Ubuntu 16.04.1 LTS UniFi Beta Controller with Wildcard SSL

This article covers how to install UniFi Beta from a .deb file for Ubuntu Server (so command line only), and how to install a WildCard SSL into UniFi. This article does not cover installing Ubuntu and applying updates.

If you already have a controller, confirm you have a backup of your controller to restore your sites and data!

Controller > Maintenance > Backup > Download



Obtain Putty, a SSH tool to remote into your server with copy/paste functionality


Installing UniFi Base Packages

Run the following code to install UniFi. Note that unifi-rapid and unifi-beta are no longer used, Ubiquiti changed to the single release and if you want a specific version you can install it yourself with the .deb file (below)

#Make your session administrative
sudo -i

#Open a text editor to allow UniFi to be downloaded from the repository
nano /etc/apt/sources.list

#Go to the bottom of the list with the arrow keys, and paste in (through putty, it's Right-Click)
deb http://www.ubnt.com/downloads/unifi/debian unifi5 ubiquiti
deb http://www.ubnt.com/downloads/unifi/distros/deb/debian debian ubiquiti
#Save (Ctrl + X, Y for Yes)

#Add the Ubiquiti GPG Signed Keys to allow you to install their software
apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50
apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10

#Refresh the repositories (download sources)
apt-get update

#Install from the repositories
apt-get install unifi


Upgrading to UniFi Beta with .DEB Image

Sign up for the UniFi Beta community forums. Check the blog to get the newest update packages.


Find the release you want, most likely the newest, and copy the URL of the .deb file.


Putty into your server, and run the following code to install UniFi, then upgrade to the Beta.

#Make your session administrative
sudo -i
#Download your .deb file to the /tmp directory
cd /tmp
wget https://www.ubnt.com/downloads/unifi/5.2.5-6914faba/unifi_sysvinit_all.deb

#Wait for download to complete, then unpackage and install
dpkg -i unifi_sysvinit_all.deb

#Clean up the mess, delete the old .deb file
rm unifi_sysvinit_all.deb


Applying the SSL Certificate

The scope of this guide does not cover how to create a CSR and obtain your wildcard certificate. Once you have exported your certificate keychain (with private key) as a PKCS #12, these instruction will APPLY the key to your UniFi controller.

By default, UniFi installs inself to /var/lib/unifi

In here is the file “keystore”, that contains the self-signed “UniFi” SSL certificate.

  1. Download Keystore Explorer
  2. Create a new keystore – JKS (OpenSSL)
  3. Tools > Import Key Pair – PKCS #12 > Browse to PFX Wildcard Cert
  4. Decrypt with private key password
  5. Encrypt NEW keystore with the password “aircontrolenterprise”
  6. File > Save As > “keystore”
  7. FTP file to your UniFi box, I recommend Filezilla to connect via sftp://192.168.1.X on port 22.
  8. Transfer the file to your home directory /home/username, since /var/lib/unifi is protected
  9. Connect via Putty > sudo -i > [password] > cd /var/lib/unifi
  10. Stop the service: service unifi stop
  11. Create a backup file: mv keystore keystore.orig
  12. Move your newly encrypted keystore: cd /home/username > cp keystore /var/lib/unifi/keystore
  13. Reboot the Linux OS, when the UniFi controller starts up it will auto import the file keystore and apply it to web services, giving you that nice shiny HTTP green lock 🙂


Dell Open Manage Event ID Monitoring

Monitoring Event IDs with Dell Open Manage

All right, it’s time to set up some kickass event ID monitoring. You’ve installed Dell Open Manage / Server Administrator on all of your physical hosts, and want to make sure you are aware if anything breaks or is about to explode! You’ve been searching for hours trying to find the Event IDs that actually matter — you’re in the right place!

The alerting system you use is up to you, Kaseya, Labtech, Nagios, Pandora FMS, Zabbix, whatever — what matters is getting the correct Event IDs and a matching description filter. Just alerting by Event ID may give you a flood of alerts, there are only so many low ID numbers to go around. The description filter matches only events from OpenManage.

These logs are generated across BOTH Application and System Event Logs, so be sure you are capturing both categories of Event IDs.

