Problem

You’re attempting to publish Office web-based 365 applications within Citrix with the following instructions:

Configuring individual Office suite applications in Citrix Workspace

https://docs.citrix.com/en-us/advanced-concepts/design-guides/citrix-gateway-o365-saas.html#configuring-individual-office-suite-applications-in-citrix-workspace

… but notice that the first Microsoft Word you publish fails to launch and presents the following error:

Sign in

Sorry, but we’re having trouble signing you in.

AADSTS51004: The user account tluk@contoso.com does not exist in the 87f1d4b7-d6e7-4ebb-842d-cce6024b0bb2 directory. To sign into this application, the account must be added to the directory.

Troubleshooting details

If you contact your administrator, send this info to them.

Copy info to clipboard

Request Id: 468d4068-a6aa-4559-b8bf-fcc7f7be8200

Correlation Id: 145b397e-dd9f-462c-87c0-50b1b685190e

Timestamp: 2020-11-25T21:21:14Z

Message: AADSTS51004: The user account tluk@contoso.com does not exist in the 87f1d4b7-d6e7-4ebb-842d-cce6024b0bb2 directory. To sign into this application, the account must be added to the directory.

Advanced diagnostics:Enable

If you plan on getting support for an issue, turn this on and try to reproduce the error. This will collect additional information that will help troubleshoot the issue.

Solution

One of the common causes for this error during the launch is if the Launch the app using the specified URL (SP initiated) is not enabled (the documentation does not explicitly specify this should be):

Word should launch once the configuration is enabled:

I’ve recently been involved in many Teams Direct Routing deployments and was asked by one of the clients to assist with automating the generation of PSTN usage reports so they can correctly bill each department long distance fees. Prior to this year, the only way to obtain these reports was to manually export them from the Analytics & reports > Usagereports section of the Teams admin center:

In 2020, Microsoft released the ability to programmatically retrieve Microsoft Teams PSTN Usage records using the Graph API and the following are a module and PowerShell script that Jeff Brown and Lee Ford created for the community:

Jeff Brown’s TeamsCloudCommunicationApi module
https://jeffbrown.tech/use-graph-api-to-export-microsoft-teams-pstn-usage-records/

Lee Ford’s Get-TeamsPSTNCallRecords script
https://github.com/leeford/Get-TeamsPSTNCallRecords

This was my first time using Graph API and was initially confused as to how to use the module or script so I thought I’d write a blog post outlining the exact steps required for each of the two solutions above. Note that the information is provided by both Jeff Brown, who provides a comprehensive guide for setting it up but it is in a separate post and requires a bit of scrolling and Lee Ford, who provides the information but not the comprehensive detail Jeff includes, so the purpose here is just to demonstrated what I went through to set them up. I will also include the links to Jeff’s posts for reference.

Prerequisites – Set up an Azure AD application for Graph API

The first thing you’ll need to do is create an App registration that will be used by the module or PowerShell script. This step is to create the necessary permissions for the module or script to run without requiring the person running it to log in.

Log into Azure admin portal then navigate to Azure Active Directory> App registrations and then click on New registration:

Give the application a name (this is a logical name that won’t be referenced in the module or script). For this example, I’ll be using: Graph-API-Teams-Logs with the rest of the configuration settings left as the defaults:

The configuration parameter we’ll need later is the Application (client) ID and Directory (tenant) ID so copy those into notepad:

Application (client) ID: 57c4b54b-2c88-485d-8a42-5ae62c628294
Directory (tenant) ID: 84f4470b-3f1e-4889-9f95-##############

Note that you can obtain the tenant ID in the Overview section of Azure Active Directory as well:

Next, navigate to Certificates & secrets > New client secret:

Provide a description for the secret (Graph-API-Teams-Logs), configure how long this secret will remain valid and then click add:

A client secret will be created. Copy the Value of the secret immediately as you can browse away and back to this page within a short period of time before the value becomes masked with ****:

With the client secret created, navigate to API permissions> Add a permission:

Select Microsoft Graph:

Select Application permissions:

Search for CallRecords.Read.All and add the permission:

Click on Grand admin consent for <organization name> to complete the permissions configuration:

You should now see the Status with a green check mark:

The following are the three configuration parameters that you should have after completing the steps above:

Application (client) ID: 57c4b54b-2c88-485d-8a42-5ae62c628294
Directory (tenant) ID: 84f4470b-3f1e-4889-9f95-##############
Value: Ydwo##################-aZS39Zqn

Using Lee Ford’s Get-TeamsPSTNCallRecords script

I’ll start with demonstrating how to use Lee Ford’s Get-TeamsPSTNCallRecords script because it is simpler but it did not provide me with a report I needed because the extension of the user and the number dialed was masked with a *. It also did not let me specify a date range.

Begin by downloading the PowerShell script from here: https://github.com/leeford/Get-TeamsPSTNCallRecords

Open the Get-TeamsPSTNCallRecords.ps1 script and navigate down to the following lines and fill in the appropriate values:

# Client (application) ID, tenant (directory) ID and secret
$clientId = "ddbc3c22-3a28-47c9-bfb3-3b857d97f1e0"
$tenantId = "84f4470b-3f1e-4889-9f95-###########"
$clientSecret = 'pGLJ####################hm5j_J'

Save the Get-TeamsPSTNCallRecords.ps1 and you should now be able to use the following cmdlet to export the logs:

.\Get-TeamsPSTNCallRecords.ps1 -SavePath C:\Temp -Days 50 -SaveFormat CSV

As mentioned earlier, the report appears to mask the caller and the callee’s number:

Using Jeff Brown’s TeamsCloudCommunicationApi module

Jeff Brown’s TeamsCloudCommunicationApi module provides more flexibility as you can specify the date range as well as have the caller and callee’s number displayed.

As specified in Jeff’s post (https://jeffbrown.tech/use-graph-api-to-export-microsoft-teams-pstn-usage-records/), the module can be downloaded directly from the PowerShell gallery with the command:

Install-Module -Name TeamsCloudCommunicationApi

Alternatively, the module can also be downloaded from GitHub: https://github.com/JeffBrownTech/TeamsCloudCommunicationApi

After downloading the files in this GitHub repository, the module can be imported by executing the following cmdlet:

Import-Module TeamsCloudCommunicationApi.psd1

The available commands can be displayed with the following cmdlet:

Get-Command -Module TeamsCloudCommunicationApi

Get-GraphApiAccessToken
Get-TeamsDirectRoutingCalls
Get-TeamsPstnCalls

With either the module installed or the module downloaded and imported, the next step is to generate an access token that will be used with the PowerShell cmdlet to retrieve the logs. The steps provided at GitHub: https://github.com/JeffBrownTech/TeamsCloudCommunicationApi did not work for me but the step in Jeff’s other post here did: https://jeffbrown.tech/creating-microsoft-teams-and-channels-with-graph-api-and-powershell/

The following are the lines to modify and execute to generate the access token (replace the text highlighted in red with the appropriate values):

$env:graphApiDemoAppId = "12345678-abcd-efgh-jklm-123456789abc" # Replace with your Azure AD app id

$env:graphApiDemoAppSecret = "1234567890asdfjk;l54321" # Replace with your Azure AD app secret

$env:tenantId = "12345678-abcd-efgh-ijkl-987654321wxyz" # Replace with your Azure AD tenant ID

$oauthUri = https://login.microsoftonline.com/$env:tenantId/oauth2/v2.0/token

# Create token request body

$tokenBody = @{

client_id = $env:graphApiDemoAppId

client_secret = $env:graphApiDemoAppSecret

scope = "https://graph.microsoft.com/.default"

grant_type = "client_credentials"

}

# Retrieve access token

$tokenRequest = Invoke-RestMethod -Uri $oauthUri -Method POST -ContentType "application/x-www-form-urlencoded" -Body $tokenBody –UseBasicParsing

# Save access token

$accessToken = ($tokenRequest).access_token

With the access token created, we can now use either the:

Get-TeamsDirectRoutingCalls

Get-TeamsPstnCalls

… to export the logs:

Hope this helps anyone who may not be familiar with setting up App registrations and using Graph API.

Huge thanks to Jeff Brown and Lee Ford for providing this to the community!

I’ve recently been asked to assist with troubleshooting an issue where remote users who VPN into the network remotely while working from home were not receiving an agent that is installed through Group Policy. Upon troubleshooting with a remote worker’s laptop, I realized that Group Policy had not been refreshed for over a month and simply executing a GPUpdate automatically installed the application. The client wanted to determine which remote devices did not have the application then proceed to run GPUpdate on them to install the application.

Many administrators will likely be familiar with the Group Policy Update… feature in the Group Policy Management Console, which automatically reaches out to all of the devices in the OU to initiate a Group Policy Update:

While this allowed us to force a GPUpdate on devices with ease, this did not provide a report on which device had the software so what I ended up doing was write a PowerShell script to accomplish this. The script reads a text file with a list of names separated by line breaks, attempts to ping the device and if it is reachable, it will attempt to determine whether it has the agent installed and if it isn’t, it would initiate a GPUpdate remotely. The result of whether it was reachable via PING, had the application installed, did not have the application installed, and not responding to the command to determine the application installed status would be written to a CSV file.

The script is provided below with the following parameters that can be adjusted:

$InventoryList> specify the text file containing the device names
$Software> Specify part of the name of the application that is being determined whether it is installed (in this example, it is anything with the word “Omni”)

Customize the $Output and Write-Host lines as required.

Note that the Invoke-GPUpdate PowerShell cmdlet will present a command prompt to the console of the remote device to initiate the GPUpdate.

The script:

$Output=@()

$InventoryList = Get-Content "C:\temp\InventoryList.txt"

$Software = "*Omni*"

ForEach ($Machine in $InventoryList -ne ''){

#Ping each machine found in text file

if (!(test-Connection -ComputerName $Machine -BufferSize 16 -Count 1 -ea 0 -Quiet))

{

$Output+= "$Machine,not reachable"

Write-Host "$Machine,not reachable" -ForegroundColor Red

}

Else

{

#Machine is reachable via Ping

#Checks installed programs for products that contain Omni in the name

Try {

$installed = Get-WmiObject -ComputerName $Machine -Class Win32_Product -ErrorAction Stop | sort-object Name |

Select-Object Name | Where-Object { $_.Name -like $Software}

If($installed) {

$Output+= "$Machine,Omni Installed"

Write-Host "$Machine,Omni Installed" -ForegroundColor Green

} else {

$Output+= "$Machine,Omni Not Installed"

Write-Host "$Machine,Omni Not Installed" -ForegroundColor Red

Invoke-GPUpdate -Computer $Machine -RandomDelayInMinutes 0}

# Write-Host "Invoting GPUpdate on $Machine" -ForegroundColor Red}

#EndofElse

}

Catch {

$Output+= "$Machine,Unable to check apps"

Write-Host "$Machine,Unable to check apps" -ForegroundColor Red

}

#EndofForEach

$Output | Out-file "InstalledSoftwareResult.csv"

}

}

Feel free to modify the script as needed for any purpose.

I’ve recently been asked by several clients about how they would go about setting up a P2S (Point-to-Site) VPN for their remote workers to VPN into Azure so I thought I’d write a short blog post demonstrating the process.

