connectivity supported over USB.

  • Silver SFP+ port with globe icon: 10gbps SFP port for WAN uplink. Google Support could not provide if this was an SFP or SFP+ port, but it's probably SFP+. (Port intended as uplink using fiber SFP module for connection to ONT.)

Google Wifi Tri-Band Mesh Extender with Wifi 6

Google Wifi Tri-Band Mesh Extender with Wifi 6 ports

I have the model number GFEX310. There are two RJ-45 ports and one USB port on the back of this device.

Going from left to right:

  • Black USB port: Intended for tech-support/troubleshooting service. Google Support stated there is no network connectivity supported over USB.

  • Yellow RJ-45 port with arrow icons: 1gbps LAN port (intended for LAN pass thru for wired devices)

  • Blue RJ-45 port with arrow icons and globe icon: 1gbps LAN port (intended for wired connection to upstream router or switch)

#Windows #Azure

If you've deployed an Azure VM and did not enable the “Login with AAD credentials”, option, you can enable sign in using Azure Active Directory credentials later using Cloud Shell with this command in Azure CLI:

az vm extension set \
--publisher Microsoft.Azure.ActiveDirectory \
--name AADLoginForWindows \
--resource-group ResourceGroup \
--vm-name VMName

After running that command, you'll need to add an entry to the local group to allow interactive sign in using RDP. The extension doesn't add this permission and you will need to do it manually, running this command in a remote Powershell:

net localgroup "remote desktop users" /add "AzureAD\user@domain.com"

You will also need to add 2 lines the RDP file downloaded from the “Connect” tab so that you can connect without issues:

enablecredsspsupport:i:0
authentication level:i:2

After connecting to the VM using RDP, you will also need to disable network-level authentication from Control Panel.

In the background, the extension will change the Join Type of the VM to “Azure AD Joined” and your Devices blade will update with that information after a couple of minutes.

No need to re-create the VM.

Just putting this here for my notes.

#Windows #Powershell #Meraki

I wrote up a quick and dirty Powershell script today that adds a split-tunnel VPN connection, asks the user for connection info, dials the connection, then configures static routes.

# Add-MerakiVPN.ps1
# Creates a split-tunnel VPN connection and adds static routes.
# Tim D'Annecy 2021-09-08

function Add-MerakiVPN {
 
    $ServerAddress = 'blahblahblah.dynamic-m.com' # Change this value to match your Meraki hostname
    $ConnectionName = 'Meraki VPN'
    $PresharedKey = 'blah' # Change this value

    Add-VpnConnection `
        -Name $ConnectionName `
        -ServerAddress $ServerAddress `
        -TunnelType L2tp `
        -EncryptionLevel Optional `
        -SplitTunneling `
        -AllUserConnection `
        -L2tpPsk $PresharedKey `
        -AuthenticationMethod Pap, MSChapv2 `
        -Force

    $StaticRoutes = @(
        '10.0.13.0/24', # Change these to match your internal subnets
        '10.0.12.0/24',
        '172.16.0.0/16'
    ) 

    try {
        rasphone.exe -d $ConnectionName
        Start-Sleep -Seconds 30
        $StaticRoutes | foreach {
            New-NetRoute -DestinationPrefix $_ -InterfaceAlias $ConnectionName
        }
    }
    catch {
        Write-Error 'There was an error adding the VPN connection'
        exit
    }
}

Add-MerakiVPN