I’ve done the hard work of looking through all 500+ of Dell’s individually paged Event ID descriptions — visible here.

Below is a massive list of the ones that matter (or at least, the ones I think matter — any warnings, errors, or critical alerts related to hardware health — anything storage (RAID disks, rebuilds, hot spares, SMART, controller battery, etc), memory (bit errors, ECC failures, failed sticks, etc), CPU (failed processors, temperature, etc), power supplies (redundancy, device failure, cord unplugged, etc). You may want more logs to look at, but I tried to pick anything that could lead to degraded performance or failure.

Open Manage 2

Take my list to get you started. All event descriptions should have wildcards (*), so the description does not require an exact match, otherwise one letter off and you don’t get an alert. Enjoy the code — let me know if it helped you out! 🙂

Dell Open Manage Event ID Cheat

Event ID		Description Filter
1004			*Thermal shutdown*	
1053			*Temperature sensor*	
1054			*Temperature sensor*	
1104			*Fan sensor*	
1153			*Voltage sensor*	
1154			*Voltage sensor*	
1203			*Current sensor*	
1204			*Current sensor*	
1305			*Redundancy*	
1306			*Redundancy*	
1353			*Power supply*	
1354			*Power supply*	
1403			*Memory*	
1404			*Memory*	
1405			*Memory*	
1501			*AC power*	
1503			*AC power*	
1504			*AC power*	
1505			*AC power*	
1552			*Log size*	
1554			*Log size*	
1555			*Log size*	
1604			*Processor*	
1703			*Battery*	
1704			*Battery*	
1705			*Battery*	
2048			*Device failed*	
2049			*disk removed*	
2051			*disk degraded*	
2056			*Virtual disk failed*	
2057			*degraded*	
2076			*Consistency failed*	
2081			*reconfiguration failed*	
2082			*rebuild failed*	
2083			*rebuild failed*	
2094			*Predictive*	
2100			*Temperature*	
2102			*Temperature exceeded*	
2106			*SMART*	
2107			*SMART*	
2108			*SMART*	
2109			*SMART*	
2110			*SMART*	
2112			*Enclosure was shut down*	
2122			*Redundancy degraded*	
2123			*Redundancy lost*	
2126			*sector reassign*	
2129			*BGI failed*	
2145			*Controller battery*	
2146			*Bad block*	
2146			*DR0*	
2147			*DR0*	
2147			*Bad block*	
2148			*Bad block*	
2149			*Bad block*	
2150			*Bad block*	
2169			*controller battery*	
2187			*ECC error*	
2201			*hot spare failed*	
2203			*hot spare failed*	
2272			*uncorrectable media*	
2273			*punctured*	
2289			*ECC error*	
2290			*ECC error*	
2310			*permanently degraded*	
2312			*power supply*	
2313			*power supply*	
2318			*battery*	
2319			*ECC error*	
2320			*ECC error*	
2321			*ECC error*	
2324			*AC power supply cable*	
2340			*uncorrectable errors*	
2342			*inconsistent parity*	
2346			*Error on PD*	
2347			*rebuild failed*	
2348			*rebuild failed*	
2349			*bad disk block*	
2350			*unrecoverable disk media*	
2367			*Rebuild is not possible*	
2367			*Rebuild is not possible*	
2384			*hot spare*	
2385			*hot spare*	
2387			*bad block medium*	
2396			*uncorrectable multiple medium*	
2397			*uncorrectable errors*	
2402			*Disk Power status*	
2405			*Command timeout*	
2416			*medium error*	
2417			*medium error*	
2434			*wear-out limit*	
2436			*read-only mode*	
2441			*critical temperature*	
2442			*degraded*	
2443			*Data loss*	
2900			*cache device*	
2901			*inaccessible*	
2911			*cached LUN*	
2930			*caching*	
1				*device*	
20				*Device*IO failed*	
4098			*returning error*
7				*bad block*
11				*controller error*	
52				*predicted that it will fail*


Easy TCP Port Listener for Network Monitoring

Easy TCP Port Listener for Network Uptime Monitoring

Products like Nagios, Zabbix, or PHP Server Monitor can monitor the uptime of services by performing a TCP port query. In short, “is port TCP 25” open? — its on/offline!