Before I begin, the following are the Microsoft documentation for configuring a Point-to-Site VPN that should be reviewed as it provides an explanation of how it works and the respective configuration parameters available during the deployment.

Configure a Point-to-Site VPN connection to a VNet using native Azure certificate authentication: Azure portal
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal

About Point-to-Site VPN
https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about

Configure a Point-to-Site VPN connection to a VNet using native Azure certificate authentication: Azure portal
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal

Create and install VPN client configuration files for native Azure certificate authentication P2S configurations
https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-configuration-azure-cert

Configure a Point-to-Site VPN connection to a VNet using native Azure certificate authentication: Azure portal
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal

Step #1 - Configure Azure Point-to-Site VPN

Assuming that a Site-to-Site VPN between Azure and an on-premise datacenter or office is already configured, begin by logging into Azure and selecting the Virtual network gateways option to list the gateways configured:

Select the existing Site-to-Site VPN gateway that is already configured and then click on Point-to-site configuration:

The following options for the P2S VPN is displayed:

The Address pool is where you define the IP subnet that the VPN client will be in. Specify a subnet that does not overlap any existing address space specified in a Virtual Network.

The Tunnel type is where you select the type of VPN you want to provide to the users. I won’t go into the details of the differences between all of them and will simply reference the following Microsoft TechNet article: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal#tunneltype

For the purpose of demonstrating how to use Microsoft Enterprise CA certificates for authentication and using a Windows 10 operating system to connect natively with the OS built client, we’ll be configuring the following:

Tunnel type: IKEv2 and SSTP (SSL)
Authentication type: Azure certificate

Root Certificates:

We’ll need to obtain the Microsoft Enterprise CA root certificate’s Public certificate data by performing the following:

Either log onto the certificate authority, launch the Local Computer Certificate Store (certlm.msc), navigate to the Personal> Certificates folder to locate the Root CA Certificate Authority’s certificate (this is used to sign certificates this CA issues):

Or from any domain joined computer, launch the Local Computer Certificate Store (certlm.msc), navigate to the Trusted Root Certification Authorities> Certificates folder to locate the Root CA Certificate Authority’s certificate:

Open the properties of the certificate, click on the Details tab, click on Copy to File to copy the certificate without the private key to a file in Base-64encoded X.509 format:

Open the file in Notepad, copy the content between:

-----BEGIN CERTIFICATE-----

… and:

-----END CERTIFICATE-----

… then paste it into the Public certificate data field:

Save the configuration and proceed to download the VPN client by clicking on Download VPN client:

A zip file containing the following folders will be downloaded:

We’ll come back to installing the client once we have issued the client certificate.

Step #2 – Generate Client Certifcates for Authentication

The Microsoft document doesn’t provide much information for using an Enterprise CA other than the following:

Generate client certificates
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal#generateclientcert

You can generate client certificates by using the following methods:

· Enterprise certificate:

o If you're using an enterprise certificate solution, generate a client certificate with the common name value format name@yourdomain.com. Use this format instead of the domain name\username format.

o Make sure the client certificate is based on a user certificate template that has Client Authentication listed as the first item in the user list. Check the certificate by double-clicking it and viewing Enhanced Key Usage in the Details tab.

The information isn’t very clear on what certificate template to use other than that the common name value format must be the UPN rather than domain name\username. The good news is that the default User certificate template that a Microsoft Enterprise CA has can be used. While logged in as the user, launch the Certificates Console under the Current User context with:

Certmgr.msc

Proceed to request a new certificate under the Personal > Certificates store:

Select Active Directory Enrollment Policy:

Select the User template:

As the User template does not require information to be supplied because it requests the template with the logged in user’s identity, a certificate will be issued:

Step #3 – Install and Configure Windows VPN Client

With the appropriate certificate requested, we can now install and configure the VPN client by navigating into the appropriate folder based on the operating system. For this example, the OS is Windows 10 so the VPNClientSetupAmd64.exe executable in the folder WindowsAmd64 will be ran:

***Note that the installation doesn’t really present anything on the screen as it just flashes for a bit (I hope this will change in the future).

With the VPN installation completed, proceed to launch the VPN settings:

Note that there will be a new VPN connection configured (in this case it is vnet-prod-eastus):

The following are the advanced settings of the VPN connection. Note that the Type of sign-in info is specified as Certificate:

The following are the settings that can be edited:

Proceeding to connect to Azure will display the following message:

Note that one of the most complained about topic for the Azure Point-to-Site VPN is that it requires the user connecting to Azure be an administrator because routes need to be injected into the routing table by using the CMROUTE.DLL file to copy them into a routes.txt file and this operation requires elevated permissions:

The problem with this approach is that it is executed under the context of the current user, and a standard user does not have the permissions to make changes to routes. There are plenty of workarounds available on the internet for this so I will not include them here.

More information can be found here:

What are the client configuration requirements?
https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about#what-are-the-client-configuration-requirements

The connection will proceed once the routes have been copied:

Notice that the VPN connect is now labeled as Connected:

An IP address will also be assigned under the PPP adapter:

Reviewing the Allocated IP Addresses will display the IP address assigned to the VPN client:

Note that if the following message is displayed in the Connection Status when attempting to connect then it is because a valid certificate for authentication is not available:

A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)

Also, there are cases when administrators would like to generate the certificate for the user under their own login and if this is desired, simply duplicate the User certificate template and modify the properties of it from:

Problem

You’re attempting to publish / load balance your on-premise Exchange 2019 servers behind a Citrix ADC / NetScaler but notice that the health monitors created to check the health of the services (e.g. https://172.16.1.81/owa/healthcheck.htm) fail with the following error:

Failure - Time out during SSL handshake stage

The rest of the monitors are all reporting the same error:

Further troubleshooting reveals that this is due to the fact that the following server hardening registry keys are added to the Exchange 2019 servers:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

AllowInsecureRenegoClients
REG_DWORD
0

AllowInsecureRenegoServers
REG_DWORD
0

Removing these entries one of the Exchange servers will correct the error allowing the probe to report that the server is up (note that it is partial because the other server still has the registry key):

Various forum discussions on Citrix points adjusting Deny SSL Renegotiation but none of the configuration settings corrected the issue for the environment I worked with:

https://discussions.citrix.com/topic/388325-netscaler-12-rfc-5746-on-backend-bug-limitation/#comment-1975755

https://discussions.citrix.com/topic/401441-basic-load-balancing-for-owa-exchange-2019/page/3/

Solution

After performing extensive troubleshooting but not able to come to a resolution, I decided to upgrade the Citrix ADC / NetScaler from NS13.0 52.24.nc to the latest build available at the time, which was NS13.0 67.39.nc:

NS13.0 52.24.nc

NS13.0 67.39.nc

This ended up resolving the issue with the services being correctly determined as UP:

Hope this helps anyone who might be facing this same issue as there isn’t much material available and the available solutions did not work for me.

One of the questions I’ve been frequently ask over the last few months is how to edit the name of a guest who is being invited into a Microsoft Teams Team as a member and as easy as it is if you know how to do it, the method can be easily missed for those who do not know so this post serves to demonstrate it.

***Note that feature for editing the name of the guest is only available if the guest has not already been invited into the organization and therefore been saved in the guest directory. Instructions on how to edit and/or remove the guest account will be included after the demonstration of how to edit a new guest member.

Edit a Microsoft Teams Guest Name Upon First Invite

Begin by clicking on the ellipsis beside the team and select Manageteam option:

Click on the Add member for the team that the guest will be invited to:

Type in the guest’s full email address into the search field and then select the Add <guestEmailAddress> as a guest option:

With the guest email address added, click on the little pencil beside the account:

The name of the guest will be displayed:

Edit the name as required and click on the checkmark button:

Proceed to add the edited guest by clicking on the Add button:

Add any required additional guests and then click on the Close button:

The guest will now be added to the team with the edited name:

Edit guest information after they have been added to the directory

Editing guest information after they have been invited to a team and thus added to the directory can be done as described in the following Microsoft documentation:

Edit guest user information
https://docs.microsoft.com/en-us/microsoftteams/edit-guests-information

Allowing guest name to be edited after they have been added to the directory

There is no easy way to allow users to edit a guest’s name if that guest has already been added to the directory because the option to modify the name will not be available. Below is an attempt to add an email address that has already been added to the directory:

Notice how the pencil icon is no longer available since it exists in the directory and existing guest account was referenced:

The only way around this is to go into the Guest users directory and delete the user but this would affect any Teams or applications that this guest account is used:

Problem

You have an Exchange Server 2016 CU18 (Version 15.1 Build 2106.2)‎ environment and noticed that when users attempt to install an add-in with the Add from the Office Store feature, it fails with the error:

Due to the level of permissions required, your administrator has not allowed you to install this app.

Attempting to repeat the same procedure through the Exchange Server 2016 ECP’s Organization > add-ins fails with the error:

The app couldn’t be downloaded.

Reviewing the available documentation from Microsoft does not suggest what may be the issue:

Add-in access and installation
https://docs.microsoft.com/en-us/exchange/add-ins-for-outlook-2013-help#add-in-access-and-installation

Specify the administrators and users who can install and manage add-ins for Outlook in Exchange 2013
https://docs.microsoft.com/en-us/exchange/specify-who-can-install-and-manage-add-ins-2013-help

Manage role groups
https://docs.microsoft.com/en-us/exchange/manage-role-groups-exchange-2013-help

Solution

While the documentation wasn’t of much help for a resolution, the following forum discussion where a member presented 4 registry keys to implement did:

https://social.technet.microsoft.com/Forums/en-US/089ec657-bb58-4017-a62b-54a6151657a0/cant-add-office-store-addins-to-exchange-2016-onprem?forum=Exch2016GD

Hey guys,

I had a problem installing any app from the office store as well. In my case my Exchange 2016 was configured to still talk TLS 1.0 instead of TLS 1.2 though TLS 1.2 was already enabled (but not set to default). Obviously Microsoft does no longer accept TLS 1.0.

Therefore I changed some configuration in the registry of my Exchange Nodes by adding some DWORDS. That did the trick.

WinHTTP

WinHTTP provides a high-level server interface to the HTTP/1.1 Internet Protocol that applications and services running on Windows Server can use when establishing secure encrypted HTTPS sessions. Exchange uses it extensively. To ensure that WinHTTP is using TLS 1.2 make sure the following Registry keys are set:

1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
“DefaultSecureProtocols”:dword:00000a80

2. HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
“DefaultSecureProtocols”:dword:00000a80

.NET Framework

The .NET Framework is a core set of code libraries and runtimes that are used by many Windows Server-based services and Applications, including Exchange Server. It’s essential to ensure that the .NET Framework is using TLS 1.2 to encrypt and secure the many API points it provides and uses to communicate. To do this makes sure the following registry keys are set:

1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
“SystemDefaultTlsVersions”=dword:00000001

2. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319
“SystemDefaultTlsVersions”=dword:00000001

With the above registry keys in place, adding the add-in as the user continued to display the error:

Due to the level of permissions required, your administrator has not allowed you to install this app.