Well what if the server I want to monitor doesn’t have any services to even open up to the public internet for monitoring. Using TCP 135 (Microsoft RPC), TCP 445 (NetBIOS), TCP 3389 (Remote Desktop) built into every Server OS to monitor uptime can be very dangerous. Well I want a program that can listen on a port without massively exposing my servers.

There are two ways to go about this from the scope of this article:

  1. Install an application that hosts a service listener, like a HTTP (TCP 80) server or FTP (TCP 21) server. But you probably don’t want a HTTP or FTP server on say, a Domain Controller or backup machine.
  2. Run a small portable executable that listens on a single port as a scheduled task.

Enter: Port Listener

Made by RJL Software (http://www.rjlsoftware.com/software/utility/portlistener/), it’s a single EXE that can be programmed to listen to any port. It is a simple program, just responding with a TCP-ACK and that’s it!

The Port Listener Code

::It doesn't get simpler than this.
::Change the number "9999" to whatever TCP port you want to listen on.

listener.exe 9999

Port Listener CLI

##Client Query
##Check if the port is being listened on. If there is no output, the port is not being listened on. If you get a response of code, it's open and LISTENING.

netstat -ano | find "9999"


Task Scheduler

Start > Run > taskschd.msc

Task Scheduler Library > Right-Click > Create Basic Task >

Name:#### Uptime TCP Listener

Right-Click > Properties > Run whether user is logged on or not > enter password.

Also edit Conditions (turn off “only run when idle”) and Settings (Stop if runs longer than 3 days) so it always runs , if task fails, restart every 10 minutes, etc.

Command Line Version:

::Create a Windows Firewall Rule
netsh advfirewall firewall add rule name="9999 Uptime TCP Listener" dir=in action=allow protocol=TCP localport=9999

::Create a Scheduled Task that runs on computer boot (ONSTART)
::Note the use of double quotes (") for the full command, and single quotes (') to isolate the executable so arguments/parameters can be passed through.
schtasks /create /TN "9999 Uptime TCP Listener" /SC ONSTART /RU "NT AUTHORITY\NETWORKSERVICE" /TR "'C:\Scripts\listener.exe' 9999"

::Run scheduled task
schtasks /Run /TN "9999 Uptime TCP Listener"

Port Listener Image

Reboot, see if it’s listening, you should have a port listening indefinitely. Add a firewall rule, add a monitor to Nagios/Your System, you’re done – woohoo!

Run on any Windows Server you want monitored, easy peasy! Have fun!

PHP Server Monitor – Add Ping Functionality

Adding Ping (ICMP) to PHP Server MonitorPHP Monitor ICMP

I love PHP Server Monitor, it is an amazing tool for my business to have a simple, reliable, practical way to ensure which services or devices are online. The only complaint I have with it is that it does not support ping monitors, only services (query Port 3389 for example).

Major thanks to Michele Mariotti and insuman on the PHP Server Monitor forums (Post Link) for writing up some code that allows ICMP functionality, as long as the service is Port 1.

Log in to your server via Putty, make a backup of the StatusUpdater function definitions, and replace the old code that will allow you to use ICMP.


# For me, PHP Server Monitor it installed under /var/www/html, your path may be different.
cd /var/www/html/src/psm/Util/Server/Updater

cp StatusUpdater.class.php StatusUpdater.class.php.bak

sudo nano StatusUpdater.class.php


#Find the function
Ctrl + W (search)

function updateService


 Old Code in StatusUpdater.class.php

protected function updateService($max_runs, $run = 1) {
    $errno = 0;
    // save response time
    $starttime = microtime(true);

    $fp = fsockopen ($this->server['ip'], $this->server['port'], $errno, $this->error, 10);

    $status = ($fp === false) ? false : true;
    $this->rtime = (microtime(true) - $starttime);

    if(is_resource($fp)) {

    // check if server is available and rerun if asked.
    if(!$status && $run < $max_runs) {
      return $this->updateService($max_runs, $run + 1);

    return $status;


Change to New Code in StatusUpdater.class.php

This is hardcoding TCP Port 1 in PHP Monitor, to use ICMP/Ping. The default timeout is 5 seconds, adjust the number 5  in the timeout variable ($timeout) to whatever time in seconds you want.