However, adding the add-in via the Exchange Server 2016 ECP was successful:

With the add-in added to the organization, users can now choose to install them from the list:

Problem

You’ve successfully completed configuring Freshservice with your on-premise ADFS so users can use their Active Directory credentials to log into the portal as per the following documentation:

Configuring ADFS for Freshservice with SAML 2.0
https://support.freshservice.com/support/solutions/articles/226938-configuring-adfs-for-freshservice-with-saml-2-0

However, upon successfully entering Active Directory credentials to the AD FS login page, the redirect back to the Freshservice portal fails with:

Login was unsuccessful! - Validation Failed : ["The status code of the Response was not Success, was Requester => InvalidNameIDPolicy"]

Reviewing the event logs of the AD FS server reveals the following event ID 364 logged:

Encountered error during federation passive request.

Additional Data

Protocol Name:

Saml

Relying Party:

https://helpdesk.contoso.com

Exception details:

Microsoft.IdentityServer.Protocols.Saml.InvalidNameIdPolicyException: MSIS7070: The SAML request contained a NameIDPolicy that was not satisfied by the issued token. Requested NameIDPolicy: AllowCreate: True Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress SPNameQualifier: . Actual NameID properties: null.

at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Issue(HttpSamlRequestMessage httpSamlRequestMessage, SecurityTokenElement onBehalfOf, String sessionState, String relayState, String& newSamlSession, String& samlpAuthenticationProvider, Boolean isUrlTranslationNeeded, WrappedHttpListenerContext context, Boolean isKmsiRequested)

at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.RequestBearerToken(WrappedHttpListenerContext context, HttpSamlRequestMessage httpSamlRequest, SecurityTokenElement onBehalfOf, String relyingPartyIdentifier, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired, String& samlpSessionState, String& samlpAuthenticationProvider)

at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSerializedToken(HttpSamlRequestMessage httpSamlRequest, WrappedHttpListenerContext context, String relyingPartyIdentifier, SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired)

at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)

at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Process(ProtocolContext context)

at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)

at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

An event ID 321 is also logged:

The SAML authentication request had a NameID Policy that could not be satisfied.

Requestor: https://helpdesk.contoso.com

Name identifier format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

SPNameQualifier:

Exception details:

MSIS7070: The SAML request contained a NameIDPolicy that was not satisfied by the issued token. Requested NameIDPolicy: AllowCreate: True Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress SPNameQualifier: . Actual NameID properties: null.

This request failed.

User Action

Use the AD FS Management snap-in to configure the configuration that emits the required name identifier.

Solution

A ticket was opened with Freshservice but the support engineer was unable to resolve the issue so I reviewed the configuration and paid attention to the Issuance Transform Rules:

Then read some of the documentation provided by Freshservice, which pointed to the fact that the user’s email address will act as the user name in Freshservice:

https://support.freshservice.com/support/solutions/articles/193635-single-sign-on-for-freshservice-using-saml

The client for this environment originally had their Office 365 deployed without AD Connect and therefore user accounts in Active Directory did not have the E-mail attribute populated:

This ended up being the reason why the error message was thrown as a blank e-mail address was being passed to Freshservice. Populating the user’s E-mail attribute corrected the issue.

In addition to the issue above, some accounts began displaying the following error message after their E-mail attribute was populated:

If you get a Login Unsuccessful

This ended up being caused by an contact that already existed in Freshservice and could be remediated by navigating to User Management > Contacts and deleting the object:

One of the most common questions I am asked by colleagues and clients is in regards to how they can publish Exchange Servers behind a Citrix ADC / NetScaler to provide load balancing for all services such as OWA, ActiveSync, RPC, EWS, AutoDiscover, MAPI, and ECP BUT NOT SMTP. I would like to further emphasize that SMTP (mail traffic) is excluded for this because I never liked suggesting load balancers to be used for this service and the reason is that the true originating IP of the traffic will be masked by the Citrix ADC / Netscaler. This effectively means that if you won’t be able to restrict IPs allowed for relaying via the Exchange receive connectors or troubleshoot an issue for a relaying client. An workaround for this solution could be to use a DSR (Direct Server Reply) configuration but limitations such as having the Exchange server and Citrix ADC on the same subnet is likely not something that will be possible for more environments. Lastly, a misconfiguration of the Citrix ADC / NetScaler (lack of filtering based on source IP address) could potentially create a open relay on the Exchange server because from the Exchange server perspective, it would relay any SMTP traffic sent by the Citrix ADC / NetScaler.

With the above said, this blog post will serve to provide the CLI commands to configure the Citrix ADC / NetScaler with the appropriate server objects, monitors, service groups, load balancing virtual server, and content switching server. Note that it is possible to not use a content switching server and simply use a load balancing virtual server to publish Exchange servers but you would not be able to independently redirect requests to specific services to another server if those a service is not available. An example to this is if ExchangeServer1 just has /owa unavailable, the content switching server will redirect requests to ExchangeServer2 but will continue to send /ews to ExchangeServer1 if it is available. Using just a load balancing server will deem ExchangeServer1 as down and redirect all traffic to another server.

The version of Exchange Server 2019 and Citrix ADC / NetScaler used for this post are as follows:

Exchange Server 2019: Version 15.2 ‎(Build 721.2)‎

Citrix ADC / NetScaler: NS13.0 67.39.nc

Note that certain version of Citrix ADC / NetScaler appear to exhibit issues with monitoring Exchange services as outlined one of my previous posts:

Citrix ADC / NetScaler monitors for Exchange 2019 fails with: "Failure - Time out during SSL handshake stage"
http://terenceluk.blogspot.com/2020/12/citrix-adc-netscaler-monitors-for.html

Prerequisites

• One private IP addresses allocated for the VIP of the Content Switching server
• Imported SSL certificate to secure traffic
• Firewall rule that allows the Citrix NSIP to the Exchange servers on port 443
• Firewall rule that allows internet traffic via the firewall to the VIP of the Content Switching server on port 443 and 80

Step #1 – Enable Features

Enable the features below by executing the following command: enable ns feature CS,RESPONDER,LB,SSL

• Content Switching
• Responder
• Load Balancing
• SSL

Step #2 – Import SSL Certificate

Either import the SSL certificate currently used on the Exchange servers to secure 443 traffic:

Importing PFX certificate from Microsoft Windows Server into Citrix NetScaler VPX
http://terenceluk.blogspot.com/2016/05/importing-pfx-certificate-from.html

Or request a new one if this is a greenfield deployment. We will need to assign the SSL certificate to the load balancing virtual server and the content switching server.

Make sure the issuing Root and Intermediate certificate chain is imported and linked as well.

Step #3 – Create the Server Objects

Create the server objects with the following command and replace the name and IP as it reflects your environment:

add server ExchServer1.contoso.com 172.16.1.81

add server ExchServer2.contoso.com 172.16.1.82

Step #4 – Create Exchange Service Monitors

The monitors we’ll be creating for are as follows:

1. OWA
2. ActiveSync
3. RPC
4. EWS
5. AutoDiscover
6. OAB
7. MAPI
8. ECP

Execute the following CLI commands to create the monitors:

add lb monitor mon_exch_owa HTTP-ECV -send "GET /owa/healthcheck.htm" -recv 200 -LRTM DISABLED -destPort 443 -secure YES

add lb monitor mon_exch_activesync HTTP-ECV -send "GET /Microsoft-Server-ActiveSync/healthcheck.htm" -recv 200 -LRTM DISABLED -secure YES

add lb monitor mon_exch_rpc HTTP-ECV -send "GET /rpc/healthcheck.htm" -recv 200 -LRTM DISABLED -secure YES

add lb monitor mon_exch_ews HTTP-ECV -send "GET /ews/healthcheck.htm" -recv 200 -LRTM DISABLED -secure YES

add lb monitor mon_exch_autodiscover HTTP-ECV -send "GET /Autodiscover/healthcheck.htm" -recv 200 -LRTM DISABLED -secure YES

add lb monitor mon_exch_oab HTTP-ECV -send "GET /oab/healthcheck.htm" -recv 200 -LRTM DISABLED -secure YES

add lb monitor mon_exch_mapi HTTP-ECV -send "GET /mapi/healthcheck.htm" -recv 200 -LRTM DISABLED -secure YES

add lb monitor mon_exch_ecp HTTP-ECV -send "GET /ecp/healthcheck.htm" -recv 200 -LRTM DISABLED -secure YES

Step #5 – Create Service Groups and Bind Servers

We’ll need to create a service group for each of the services we created a monitor for with the following CLI commands:

add serviceGroup SVG_EX2019_owa SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO

add serviceGroup SVG_EX2019_activesync SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO

add serviceGroup SVG_EX2019_rpc SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO

add serviceGroup SVG_EX2019_ews SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO

add serviceGroup SVG_EX2019_autodisover SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO

add serviceGroup SVG_EX2019_oab SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO

add serviceGroup SVG_EX2019_mapi SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO

add serviceGroup SVG_EX2019_ecp SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO

With the service groups created, proceed to bind the Exchange servers and the monitors into them with the following CLI command:

bind serviceGroup SVG_EX2019_owa ExchServer1.contoso.com 443

bind serviceGroup SVG_EX2019_owa ExchServer2.contoso.com 443

bind serviceGroup SVG_EX2019_owa -monitorName mon_exch_owa

bind serviceGroup SVG_EX2019_activesync ExchServer2.contoso.com 443

bind serviceGroup SVG_EX2019_activesync ExchServer1.contoso.com 443

bind serviceGroup SVG_EX2019_activesync -monitorName mon_exch_activesync

bind serviceGroup SVG_EX2019_rpc ExchServer2.contoso.com 443

bind serviceGroup SVG_EX2019_rpc ExchServer1.contoso.com 443

bind serviceGroup SVG_EX2019_rpc -monitorName mon_exch_rpc

bind serviceGroup SVG_EX2019_ews ExchServer2.contoso.com 443

bind serviceGroup SVG_EX2019_ews ExchServer1.contoso.com 443

bind serviceGroup SVG_EX2019_ews -monitorName mon_exch_ews

bind serviceGroup SVG_EX2019_autodisover ExchServer2.contoso.com 443

bind serviceGroup SVG_EX2019_autodisover ExchServer1.contoso.com 443

bind serviceGroup SVG_EX2019_autodisover -monitorName mon_exch_autodiscover

bind serviceGroup SVG_EX2019_oab ExchServer2.contoso.com 443

bind serviceGroup SVG_EX2019_oab ExchServer1.contoso.com 443

bind serviceGroup SVG_EX2019_oab -monitorName mon_exch_oab

bind serviceGroup SVG_EX2019_mapi ExchServer2.contoso.com 443

bind serviceGroup SVG_EX2019_mapi ExchServer1.contoso.com 443

bind serviceGroup SVG_EX2019_mapi -monitorName mon_exch_mapi

bind serviceGroup SVG_EX2019_ecp ExchServer2.contoso.com 443

bind serviceGroup SVG_EX2019_ecp ExchServer1.contoso.com 443

bind serviceGroup SVG_EX2019_ecp -monitorName mon_exch_ecp

Step #6 – Create Load Balancing Virtual Server, Bind Service Groups and Bind SSL Certificate

A Load Balancing Virtual Server object with an IP Address Type configured as Non Addressable is required to be created for each service:

Proceed to create these load balancing virtual servers with the following CLI commands:

add lb vserver mail.contoso.com_owa-LBVS SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180

add lb vserver mail.contoso.com_activesync-LBVS SSL 0.0.0.0 0 -persistenceType SRCIPDESTIP -cltTimeout 180

add lb vserver mail.contoso.com_rpc-LBVS SSL 0.0.0.0 0 -persistenceType SOURCEIP -timeout 30 -cltTimeout 180

add lb vserver mail.contoso.com_ews-LBVS SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180

add lb vserver mail.contoso.com_autodiscover-LBVS SSL 0.0.0.0 0 -persistenceType SOURCEIP -timeout 30 -cltTimeout 180

add lb vserver mail.contoso.com_oab-LBVS SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180

add lb vserver mail.contoso.com_mapi-LBVS SSL 0.0.0.0 0 -persistenceType SOURCEIP -timeout 30 -cltTimeout 180

add lb vserver mail.contoso.com_ecp-LBVS SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180

With the load balancing virtual servers created, proceed to bind the service groups containing the Exchange Servers to them:

bind lb vserver mail.contoso.com_owa-LBVS SVG_EX2019_owa

bind lb vserver mail.contoso.com_activesync-LBVS SVG_EX2019_activesync

bind lb vserver mail.contoso.com_rpc-LBVS SVG_EX2019_rpc

bind lb vserver mail.contoso.com_ews-LBVS SVG_EX2019_ews

bind lb vserver mail.contoso.com_autodiscover-LBVS SVG_EX2019_autodisover

bind lb vserver mail.contoso.com_oab-LBVS SVG_EX2019_oab

bind lb vserver mail.contoso.com_mapi-LBVS SVG_EX2019_mapi

bind lb vserver mail.contoso.com_ecp-LBVS SVG_EX2019_ecp

Lastly, bind the imported SSL certificate (Step #2) to the load balancing virtual server with the following commands:

bind ssl vserver mail.contoso.com_owa-LBVS -certkeyName wildcard-contoso-exp-mar-2021

bind ssl vserver mail.contoso.com_activesync-LBVS -certkeyName wildcard-contoso-exp-mar-2021

bind ssl vserver mail.contoso.com_rpc-LBVS -certkeyName wildcard-contoso-exp-mar-2021

bind ssl vserver mail.contoso.com_ews-LBVS -certkeyName wildcard-contoso-exp-mar-2021

bind ssl vserver mail.contoso.com_autodiscover-LBVS -certkeyName wildcard-contoso-exp-mar-2021

bind ssl vserver mail.contoso.com_oab-LBVS -certkeyName wildcard-contoso-exp-mar-2021

bind ssl vserver mail.contoso.com_mapi-LBVS -certkeyName wildcard-contoso-exp-mar-2021

bind ssl vserver mail.contoso.com_ecp-LBVS -certkeyName wildcard-contoso-exp-mar-2021

Step #7 – Create a Content Switching Server, Bind SSL Certificate, Create the Content Switching Policies, Bind the Policies to the Content Switching Server

With all the dependent components created and configured, proceed to create the content switching server, which will have the pre-allocated VIP assigned and configured to direct requests to the Exchange services to a server that has a healthy status:

add cs vserver mail.contoso.com_http-CS HTTP 172.16.5.62 80 -cltTimeout 180 -persistenceType NONE

add cs vserver mail.contoso.com_ssl-CS SSL 172.16.5.62 443 -cltTimeout 180 -persistenceType NONE

Bind the same SSL certificate used for the load balancing virtual server to the SSL content switching server:

bind ssl vserver mail.contoso.com_ssl-CS -certkeyName wildcard-contoso-exp-mar-2021

Create the content switching policies that represent each of the services being published by the load balancing virtual servers:

add cs action cs_act_exch2019_owa -targetLBVserver mail.contoso.com_owa-LBVS

add cs action cs_act_exch2019_ews -targetLBVserver mail.contoso.com_ews-LBVS

add cs action cs_act_exch2019_autodiscover -targetLBVserver mail.contoso.com_autodiscover-LBVS

add cs action cs_act_exch2019_activesync -targetLBVserver mail.contoso.com_activesync-LBVS

add cs action cs_act_exch2019_oab -targetLBVserver mail.contoso.com_oab-LBVS

add cs action cs_act_exch2019_mapi -targetLBVserver mail.contoso.com_mapi-LBVS

add cs action cs_act_exch2019_rpc -targetLBVserver mail.contoso.com_rpc-LBVS

add cs action cs_act_exch2019_ecp -targetLBVserver mail.contoso.com_ecp-LBVS

add cs policy cs_pol_exch2019_owa -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/owa\")" -action cs_act_exch2019_owa

add cs policy cs_pol_exch2019_ews -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/ews\")" -action cs_act_exch2019_ews

add cs policy cs_pol_exch2019_autodiscover -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/autodiscover\")" -action cs_act_exch2019_autodiscover

add cs policy cs_pol_exch2019_activesync -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"Microsoft\")" -action cs_act_exch2019_activesync

add cs policy cs_pol_exch2019_oab -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/oab\")" -action cs_act_exch2019_oab

add cs policy cs_pol_exch2019_mapi -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/mapi\")" -action cs_act_exch2019_mapi

add cs policy cs_pol_exch2019_rpc -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/rpc\")" -action cs_act_exch2019_rpc

add cs policy cs_pol_exch2019_ecp -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/ecp\")" -action cs_act_exch2019_ecp

An additional OWA policy will also need to be added to address a but identified in the following KB:

OWA access via NetScaler is getting stuck at /cgi/selfauth?params= after authentication
https://support.citrix.com/article/CTX209060

add cs policy cs_pol_exch2019_cgi -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"/cgi\")" -action cs_act_exch2019_owa

The following policy will redirect requests going to the mail.contoso.com address to mail.contoso.com/owa:

add cs policy cs_pol_exch2019_owa_redirect -rule "HTTP.REQ.HOSTNAME.EQ(\"mail.contoso.com\")" -action cs_act_exch2019_owa

Lastly, proceed to bind the policies created above to the content switching server:

bind cs vserver mail.contoso.com_ssl-CS -policyName cs_pol_exch2019_owa -priority 110

bind cs vserver mail.contoso.com_ssl-CS -policyName cs_pol_exch2019_ews -priority 120

bind cs vserver mail.contoso.com_ssl-CS -policyName cs_pol_exch2019_autodiscover -priority 130

bind cs vserver mail.contoso.com_ssl-CS -policyName cs_pol_exch2019_activesync -priority 140

bind cs vserver mail.contoso.com_ssl-CS -policyName cs_pol_exch2019_oab -priority 150

bind cs vserver mail.contoso.com_ssl-CS -policyName cs_pol_exch2019_mapi -priority 160

bind cs vserver mail.contoso.com_ssl-CS -policyName cs_pol_exch2019_rpc -priority 170

bind cs vserver mail.contoso.com_ssl-CS -policyName cs_pol_exch2019_ecp -priority 180

bind cs vserver mail.contoso.com_ssl-CS -policyName cs_pol_exch2019_cgi -priority 190

bind cs vserver mail.contoso.com_ssl-CS -policyName cs_pol_exch2019_owa_redirect -priority 200

Step #8 – Create a Responder to redirect http to https

The final step for the configuration is to create a responder to redirect http to https so users typing in http://mail.contoso.com will automatically be redirected to https://mail.contoso.com:

add responder action redirect_http_https_act_owa redirect "\"https://\"+HTTP.REQ.HOSTNAME+\"/owa/\""

add responder policy redirect_http_https_pol_owa "HTTP.REQ.HOSTNAME.CONTAINS(\"mail.contoso.com\")" redirect_http_https_act_owa

bind cs vserver mail.contoso.com_http-CS -policyName redirect_http_https_pol_owa -priority 100 -gotoPriorityExpression END -type REQUEST

The above steps should configuring the required components for load balancing Exchange servers with the Citrix ADC NetScaler. I will include some screenshots of the configuration in case anyone wants to see the configuration in the GUI.

Screenshots

Load Balancing Virtual Servers:

Service Groups:

Content Switching Server:

One of the most common problems I find many of my clients and colleagues experience during there first deployment of WVD is that upon completing the configuration of the host pool, application group, and assignment of users, they receive the following message from the both the web client and the Windows desktop client:

It looks like your system administrator hasn’t set up any resources for username@contoso.com yet. Please choose a different account or try again. If you believe you have received this message in error, please contact your system administrator.

Many of the forum posts tend to point the user to ensure they are not using the older non-arm URL for arm deployments:

• https://rdweb.wvd.microsoft.com/arm/webclient (short URL: https://aka.ms/wvdarmweb)
• https://rdweb.wvd.microsoft.com/webclient/index.html (short URL: http://aka.ms/wvdweb)

However, what I’ve found to be the frequent cause is if the administrator either has not created a Workspace or added the Application Group into the Workspace:

Hope this helps anyone who might have missed this step.

This post is long overdue as I took the screenshots last summer in 2020 but never got around writing this post. As I just had to complete another WVD deployment this weekend, I took the time to validate that these notes are still valid so this post serves to demonstrate how to quickly deploy a simple WVD (Windows Virtual Desktop) pool for access:

Step #1 – Registering and Preparing Azure AD Tenant for WVD

If your tenant does not have WVD deployed, navigating to the Enterprise applications will not have any Windows Virtual Desktop applications registered:

Begin by obtaining the Tenant ID unique identifier by navigating to Azure Active Directory > Properties and copying the string under Tenant ID:

Then copy the subscription ID by navigating into Subscriptions and copying the Subscription ID:

Navigate to the URL https://rdweb.wvd.microsoft.com/, select Server App for Consent Option, paste in the tenant ID copied from the Azure portal and then click on Submit:

Log in with a Global Admin account for the tenant:

You will be asked to grant permissions to the organization:

You should receive a AAD Application has been successfully registered message:

Note that Windows Virtual Desktop AME is now present in the Enterprise applications:

Repeat the same procedure at https://rdweb.wvd.microsoft.com/ but select Client App for Consent Option, paste in the tenant ID copied from the Azure portal and then click on Submit:

Another prompt to grant permissions to the organization will be displayed:

You should receive a AAD Application has been successfully registered message:

An additional Windows Virtual Desktop Client will now be displayed in addition to Windows Virtual Desktop AME:

Confirm that the Microsoft.DesktopVirtualization provider is now listed as being Registered in Subscriptions > YourSubscription > Resource Providers:

Step #2 – Creating a new WVD Tenant

Proceed to create a new WVD tenant by launching PowerShell installation the following 2 modules:

1. Az
2. Microsoft.RDInfra.RDPowerShell

Then run the cmdlets providing the tenant ID and subscription ID copied earlier:

Import-Module -Name Az

Import-Module -Name Microsoft.RDInfra.RDPowerShell

$brokerurl = "https://rdbroker.wvd.microsoft.com"

$aadTenantId = "the tenant ID used in the previous steps"

$azureSubscriptionId = "the subscription for this deployment"

With the modules imported and variables defined, use the Add-RdsAccount cmdlet to add an authenticated account to use for Windows Virtual Desktop cmdlet requests. Upon completion, the context is automatically set to use the Default Tenant Group as the tenant group name. Execute the cmdlet with the variable:

Add-RdsAccount -DeploymentUrl $brokerurl

Then sign in with the account that will be used for the RDS Account:

The following output will be displayed upon completion:

The cmdlet above should place the authenticated account in Azure Active Directory > Enterprise applications > All applications > Windows Virtual Desktop Client > Users and groups but the Role assigned is Default Access:

Proceed to add the account to the grant the account permissions to the Windows Virtual Desktop AME Enterprise applications by navigating to Azure Active Directory > Enterprise applications > Windows Virtual Desktop AME:

Navigate to Users and Groups and then Add user/group:

Select the account and click on Assign:

The account should now be listed as a Tenant Creator:

Execute the following cmdlet to create a new WVD tenant:

New-RdsTenant -Name "WVDTenantNameOfYourChoice" -AadTenantId $aadTenantId -AzureSubscriptionId $azureSubscriptionId

**Note that it could take a bit of time before the permissions configured in the previous steps to take effect so if the cmdlet errors out then wait 5 to 10 minutes before trying again.