You can use Ctrl+K in nano to delete an entire line at once, rather than holding the Backspace or Delete keys.

###NEW CODE###
protected function updateService($max_runs, $run = 1) {

        if (($this->server['port']) == 1) {
            /* timeout min: 5 sec */
            $timeout = ($this->server['timeout'] < 5 ? 5 : $this->server['timeout']);
            /* save response time */
            $starttime = microtime(true);
            /* ICMP ping packet with a pre-calculated checksum */
            $package = "\x08\x00\x7d\x4b\x00\x00\x00\x00PingHost";

            $socket = socket_create(AF_INET, SOCK_RAW, 1);
            socket_set_option($socket, SOL_SOCKET, SO_RCVTIMEO, array('sec' => $timeout, 'usec' => 0));
            socket_connect($socket, $this->server['ip'], null);
            $ts = microtime(true);
            socket_send($socket, $package, strLen($package), 0);

            if (socket_read($socket, 255)) {
                $status = true;
            } else {
                /* store error reason */
                $this->error = socket_last_error() .' '. socket_strerror(socket_last_error());
                $status = false; 
            $this->rtime = (microtime(true) - $starttime);
        } else
        //rest of code
            $errno = 0;
            // save response time
            $starttime = microtime(true);

            $fp = fsockopen ($this->server['ip'], $this->server['port'], $errno, $this->error, 10);

            $status = ($fp === false) ? false : true;
            $this->rtime = (microtime(true) - $starttime);

            if(is_resource($fp)) {

Ping Monitor Example

PHP Monitor ICMP Server Example

OwnCloud Server 9.0 – Ubuntu 12.04 Installation

OwnCloud Server 9.0 on Ubuntu 12.04 with PHP 5.6

A quick setup guide to setting up a private OwnCloud Server on Ubuntu Server.

From building a fresh machine, to setting static IP, installing dependencies, and taking everything online.


Ubuntu 12.04 and PHP 5.6

Current Ubuntu is 14.04, but our AppAssure software threw a fit trying to back up a 14.04 that is apt-get updated to the newest. The lovely error: “Buffer I/O error on device sdb0, logical block #”

Some patch must have broken whatever the backup is using. So I had to install on Ubuntu 12.04, except it by default only installs PHP 5.3…. OwnCloud needs 5.4+


OS Setup

Install the OS, check the OpenSSH feature, use Putty to connect over SSH so you can copy/paste.

#Configure a Static IP

#Use nano to edit > Ctrl+X to close
nano /etc/network/interfaces

#Change iface eth0 inet dhcp to:
iface eth0 inet static


Upgrade 12.04 with the newest patches, security fixes, etc. Then add a repository that normally is not in 12.04, to allow the install of php5.6

#Update the OS
apt-get update
apt-get upgrade

#Allow PHP 5.6 to be installed on an older OS
apt-get install python-software-properties
add-apt-repository ppa:ondrej/php5-5.6
apt-get update
apt-get install apache2
apt-get install php5 php5-mysql
apt-get install php5-gd php5-json php5-curl php5-intl php5-mcrypt php5-imagick
apt-get install mysql-server

#Lock down your SQL, remove the anonymous and remote access.

#Go configure MySQL for OwnCloud
mysql -u root -p
#Enter the DB password prompted when installing.
#Make a table and make priveleges.
CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
GRANT ALL ON ownclouddb.* TO 'user'@'localhost';

Install OwnCloud

#Download the installer, unzip/untar it
cd /var

wget https://download.owncloud.org/community/owncloud-9.0.0.tar.bz2

tar -xvf owncloud-9.0.0.tar.bz2 -C /var/www/html/

 Configure Apache2

#Point Apache to your website directory
cd /etc/apache2/sites-available
#Make a backup
cp 000-default.conf 000-default.conf.bak
nano 000-default.conf
#Change ServerName to your FQDN (files.website.com)
#Change DocumentRoot to your path (/var/www/html/owncloud)
service apache2 restart

#Edit OwnCloud to accept your website URL (FQDN)
cd /var/www/html/owncloud/config
nano config.php
#Change your array to look like:
  array (
    0 => 'files.website.com',
    1 => '',
#Change the CLI URL
'overwrite.cli.url' => 'http://files.website.com',