Proceed to add the Azure AD Global Admin and on-premise Active Directory Domain Admin accounts to the WVD RDS Owners Group with the following cmdlets:

New-RdsRoleAssignment -SignInName "username@AADdomain.onmicrosoft.com" -RoleDefinitionName "RDS Contributor" -TenantName "TenantNameFromAbove" -AadTenantId $aadTenantId

New-RdsRoleAssignment -SignInName "domainAdmin@domain.com" -RoleDefinitionName "RDS Contributor" -TenantName "TenantNameFromAbove" -AadTenantId $aadTenantId

For the purpose of this example, I will add my on-premise Active Directory account which is both a Global Admin and Domain Admin and a cloud account that is a Global Admin:

Step #3 – Create Windows Virtual Desktop and Remote Application Host Group

With the Azure AD Tenant configured, we can now proceed to create the host groups, which will host our virtual desktops and applications. This can be accomplished either via Azure portal (ensure that you are logged in with the account you used to create the tenant when the cmdlet Add-RdsAccount -DeploymentUrl $brokerurl was executed) or PowerShell. To create it in the Azure portal, simply navigate to Windows Virtual Desktop > Host pools > New to create a virtual desktop pool:

Or use the PowerShell cmdlet New-RdsHostPool (https://docs.microsoft.com/en-us/powershell/module/windowsvirtualdesktop/new-rdshostpool) to create the pool.

New-RdsHostPool -TenantName "Contoso WVD" -name "WVD-CONTOSO-VDI"

New-RdsHostPool -TenantName "Contoso WVD" -name "WVD-CONTOSO-VDI-APP"

As there are numerous parameters that need to be configured, I would suggest using the GUI if this is your first time creating a WVD deployment:

**Note that I will be creating a pool of desktops that are not statically assigned to a user

Fill in the required configuration changes for the environment:

We’ll register the desktop app group later:

Proceed with the deployment of the host pool:

When the deployment is complete. Clicking into the host pool will display the 2 virtual desktops created:

An Application Group will also be automatically created:

To grant users permissions to the WVD virtual desktops, navigate to Users, search for the user and either use the Individual assignments or Group assignments to grant permissions:

Proceed to create a Workspace by navigating to Workspaces > New:

Provide the configuration for the Workspace and then proceed to Application groups:

Add the Application Group containing the Host pool that was created:

With the above steps completed, you should now be able to access the published virtual desktop either via:

1. The Windows Virtual Desktop with the web client: https://rdweb.wvd.microsoft.com/arm/webclient (short URL: https://aka.ms/wvdarmweb)
2. The Windows Desktop client: https://docs.microsoft.com/en-us/azure/virtual-desktop/connect-windows-7-10#install-the-windows-desktop-client

Note that depending on the date documentation you find for the Windows Virtual Desktop with the web client, you may find the following non-arm URL that will not present the resource configured above: http://aka.ms/wvdweb (https://rdweb.wvd.microsoft.com/webclient/index.html)

The following is a screenshot of how the web client looks like:

The following is a screenshot of the Windows client:

The following is a screenshot of multiple sessions established on a Windows 10 desktop:

I will write another blog post demonstrating how to create a custom virtual desktop image with LOB (Line of Business) apps and other OS customizations in the future.

I recently had a client who a hybrid environment with mailboxes hosted on an on-premise Exchange 2019 server follow the Microsoft documentation:

Content Search
https://docs.microsoft.com/en-us/microsoft-365/compliance/content-search?view=o365-worldwide

… in an attempt to search content in a Teams Chat data but noticed that launching the Admin center then Security:

… then Search > Content Search:

… and attempting to search did not yield any results.

Administrators who have come across this issue in the past, may know that this is because Teams chat data for users are stored in their primary cloud-based mailbox, while users with on-premise mailboxes are not able to store Teams chat data in their non-cloud-based mailbox. The workaround solution for this issue is outlined in the following article where a request needs to be filled out and submitted to Microsoft Support to enable this:

Search for Teams chat data for on-premises users
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-cloud-based-mailboxes-for-on-premises-users?view=o365-worldwide

The process typically takes a few weeks before the changes are active while Microsoft creates a cloud-based storage area so that it can be used with eDiscovery tools to search for and export Teams chat data for on-premises users.

Having gone through this process before, I proceeded to create a ticket, had the support engineer escalate the case, then eventually received a call back a week later from the escalation engineer and was told that Microsoft had turned this feature on globally as of January 13, 2021, most likely because there have been so many requests. I was told that it may take a couple of weeks before the changes propagate through all the tenants but my guess is that by the time anyone finds this blog post, it would have been activated for them.

If you’re attempting to search Teams Chat data for a user with an on-premise Exchange mailbox, ensure that you have granted your account the following roles:

Security > Permissions

Grant the administrator account the following permissions:

• Organization Management
• Compliance Administrator
• eDiscovery Manager< if export is required (https://docs.microsoft.com/en-us/microsoft-365/compliance/assign-ediscovery-permissions?view=o365-worldwide)

Content search should return results once the above permissions are granted.

The following is an article outlining the keyword queries and search conditions that can be used for the search:

Keyword queries and search conditions for Content Search and eDiscovery
https://docs.microsoft.com/en-us/microsoft-365/compliance/keyword-queries-and-search-conditions?view=o365-worldwide

The following is the documentation for Content Search:

Content Search
https://docs.microsoft.com/en-us/microsoft-365/compliance/content-search?view=o365-worldwide

One of the more common questions I’ve been asked last year was how to search IM messages sent in Teams at a global level. The feature named Content Search is used to search IM messages in Teams and the following is a demonstration on how to use it.

Step #1 - Granting permissions for Content Search to search Teams Chat Data

Before you begin by granting the appropriate permissions to the account performing the Content Search by navigating to:

Security > Permissions

Grant the administrator account the following permissions:

• Organization Management
• Compliance Administrator
• eDiscovery Manager< if export is required (https://docs.microsoft.com/en-us/microsoft-365/compliance/assign-ediscovery-permissions?view=o365-worldwide)

Step #2 - Performing Content Search

1. Log into the Microsoft 365 admin console: https://admin.microsoft.com/

2. Click on the Security admin center:

3. Click on Search > Content search:

4. Create a new search by click on New search:

5. Add the appropriate criteria for the search:

The following is how you would configure the search to query the following:

Date: Between 2021-01-26 to 2021-01-27
Keywords: IM < this indicates that only IM messages will be returned
Specific locations: < this is configured for only a specific Teams user

More information on the keywords for queries can be found here:

Keyword queries and search conditions for Content Search and eDiscovery
https://docs.microsoft.com/en-us/microsoft-365/compliance/keyword-queries-and-search-conditions?view=o365-worldwide

6. Initiating search will return the results for the user:

The following is the documentation for Content Search:

Content Search
https://docs.microsoft.com/en-us/microsoft-365/compliance/content-search?view=o365-worldwide

I’ve received quite a few questions around enabling Windows Virtual Desktops for Teams media redirection over the past few months and thought I’d write a quick blog post about how to go about configuring it.

The following are links to the official Microsoft documentation for the configuration:

Teams for Virtualized Desktop Infrastructure
https://docs.microsoft.com/en-us/microsoftteams/teams-for-vdi

Use Microsoft Teams on Windows Virtual desktop
https://docs.microsoft.com/en-us/azure/virtual-desktop/teams-on-wvd

Review the documents above for the requirements.

A plain vanilla install of Teams on a WVD desktop will display the following limited configuration settings within the Devices setting:

Note that Microphone is not adjustable:

I won’t go into the technical details about how media direction works as many administrators landing on this blog post may have come across this when deploying VMware Horizon View or Citrix Virtual Desktops but the short description is to allow media to be routed directed out of the local device that is connecting to the virtual desktop and therefore avoiding media stream to be encrypted, sent to the virtual desktop, out through the host of the virtual desktop to the person who is being called, then back through the same inefficient path. Having the media sent out of the device with the audio and video device will yield much better performance.

**Note that the steps outlined below should be ran in order.

Step #1 – Configure registry on VDI to identity Teams is installed in a VDI environment

Add the following new registry key (it will not exist on the VDI) to allow the Teams installation to identify that it is being installed onto a VDI:

reg add "HKLM\SOFTWARE\Microsoft\Teams" /v IsWVDEnvironment /t REG_DWORD /d 1 /f

The key is created at the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Teams

The registry key is named: IsWVDEnvironment and is a REG_DWORD

If this step is missed then you’ll receive the following error when attempting to install Teams in step #2.

Installation has failed
Cannot install for all users when a VDI environment is not detected.

Step #2 – Deploy Microsoft Teams onto the WVD

Download and install the latest Remote Desktop WebRTC Redirector Service onto the WVD: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4AQBt

The following service should be installed and running after the install:

Remote Desktop Services WebRTC Redirector

The following component will be listed in Programs and Features:

Step #3 – Deploy Microsoft Teams onto the WVD

Begin by downloading the Teams MSI package that will be used to install the application onto the WVD:

Download the Teams MSI package:

https://teams.microsoft.com/downloads/desktopurl?env=production&plat=windows&arch=x64&managedInstaller=true&download=true

Use the following command to install Teams as a Per-machine installation:

msiexec /i c:\Teams_windows_x64.msi /l*v c:\Teams.log ALLUSERS=1 ALLUSER=1

More information about the install and the switches used can be found in the following documentation:

Install Microsoft Teams
https://docs.microsoft.com/en-us/azure/virtual-desktop/teams-on-wvd#install-microsoft-teams

**Note that I’ve added the output of the logs after a successful installation to the end of this blog post.

A Teams shortcut icon should be placed onto the desktop and start menu:

Depending on how the host pool else has been configured, the following message would be displayed when navigating to:

About > Version

If audio redirection has not been configured on the host pool, the following message would be displayed:

You have Microsoft Teams Version 1.4.00.2781 (64-bit).

If audio redirection has been configured on the host pool, the following message would be displayed:

You have Microsoft Teams Version 1.4.00.2781 (64-bit). WVD Media Not Connected.

The following Teams Machine-Wide Installer should now be listed in Programs and Features:

Step #4 – Configure the WVD host with the media redirection

Proceed to configure the WVD host pool in the Azure portal with the following device redirection settings:

audiocapturemode:i:1;audiomode:i:0;camerastoredirect:s:*

More information about the settings can be found here:

Customize Remote Desktop Protocol (RDP) properties for a host pool
https://docs.microsoft.com/en-us/azure/virtual-desktop/customize-rdp-properties

The configuration string above will configure the Device redirection as such:

With the settings in place, proceed to restart the WVD, log in and you should now see the following banner navigating to About > Version:

You have Microsoft Teams Version 1.4.00.2781 (64-bit). WVD Media Optimized.

The device configuration should now display the devices available on the local endpoint used to connect to the WVD:

The following is the verbose log of a successful install of Teams:

=== Verbose logging started: 2/4/2021 20:37:26 Build type: SHIP UNICODE 5.00.10011.00 Calling process: C:\windows\system32\msiexec.exe ===

MSI (c) (80:F4) [20:37:26:886]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (80:F4) [20:37:26:886]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (80:40) [20:37:26:920]: Resetting cached policy values

MSI (c) (80:40) [20:37:26:920]: Machine policy value 'Debug' is 0

MSI (c) (80:40) [20:37:26:920]: ******* RunEngine:

******* Product: c:\Teams_windows_x64.msi

******* Action:

******* CommandLine: **********

MSI (c) (80:40) [20:37:26:921]: Machine policy value 'DisableUserInstalls' is 0

MSI (c) (80:40) [20:37:26:926]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer 3: 2

MSI (c) (80:40) [20:37:26:926]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'c:\Teams_windows_x64.msi' against software restriction policy

MSI (c) (80:40) [20:37:26:926]: SOFTWARE RESTRICTION POLICY: c:\Teams_windows_x64.msi has a digital signature

MSI (c) (80:40) [20:37:27:865]: SOFTWARE RESTRICTION POLICY: c:\Teams_windows_x64.msi is permitted to run at the 'unrestricted' authorization level.

MSI (c) (80:40) [20:37:27:869]: Cloaking enabled.

MSI (c) (80:40) [20:37:27:869]: Attempting to enable all disabled privileges before calling Install on Server

MSI (c) (80:40) [20:37:27:870]: End dialog not enabled

MSI (c) (80:40) [20:37:27:870]: Original package ==> c:\Teams_windows_x64.msi

MSI (c) (80:40) [20:37:27:870]: Package we're running from ==> c:\Teams_windows_x64.msi

MSI (c) (80:40) [20:37:27:871]: APPCOMPAT: Compatibility mode property overrides found.

MSI (c) (80:40) [20:37:27:871]: APPCOMPAT: looking for appcompat database entry with ProductCode '{731F6BAA-A986-45A4-8936-7C3AAAAA760B}'.

MSI (c) (80:40) [20:37:27:871]: APPCOMPAT: no matching ProductCode found in database.

MSI (c) (80:40) [20:37:27:879]: MSCOREE not loaded loading copy from system32

MSI (c) (80:40) [20:37:27:881]: Machine policy value 'TransformsSecure' is 1

MSI (c) (80:40) [20:37:27:882]: Machine policy value 'DisablePatch' is 0

MSI (c) (80:40) [20:37:27:882]: Machine policy value 'AllowLockdownPatch' is 0

MSI (c) (80:40) [20:37:27:882]: Machine policy value 'DisableLUAPatching' is 0

MSI (c) (80:40) [20:37:27:882]: Machine policy value 'DisableFlyWeightPatching' is 0

MSI (c) (80:40) [20:37:27:882]: APPCOMPAT: looking for appcompat database entry with ProductCode '{731F6BAA-A986-45A4-8936-7C3AAAAA760B}'.

MSI (c) (80:40) [20:37:27:882]: APPCOMPAT: no matching ProductCode found in database.

MSI (c) (80:40) [20:37:27:882]: Transforms are not secure.

MSI (c) (80:40) [20:37:27:882]: Note: 1: 2205 2: 3: Control

MSI (c) (80:40) [20:37:27:882]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'c:\Teams.log'.

MSI (c) (80:40) [20:37:27:882]: Command Line: ALLUSERS=1 ALLUSER=1 CURRENTDIRECTORY=C:\windows\system32 CLIENTUILEVEL=0 CLIENTPROCESSID=640

MSI (c) (80:40) [20:37:27:882]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{D13493A3-8362-4830-B7EB-F2BB8D0A7FB8}'.

MSI (c) (80:40) [20:37:27:882]: Product Code passed to Engine.Initialize: ''

MSI (c) (80:40) [20:37:27:882]: Product Code from property table before transforms: '{731F6BAA-A986-45A4-8936-7C3AAAAA760B}'

MSI (c) (80:40) [20:37:27:882]: Product Code from property table after transforms: '{731F6BAA-A986-45A4-8936-7C3AAAAA760B}'

MSI (c) (80:40) [20:37:27:882]: Product not registered: beginning first-time install

MSI (c) (80:40) [20:37:27:882]: PROPERTY CHANGE: Adding ALLUSERS property. Its value is '1'.

MSI (c) (80:40) [20:37:27:883]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.

MSI (c) (80:40) [20:37:27:883]: Entering CMsiConfigurationManager::SetLastUsedSource.

MSI (c) (80:40) [20:37:27:883]: User policy value 'SearchOrder' is 'nmu'

MSI (c) (80:40) [20:37:27:883]: Adding new sources is allowed.

MSI (c) (80:40) [20:37:27:883]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.

MSI (c) (80:40) [20:37:27:883]: Package name extracted from package path: 'Teams_windows_x64.msi'

MSI (c) (80:40) [20:37:27:883]: Package to be registered: 'Teams_windows_x64.msi'

MSI (c) (80:40) [20:37:27:883]: Note: 1: 2205 2: 3: Error

MSI (c) (80:40) [20:37:27:883]: Note: 1: 2262 2: AdminProperties 3: -2147287038

MSI (c) (80:40) [20:37:27:883]: Machine policy value 'DisableMsi' is 1

MSI (c) (80:40) [20:37:27:883]: Machine policy value 'AlwaysInstallElevated' is 0

MSI (c) (80:40) [20:37:27:883]: User policy value 'AlwaysInstallElevated' is 0

MSI (c) (80:40) [20:37:27:883]: Product installation will be elevated because user is admin and product is being installed per-machine.

MSI (c) (80:40) [20:37:27:883]: Running product '{731F6BAA-A986-45A4-8936-7C3AAAAA760B}' with elevated privileges: Product is assigned.

MSI (c) (80:40) [20:37:27:883]: PROPERTY CHANGE: Modifying ALLUSER property. Its current value is '0'. Its new value: '1'.

MSI (c) (80:40) [20:37:27:883]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\windows\system32'.

MSI (c) (80:40) [20:37:27:883]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '0'.

MSI (c) (80:40) [20:37:27:883]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '640'.

MSI (c) (80:40) [20:37:27:884]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Its value is '1'.

MSI (c) (80:40) [20:37:27:884]: TRANSFORMS property is now:

MSI (c) (80:40) [20:37:27:884]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.

MSI (c) (80:40) [20:37:27:884]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming

MSI (c) (80:40) [20:37:27:884]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\Favorites

MSI (c) (80:40) [20:37:27:884]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Network Shortcuts

MSI (c) (80:40) [20:37:27:885]: SHELL32::SHGetFolderPath returned: \\BTAFS01\BTA-Users$\tluk\Documents

MSI (c) (80:40) [20:37:27:885]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

MSI (c) (80:40) [20:37:27:885]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Recent

MSI (c) (80:40) [20:37:27:885]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\SendTo

MSI (c) (80:40) [20:37:27:885]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Templates

MSI (c) (80:40) [20:37:27:886]: SHELL32::SHGetFolderPath returned: C:\ProgramData

MSI (c) (80:40) [20:37:27:886]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Local

MSI (c) (80:40) [20:37:27:886]: SHELL32::SHGetFolderPath returned: \\BTAFS01\BTA-Users$\tluk\Pictures

MSI (c) (80:40) [20:37:27:887]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools

MSI (c) (80:40) [20:37:27:887]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

MSI (c) (80:40) [20:37:27:887]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs

MSI (c) (80:40) [20:37:27:887]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu

MSI (c) (80:40) [20:37:27:887]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop

MSI (c) (80:40) [20:37:27:887]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

MSI (c) (80:40) [20:37:27:888]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

MSI (c) (80:40) [20:37:27:888]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

MSI (c) (80:40) [20:37:27:888]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Start Menu

MSI (c) (80:40) [20:37:27:888]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\Desktop

MSI (c) (80:40) [20:37:27:889]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates

MSI (c) (80:40) [20:37:27:889]: SHELL32::SHGetFolderPath returned: C:\windows\Fonts

MSI (c) (80:40) [20:37:27:890]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16

MSI (c) (80:40) [20:37:27:894]: MSI_LUA: Setting AdminUser property to 1 because this is the client or the user has already permitted elevation

MSI (c) (80:40) [20:37:27:894]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.

MSI (c) (80:40) [20:37:27:894]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.

MSI (c) (80:40) [20:37:27:894]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.

MSI (c) (80:40) [20:37:27:894]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2

MSI (c) (80:40) [20:37:27:895]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2

MSI (c) (80:40) [20:37:27:895]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'c:\Teams_windows_x64.msi'.

MSI (c) (80:40) [20:37:27:895]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'c:\Teams_windows_x64.msi'.

MSI (c) (80:40) [20:37:27:895]: Machine policy value 'MsiDisableEmbeddedUI' is 0

MSI (c) (80:40) [20:37:27:895]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'c:\'.

MSI (c) (80:40) [20:37:27:895]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'c:\'.

MSI (c) (80:F4) [20:37:27:895]: PROPERTY CHANGE: Adding VersionHandler property. Its value is '5.00'.

MSI (c) (80:F4) [20:37:27:896]: Note: 1: 2205 2: 3: ControlEvent

MSI (c) (80:F4) [20:37:27:896]: Note: 1: 2205 2: 3: ControlCondition

MSI (c) (80:F4) [20:37:27:896]: Note: 1: 2205 2: 3: EventMapping

MSI (c) (80:F4) [20:37:27:896]: Note: 1: 2205 2: 3: UIText

MSI (c) (80:F4) [20:37:27:896]: Note: 1: 2205 2: 3: TextStyle

MSI (c) (80:F4) [20:37:27:897]: Note: 1: 2205 2: 3: Dialog

=== Logging started: 2/4/2021 20:37:27 ===

MSI (c) (80:40) [20:37:27:898]: Note: 1: 2205 2: 3: PatchPackage

MSI (c) (80:40) [20:37:27:898]: Machine policy value 'DisableRollback' is 0

MSI (c) (80:40) [20:37:27:898]: User policy value 'DisableRollback' is 0

MSI (c) (80:40) [20:37:27:898]: PROPERTY CHANGE: Adding UILevel property. Its value is '5'.