 Configure Data Directory

mkdir /owncloud
mkdir /owncloud/data
chown -R www-data:www-data /owncloud/data/

Go login to your website,, pop the the applicable information, and change the data path to something outside of the www subdirectory (I use /owncloud/data/)

You *may* have a permission error preventing you from changing the maximum file upload size, File Handling > “Missing permissions to edit from here.”
Just edit the hidden .htaccess file permissions

chmod 776 /var/www/html/owncloud/.htaccess
chmod 776 /owncloud/data.htaccess
#Edit Apache2.conf
nano /etc/apache2/apache2.conf
#Change "AllowOverride None" to "AllowOverRide All"
#Import for the /var/www directory.

I recommend updating your OwnCloud installation, located in the Username > Admin > Updater section. There are some bugs such as Internet Explorer 11/Edge getting the error “Could not create folder “<FOLDERNAME>”” that can be fixed with an update.

Good luck, enjoy OwnCloud, beats the heck out of Dropbox 🙂

HyperV Migration – 0x80090303 – Failed to Authenticate

HyperV Live Migration SPNs – 442 Failed to Authenticate (0x80090303)

Good golly, I just want to move, export, or replicate a VM from one HyperV Server to another. Why is it so frustrating? Commonly received is the rror 0x80090303, meaning that a HyperV host is not allowed to make a live migration connection to another HyperV host — It must become delegated.


The reasons for why this has to be so much work (at least, per worthless Microsoft Technet articles), are beyond the scope of this article. The fix can be quick and easy. From my personal experience, I’ve only gotten CredSSP to work once after a lot of pain and agony. Kerberos through constrained delegation can work, but only if the SPNs are set correctly. Make sure both servers are joined to the same domain, and the VM to be migrated has it’s Processor expanded Compatibility Settings configured for “Migrate to a physical computer with a different process version” checked.


Delegation can be done through Active Directory Users and Computers, but then you have to get the servers to pull their new SPN settings through either a reboot or “gpupdate /force”, which even then only occasionally works.


The quick and easy fix

Take the code below, find & replace the SERVERA, SERVERB, and domain.local fields, and punch it into each server. ServerA commands entered into an administrative command prompt on Server A, and ServerB commands for Server B. By reloading the vmms service you force pull the new settings.

If you cannot find the Active Directory Attribute Editor button for “Trust this computer”, don’t worry about it, the SPNs are really what matter.

Punch in the commands, close and re-open HyperV manager on both, and give your move/export/replication another whirl.

=-=-=-=-=-=-= Hyper-V Live Migrations =-=-=-=-=-=-=
Active Directory > Right-Click Machine > Properties > Delegation > Trust this computer for delegation to any service (Kerberos Only)

setspn -S "Hyper-V Replica Service/SERVERA" SERVERA
setspn -S "Hyper-V Replica Service/SERVERA.domain.local" SERVERA
setspn -S "Microsoft Virtual Console Service/SERVERA" SERVERA
setspn -S "Microsoft Virtual Console Service/SERVERA.domain.local" SERVERA
setspn -S "Microsoft Virtual System Migration Service/SERVERA" SERVERA
setspn -S "Microsoft Virtual System Migration Service/SERVERA.domain.local" SERVERA
net stop vmms && net start vmms
setspn -S "Hyper-V Replica Service/SERVERB" SERVERB
setspn -S "Hyper-V Replica Service/SERVERB.domain.local" SERVERB
Setspn -S "Microsoft Virtual Console Service/SERVERB" SERVERB
setspn -S "Microsoft Virtual Console Service/SERVERB.domain.local" SERVERB
setspn -S "Microsoft Virtual System Migration Service/SERVERB" SERVERB
setspn -S "Microsoft Virtual System Migration Service/SERVERB.domain.local" SERVERB

net stop vmms && net start vmms



SystemRescueCD Dual Boot with Windows

SystemRescueCD Dual Boot

SystemRescueCD is an incredibly usefulful tool for data recovery.

I run a Windows laptop and continually use Easy2Boot for my ISO booting USB stick. It works well with most ISOs, including SystemRescueCD. However my laptop only has two USB plugs.