MSI (c) (80:40) [20:37:27:900]: Note: 1: 2203 2: C:\windows\Installer\inprogressinstallinfo.ipi 3: -2147287038

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying VersionNT property. Its current value is '603'. Its new value: '601'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying VersionNT64 property. Its current value is '603'. Its new value: '601'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '0'. Its new value: '14'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '14'. Its new value: '13'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '13'. Its new value: '12'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '12'. Its new value: '11'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '11'. Its new value: '10'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '10'. Its new value: '9'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '9'. Its new value: '8'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '8'. Its new value: '7'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '7'. Its new value: '6'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '6'. Its new value: '5'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '5'. Its new value: '4'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '4'. Its new value: '3'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '3'. Its new value: '2'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '2'. Its new value: '1'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '1'. Its new value: '0'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying VersionNT property. Its current value is '601'. Its new value: '600'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying VersionNT64 property. Its current value is '601'. Its new value: '600'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '0'. Its new value: '14'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '14'. Its new value: '13'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '13'. Its new value: '12'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '12'. Its new value: '11'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '11'. Its new value: '10'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '10'. Its new value: '9'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '9'. Its new value: '8'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '8'. Its new value: '7'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '7'. Its new value: '6'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '6'. Its new value: '5'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '5'. Its new value: '4'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '4'. Its new value: '3'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '3'. Its new value: '2'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '2'. Its new value: '1'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '1'. Its new value: '0'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying VersionNT property. Its current value is '600'. Its new value: '502'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying VersionNT64 property. Its current value is '600'. Its new value: '502'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '0'. Its new value: '14'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '14'. Its new value: '13'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '13'. Its new value: '12'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '12'. Its new value: '11'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '11'. Its new value: '10'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '10'. Its new value: '9'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '9'. Its new value: '8'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '8'. Its new value: '7'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '7'. Its new value: '6'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '6'. Its new value: '5'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '5'. Its new value: '4'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '4'. Its new value: '3'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '3'. Its new value: '2'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '2'. Its new value: '1'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '1'. Its new value: '0'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying VersionNT property. Its current value is '502'. Its new value: '501'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying VersionNT64 property. Its current value is '502'. Its new value: '501'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '0'. Its new value: '14'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '14'. Its new value: '13'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '13'. Its new value: '12'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '12'. Its new value: '11'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '11'. Its new value: '10'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '10'. Its new value: '9'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '9'. Its new value: '8'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '8'. Its new value: '7'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '7'. Its new value: '6'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '6'. Its new value: '5'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '5'. Its new value: '4'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '4'. Its new value: '3'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '3'. Its new value: '2'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '2'. Its new value: '1'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '1'. Its new value: '0'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying VersionNT property. Its current value is '501'. Its new value: '500'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying VersionNT64 property. Its current value is '501'. Its new value: '500'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '0'. Its new value: '14'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '14'. Its new value: '13'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '13'. Its new value: '12'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '12'. Its new value: '11'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '11'. Its new value: '10'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '10'. Its new value: '9'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '9'. Its new value: '8'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '8'. Its new value: '7'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '7'. Its new value: '6'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '6'. Its new value: '5'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '5'. Its new value: '4'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '4'. Its new value: '3'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '3'. Its new value: '2'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '2'. Its new value: '1'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '1'. Its new value: '0'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying VersionNT property. Its current value is '500'. Its new value: '400'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying VersionNT64 property. Its current value is '500'. Its new value: '400'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '0'. Its new value: '14'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '14'. Its new value: '13'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '13'. Its new value: '12'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '12'. Its new value: '11'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '11'. Its new value: '10'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '10'. Its new value: '9'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '9'. Its new value: '8'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '8'. Its new value: '7'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '7'. Its new value: '6'.

MSI (c) (80:40) [20:37:27:900]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '6'. Its new value: '5'.

MSI (c) (80:40) [20:37:27:901]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '5'. Its new value: '4'.

MSI (c) (80:40) [20:37:27:901]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '4'. Its new value: '3'.

MSI (c) (80:40) [20:37:27:901]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '3'. Its new value: '2'.

MSI (c) (80:40) [20:37:27:901]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '2'. Its new value: '1'.

MSI (c) (80:40) [20:37:27:901]: PROPERTY CHANGE: Modifying ServicePackLevel property. Its current value is '1'. Its new value: '0'.

MSI (c) (80:40) [20:37:27:901]: PROPERTY CHANGE: Modifying VersionNT property. Its current value is '400'. Its new value: '603'.

MSI (c) (80:40) [20:37:27:901]: PROPERTY CHANGE: Modifying VersionNT64 property. Its current value is '400'. Its new value: '603'.

MSI (c) (80:40) [20:37:27:902]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.

MSI (c) (80:40) [20:37:27:902]: Doing action: INSTALL

MSI (c) (80:40) [20:37:27:902]: Note: 1: 2205 2: 3: ActionText

Action 20:37:27: INSTALL.

Action start 20:37:27: INSTALL.

MSI (c) (80:40) [20:37:27:903]: UI Sequence table 'InstallUISequence' is present and populated.

MSI (c) (80:40) [20:37:27:903]: Running UISequence

MSI (c) (80:40) [20:37:27:903]: PROPERTY CHANGE: Adding EXECUTEACTION property. Its value is 'INSTALL'.

MSI (c) (80:40) [20:37:27:903]: Doing action: AppSearch

MSI (c) (80:40) [20:37:27:903]: Note: 1: 2205 2: 3: ActionText

Action 20:37:27: AppSearch. Searching for installed applications

Action start 20:37:27: AppSearch.

AppSearch: Property: ALLUSER, Signature: AllUserRegistryEntry

MSI (c) (80:40) [20:37:27:904]: Note: 1: 2262 2: Signature 3: -2147287038

MSI (c) (80:40) [20:37:27:904]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE32\SOFTWARE\Microsoft\Teams 3: 2

AppSearch: Property: NETFRAMEWORK45, Signature: NetFramework45

MSI (c) (80:40) [20:37:27:904]: Note: 1: 2262 2: Signature 3: -2147287038

MSI (c) (80:40) [20:37:27:904]: PROPERTY CHANGE: Adding NETFRAMEWORK45 property. Its value is '#528372'.

Action ended 20:37:27: AppSearch. Return value 1.

MSI (c) (80:40) [20:37:27:904]: Doing action: LaunchConditions

MSI (c) (80:40) [20:37:27:904]: Note: 1: 2205 2: 3: ActionText

Action 20:37:27: LaunchConditions. Evaluating launch conditions

Action start 20:37:27: LaunchConditions.

Action ended 20:37:27: LaunchConditions. Return value 1.

MSI (c) (80:40) [20:37:27:904]: Doing action: ValidateProductID

MSI (c) (80:40) [20:37:27:904]: Note: 1: 2205 2: 3: ActionText

Action 20:37:27: ValidateProductID.

Action start 20:37:27: ValidateProductID.

Action ended 20:37:27: ValidateProductID. Return value 1.

MSI (c) (80:40) [20:37:27:904]: Doing action: CostInitialize

MSI (c) (80:40) [20:37:27:904]: Note: 1: 2205 2: 3: ActionText

Action 20:37:27: CostInitialize. Computing space requirements

Action start 20:37:27: CostInitialize.

MSI (c) (80:40) [20:37:27:904]: Machine policy value 'MaxPatchCacheSize' is 10

MSI (c) (80:40) [20:37:27:906]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'c:\'.

MSI (c) (80:40) [20:37:27:906]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.

Action ended 20:37:27: CostInitialize. Return value 1.

MSI (c) (80:40) [20:37:27:907]: Doing action: FileCost

MSI (c) (80:40) [20:37:27:907]: Note: 1: 2205 2: 3: ActionText

Action 20:37:27: FileCost. Computing space requirements

Action start 20:37:27: FileCost.

MSI (c) (80:40) [20:37:27:908]: Note: 1: 2205 2: 3: MsiAssembly

MSI (c) (80:40) [20:37:27:908]: Note: 1: 2205 2: 3: Class

MSI (c) (80:40) [20:37:27:908]: Note: 1: 2205 2: 3: Extension

MSI (c) (80:40) [20:37:27:908]: Note: 1: 2205 2: 3: TypeLib

Action ended 20:37:27: FileCost. Return value 1.

MSI (c) (80:40) [20:37:27:908]: Doing action: CostFinalize

MSI (c) (80:40) [20:37:27:908]: Note: 1: 2205 2: 3: ActionText

Action 20:37:27: CostFinalize. Computing space requirements

Action start 20:37:27: CostFinalize.

MSI (c) (80:40) [20:37:27:909]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.

MSI (c) (80:40) [20:37:27:909]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.

MSI (c) (80:40) [20:37:27:909]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.

MSI (c) (80:40) [20:37:27:909]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.

MSI (c) (80:40) [20:37:27:909]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.

MSI (c) (80:40) [20:37:27:909]: Note: 1: 2205 2: 3: Patch

MSI (c) (80:40) [20:37:27:909]: Note: 1: 2205 2: 3: Condition

MSI (c) (80:40) [20:37:27:909]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'c:\'.

MSI (c) (80:40) [20:37:27:909]: PROPERTY CHANGE: Modifying WindowsFolder property. Its current value is 'C:\windows\'. Its new value: 'c:\windows\'.

MSI (c) (80:40) [20:37:27:909]: PROPERTY CHANGE: Modifying ProgramFilesFolder property. Its current value is 'C:\Program Files (x86)\'. Its new value: 'c:\Program Files (x86)\'.

MSI (c) (80:40) [20:37:27:909]: PROPERTY CHANGE: Adding APPLICATIONROOTDIRECTORY property. Its value is 'c:\Program Files (x86)\Teams Installer\'.

MSI (c) (80:40) [20:37:27:909]: Target path resolution complete. Dumping Directory table...

MSI (c) (80:40) [20:37:27:909]: Note: target paths subject to change (via custom actions or browsing)

MSI (c) (80:40) [20:37:27:909]: Dir (target): Key: TARGETDIR , Object: c:\

MSI (c) (80:40) [20:37:27:909]: Dir (target): Key: WindowsFolder , Object: c:\windows\

MSI (c) (80:40) [20:37:27:909]: Dir (target): Key: ProgramFilesFolder , Object: c:\Program Files (x86)\

MSI (c) (80:40) [20:37:27:909]: Dir (target): Key: APPLICATIONROOTDIRECTORY , Object: c:\Program Files (x86)\Teams Installer\

MSI (c) (80:40) [20:37:27:909]: PROPERTY CHANGE: Adding INSTALLLEVEL property. Its value is '1'.

MSI (c) (80:40) [20:37:27:909]: Note: 1: 2205 2: 3: MsiAssembly

MSI (c) (80:40) [20:37:27:909]: Note: 1: 2228 2: 3: MsiAssembly 4: SELECT `MsiAssembly`.`Attributes`, `MsiAssembly`.`File_Application`, `MsiAssembly`.`File_Manifest`, `Component`.`KeyPath` FROM `MsiAssembly`, `Component` WHERE `MsiAssembly`.`Component_` = `Component`.`Component` AND `MsiAssembly`.`Component_` = ?

Action ended 20:37:27: CostFinalize. Return value 1.