USB Port Limits

USB 1 – Mounted external HDD

USB 2 – USB Boot Stick

USB … – Target USBHDD to copy data to. No third plug.


Old, Ineffective Solutions

Well drat! This means I need to boot SystemRescueCD off hard-disk, rather than a USB port. After much scrounging on the SystemRescueCD forums, I found some very old, outdated, complicated articles to get dual-boot working.

Old Link 1 – https://www.system-rescue-cd.org/Sysresccd-manual-en_Easy_install_SystemRescueCd_on_harddisk

Old Link 2 – https://www.system-rescue-cd.org/Sysresccd-manual-en_How_to_install_SystemRescueCd_on_harddisk

Old Link 3 – http://www.system-rescue-cd.org/forums/viewtopic.php?t=1700

They involve making a directory, extracting files from the ISO, and editing the BCD bootloader to ham out a rickity boot process. In short —  a nightmare!


IT Dual-Boot Bag of Tricks

I got pretty lucky in figuring out a MUCH easier solution.

Configure EasyBCD to boot the ISO, and extract “sysrcd.dat”, the actual chunk of the ISO that matters, to C:\.


Step 1 – Install EasyBCD, just snag the free version if it is for personal use.

Step 2 – Download the SystemRescueCD ISO. If the download is going to take a long time (1 hour), try another mirror (1-3 minutes).

Step 3 – Copy your ISO to root C:\

Step 4 – Add a boot entry in EasyBCD for portable media, and point it to the ISO, C:\systemrescuecd-x86.iso

**Note** If you were to boot at this point, you would successfully boot to the SystemRescueCD menus, but wouldn’t be able to fully load the Live OS. It would continually search \dev\sda, \dev\sdb, \dev\sdc, etc for the sysrcd.dat, which it is looking for in a mounted CD drive.

Step 5 – Extra the file “sysrcd.dat” from the root of the ISO into root C:\


Upon rebooting you should have another option and be good to go! Woohoo!

Sonicwall SSLVPN Setup Guide

Sonicwall SSLVPN Quick-Start Guide

Alright, exciting! You most likely have a user who travels, but needs to access documents or resources inside the office. This is a quick start guide to get SSLVPN setup on the Sonicwall and users connected in.


Enabling VPN

Login to your Sonicwall > SSL VPN module (left) > Server Settings > Confirm WAN light is green. If not, click WAN to flip it on. Confirm your SSLVPN port, by default it is TCP 4433.

Creating VPN Users

Sonicwall > Users module > Local Groups > Users

Add User > Name/Password field.

Needs to be a member of the groups:

  • Everyone
  • Trusted Users
  • SSLVPN Services

VPN Access

  • Pick your subnet. If it’s a simple network, you can do “Firewalled Subnet”. If you have isolated zones/subnets, actually pick the subnet(s) the user needs. Generally your X0 (LAN) will be called “LAN Primary Subnet”

Connecting to the VPN with NetExtender

Enter the DNS (or worst case, direct IP) of your Sonicwall, and browse to https://domain.name.com:4433

If you’re pulling a SSL Version Mismatch (Chrome), you need to upgrade your Sonicwall firmware, or use Internet Explorer, which has no concept of security 😉


Previously you had to use GlobalVPN, which is very oldschool and lacked a lot of features built into SSLVPN. Login, download the Windows NetExtender Client.

The quick and dirty installer is NXSetupU.exe. It’s not uncommon for these to be super outdated and have a million bugs, in which case to snag a new version, you need to login to https://mysonicwall.com

I highly, highly, recommend getting the newest version of the SSL NetExtender. Sonicwall actually does a decent job of bug fixes with this program.

The Sonicwall Download Center is kind of vague, I wish it would just say “NetExtender Windows”, but it’s the download just labeled “NetExtender”. Anyways, download and run the .MSI,

Sonicwall SSLVPN NetExtender Client

Sonicwall SSLVPN NetExtender Download

When logging in, note that capitalization does matter for a Sonicwall user. It’s effectively because Sonicwalls run a *nix OS, where everything is case-sensitive.

You’ll need to include the port in your Server path, no https://, an example: vpn.domain.com:4433

Domain is by default, LocalDomain.

Sonicwall SSLVPN NetExtender Client


Hopefully that is a decent quickstart, post a comment if you have questions!

Office 2016 – Remote Desktop Shared Licensing

Deploying Office 2016 with Shared or Open-Volume Licensing

Doing this the first time was an absolutely confusing mess back when Office 2013 came out. It’s still just as confusing, except now there is more documentation — like this blog aims to help you.

The process is actually identical for 2013 and 2016, you need to download/build your own installer that is different from a normal Office installer — one with Shared Licensing so it can run on a Remote Desktop Server / Terminal Server.


Building the Office 2016 Remote Desktop Server Installer

Office 365 ProPlus / Volume Licensing 2013 – http://go.microsoft.com/fwlink/p/?linkid=282642

Office 365 ProPlus / Volume Licensing 2016 – http://go.microsoft.com/fwlink/p/?linkid=626065

Run the officedeploymenttool_XXXX-XXXX.exe, extract it to a folder like C:\Installers\Office365\2016

Edit the configuration.xml file to match something like the following:

     <Add SourcePath="C:\Installers\Office365" OfficeClientEdition="32" >
          <Product ID="O365ProPlusRetail">
               <Language ID="en-us" />
     <Updates Enabled="TRUE" />
     <Display Level="Full" AcceptEULA="TRUE" />
     <Logging Path="%temp%" />
     <Property Name="SharedComputerLicensing" Value="1" />

The big one is that “SharedComputerLicensing” field, which makes licensing act under PER USER PROFILE / PER MICROSOFT ACCOUNT, rather than a single key for the whole server.

Open a command prompt in the directory containing the setup.exe and your configuration.xml file.


The command to build your installer really is this simple:

C:\Installers\Office365\2016>setup.exe /download configuration.xml

I recommend going over to the Resource Monitor, where you can track the download speed of your files. You’ll end up with a folder like C:\Installers\Office365\Office, which contains all the .CAB files. A directory above where you ran the installer. You could specify a path, local or UNC share, but in my experience it never works consistently.


Installation and Activation

But dagnabit, there is no installer… Gotta run it through command prompt:

Once there is no more network/disk activity coming from setup.exe — it has finished downloading all 1.1GB of files:

#Command Prompt (As Administrator)
#Pop the RDS Server into terminal-install mode:
change user /install

#Once download is done:
C:\Installers\Office365\2016>setup.exe /configure configuration.xml

#Once complete
#Pop the RDS Server into user-run mode:
change user /execute

I highly recommend rebooting, for some reason the program icons in the start menu like to not pin/unpin or maintain their old name (Word 2013, Excel 2013, etc) until a reboot.

office 2016 progress

Office 2016 successfully installed — heck yeah!

office 2016 start menu

Windows Server Backup

Occasionally a client does not want to pay for backup software, like StorageCraft, AppAssure, Veeam, whatever gets their 50 employees back up quickly is not worth $1k to management.

In that case, the cheapest possible solution we use is built-in Windows Server Backup. God-forbid, you have to use something like Symantec Backup Exec, which is really only designed for Tape-Drives — not USB HDDs (again, think cheap).

Windows Server Backup by default, when you build your schedule will only use 1 USBHDD. There is no GUI option to add other USBHDDs to a pool of drives.


Adding USBHDDs to a Windows Server Backup Pool

You’ll set up your first USBHDD through the GUI via the scheduler tool. Pick a backup time frame and you’re done. To add new USBHDDs to the pool is a fairly simple process.

  1. Connect the new USBHDD (even if it’s already formatted or linked to another backup server).
  2. ::Local Command Prompt (Run as Administrator)
    ::Pull the Disk GUIDs
    wbadmin get disks
    :: The GUID includes a long string inside of brackets { }.
    ::Copy-Paste the Disk GUID into the following blank, replacing what is in the brackets
    WBADMIN ENABLE BACKUP -addtarget:{12345678-0000-0000-0000-000000000000}
    ::Y - Yes, Y-Yes, wait, eject the drive, and switch it out. Drive automatically adds itself into the scheduling pool.
  3. Add the drives one by one and get a USBHDD pool created and you’re done. If any of the USBHDDs is connected, the next scheduled backup will use that disk.