MSI (c) (80:40) [20:37:27:910]: Doing action: ExecuteAction

MSI (c) (80:40) [20:37:27:910]: Note: 1: 2205 2: 3: ActionText

Action 20:37:27: ExecuteAction.

Action start 20:37:27: ExecuteAction.

MSI (c) (80:40) [20:37:27:910]: PROPERTY CHANGE: Adding SECONDSEQUENCE property. Its value is '1'.

MSI (c) (80:40) [20:37:27:912]: Grabbed execution mutex.

MSI (c) (80:40) [20:37:27:912]: Incrementing counter to disable shutdown. Counter after increment: 0

MSI (c) (80:40) [20:37:27:912]: Switching to server: ALLUSER="1" NETFRAMEWORK45="#528372" APPLICATIONROOTDIRECTORY="c:\Program Files (x86)\Teams Installer\" TARGETDIR="c:\" ALLUSERS="1" CURRENTDIRECTORY="C:\windows\system32" CLIENTUILEVEL="0" CLIENTPROCESSID="640" ACTION="INSTALL" SOURCEDIR="c:\" ROOTDRIVE="c:\" EXECUTEACTION="INSTALL" INSTALLLEVEL="1" SECONDSEQUENCE="1" ADDLOCAL=MainApplication

MSI (s) (3C:64) [20:37:27:918]: Running installation inside multi-package transaction c:\Teams_windows_x64.msi

MSI (s) (3C:64) [20:37:27:918]: Grabbed execution mutex.

MSI (s) (3C:A0) [20:37:27:920]: Resetting cached policy values

MSI (s) (3C:A0) [20:37:27:920]: Machine policy value 'Debug' is 0

MSI (s) (3C:A0) [20:37:27:920]: ******* RunEngine:

******* Product: c:\Teams_windows_x64.msi

******* Action: INSTALL

******* CommandLine: **********

MSI (s) (3C:A0) [20:37:27:920]: Machine policy value 'DisableUserInstalls' is 0

MSI (s) (3C:A0) [20:37:27:923]: Note: 1: 2203 2: C:\windows\Installer\inprogressinstallinfo.ipi 3: -2147287038

MSI (s) (3C:A0) [20:37:27:924]: Machine policy value 'LimitSystemRestoreCheckpointing' is 0

MSI (s) (3C:A0) [20:37:27:924]: Note: 1: 1715 2: Teams Machine-Wide Installer

MSI (s) (3C:A0) [20:37:27:924]: Note: 1: 2205 2: 3: Error

MSI (s) (3C:A0) [20:37:27:924]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1715

MSI (s) (3C:A0) [20:37:27:924]: Calling SRSetRestorePoint API. dwRestorePtType: 0, dwEventType: 102, llSequenceNumber: 0, szDescription: "Installed Teams Machine-Wide Installer".

MSI (s) (3C:A0) [20:37:27:924]: The System Restore service is disabled. Returned status: 1058. GetLastError() returned: 1058

MSI (s) (3C:A0) [20:37:27:925]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer 3: 2

MSI (s) (3C:A0) [20:37:27:926]: File will have security applied from OpCode.

MSI (s) (3C:A0) [20:37:28:018]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'c:\Teams_windows_x64.msi' against software restriction policy

MSI (s) (3C:A0) [20:37:28:018]: SOFTWARE RESTRICTION POLICY: c:\Teams_windows_x64.msi has a digital signature

MSI (s) (3C:A0) [20:37:28:919]: SOFTWARE RESTRICTION POLICY: c:\Teams_windows_x64.msi is permitted to run at the 'unrestricted' authorization level.

MSI (s) (3C:A0) [20:37:28:919]: MSCOREE not loaded loading copy from system32

MSI (s) (3C:A0) [20:37:28:921]: End dialog not enabled

MSI (s) (3C:A0) [20:37:28:921]: Original package ==> c:\Teams_windows_x64.msi

MSI (s) (3C:A0) [20:37:28:921]: Package we're running from ==> c:\windows\Installer\3d7bfc3d.msi

MSI (s) (3C:A0) [20:37:28:922]: APPCOMPAT: Compatibility mode property overrides found.

MSI (s) (3C:A0) [20:37:28:922]: APPCOMPAT: looking for appcompat database entry with ProductCode '{731F6BAA-A986-45A4-8936-7C3AAAAA760B}'.

MSI (s) (3C:A0) [20:37:28:922]: APPCOMPAT: no matching ProductCode found in database.

MSI (s) (3C:A0) [20:37:28:928]: Machine policy value 'TransformsSecure' is 1

MSI (s) (3C:A0) [20:37:28:928]: Machine policy value 'DisablePatch' is 0

MSI (s) (3C:A0) [20:37:28:928]: Machine policy value 'AllowLockdownPatch' is 0

MSI (s) (3C:A0) [20:37:28:928]: Machine policy value 'DisableLUAPatching' is 0

MSI (s) (3C:A0) [20:37:28:928]: Machine policy value 'DisableFlyWeightPatching' is 0

MSI (s) (3C:A0) [20:37:28:928]: APPCOMPAT: looking for appcompat database entry with ProductCode '{731F6BAA-A986-45A4-8936-7C3AAAAA760B}'.

MSI (s) (3C:A0) [20:37:28:928]: APPCOMPAT: no matching ProductCode found in database.

MSI (s) (3C:A0) [20:37:28:928]: Transforms are not secure.

MSI (s) (3C:A0) [20:37:28:928]: Note: 1: 2205 2: 3: Control

MSI (s) (3C:A0) [20:37:28:928]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'c:\Teams.log'.

MSI (s) (3C:A0) [20:37:28:928]: Command Line: ALLUSER=1 NETFRAMEWORK45=#528372 APPLICATIONROOTDIRECTORY=c:\Program Files (x86)\Teams Installer\ TARGETDIR=c:\ ALLUSERS=1 CURRENTDIRECTORY=C:\windows\system32 CLIENTUILEVEL=0 CLIENTPROCESSID=640 ACTION=INSTALL SOURCEDIR=c:\ ROOTDRIVE=c:\ EXECUTEACTION=INSTALL INSTALLLEVEL=1 SECONDSEQUENCE=1 ADDLOCAL=MainApplication ACTION=INSTALL

MSI (s) (3C:A0) [20:37:28:928]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{D13493A3-8362-4830-B7EB-F2BB8D0A7FB8}'.

MSI (s) (3C:A0) [20:37:28:928]: Product Code passed to Engine.Initialize: ''

MSI (s) (3C:A0) [20:37:28:928]: Product Code from property table before transforms: '{731F6BAA-A986-45A4-8936-7C3AAAAA760B}'

MSI (s) (3C:A0) [20:37:28:928]: Product Code from property table after transforms: '{731F6BAA-A986-45A4-8936-7C3AAAAA760B}'

MSI (s) (3C:A0) [20:37:28:928]: Product not registered: beginning first-time install

MSI (s) (3C:A0) [20:37:28:929]: PROPERTY CHANGE: Adding ALLUSERS property. Its value is '1'.

MSI (s) (3C:A0) [20:37:28:929]: Product {731F6BAA-A986-45A4-8936-7C3AAAAA760B} is not managed.

MSI (s) (3C:A0) [20:37:28:929]: MSI_LUA: Credential prompt not required, user is an admin

MSI (s) (3C:A0) [20:37:28:929]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.

MSI (s) (3C:A0) [20:37:28:929]: Entering CMsiConfigurationManager::SetLastUsedSource.

MSI (s) (3C:A0) [20:37:28:929]: User policy value 'SearchOrder' is 'nmu'

MSI (s) (3C:A0) [20:37:28:929]: Adding new sources is allowed.

MSI (s) (3C:A0) [20:37:28:929]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.

MSI (s) (3C:A0) [20:37:28:929]: Package name extracted from package path: 'Teams_windows_x64.msi'

MSI (s) (3C:A0) [20:37:28:929]: Package to be registered: 'Teams_windows_x64.msi'

MSI (s) (3C:A0) [20:37:28:929]: Note: 1: 2205 2: 3: Error

MSI (s) (3C:A0) [20:37:28:931]: Note: 1: 2262 2: AdminProperties 3: -2147287038

MSI (s) (3C:A0) [20:37:28:931]: Machine policy value 'DisableMsi' is 1

MSI (s) (3C:A0) [20:37:28:931]: Machine policy value 'AlwaysInstallElevated' is 0

MSI (s) (3C:A0) [20:37:28:931]: User policy value 'AlwaysInstallElevated' is 0

MSI (s) (3C:A0) [20:37:28:931]: Product installation will be elevated because user is admin and product is being installed per-machine.

MSI (s) (3C:A0) [20:37:28:931]: Running product '{731F6BAA-A986-45A4-8936-7C3AAAAA760B}' with elevated privileges: Product is assigned.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Modifying ALLUSER property. Its current value is '0'. Its new value: '1'.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding NETFRAMEWORK45 property. Its value is '#528372'.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding APPLICATIONROOTDIRECTORY property. Its value is 'c:\Program Files (x86)\Teams Installer\'.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'c:\'.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\windows\system32'.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '0'.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '640'.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'c:\'.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'c:\'.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding EXECUTEACTION property. Its value is 'INSTALL'.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding INSTALLLEVEL property. Its value is '1'.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding SECONDSEQUENCE property. Its value is '1'.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding ADDLOCAL property. Its value is 'MainApplication'.

MSI (s) (3C:A0) [20:37:28:931]: Machine policy value 'DisableAutomaticApplicationShutdown' is 0

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding MsiRestartManagerSessionKey property. Its value is '84341155ba1bc840b4070c8fe47601e0'.

MSI (s) (3C:A0) [20:37:28:931]: RESTART MANAGER: Session opened.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Its value is '1'.

MSI (s) (3C:A0) [20:37:28:931]: Engine has iefSecondSequence set to true.

MSI (s) (3C:A0) [20:37:28:931]: TRANSFORMS property is now:

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Deleting SOURCEDIR property. Its current value is 'c:\'.

MSI (s) (3C:A0) [20:37:28:931]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.

MSI (s) (3C:A0) [20:37:28:933]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming

MSI (s) (3C:A0) [20:37:28:934]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\Favorites

MSI (s) (3C:A0) [20:37:28:935]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Network Shortcuts

MSI (s) (3C:A0) [20:37:28:935]: SHELL32::SHGetFolderPath returned: \\BTAFS01\BTA-Users$\tluk\Documents

MSI (s) (3C:A0) [20:37:28:937]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

MSI (s) (3C:A0) [20:37:28:938]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Recent

MSI (s) (3C:A0) [20:37:28:939]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\SendTo

MSI (s) (3C:A0) [20:37:28:941]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Templates

MSI (s) (3C:A0) [20:37:28:941]: SHELL32::SHGetFolderPath returned: C:\ProgramData

MSI (s) (3C:A0) [20:37:28:942]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Local

MSI (s) (3C:A0) [20:37:28:943]: SHELL32::SHGetFolderPath returned: \\BTAFS01\BTA-Users$\tluk\Pictures

MSI (s) (3C:A0) [20:37:28:945]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools

MSI (s) (3C:A0) [20:37:28:946]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

MSI (s) (3C:A0) [20:37:28:947]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs

MSI (s) (3C:A0) [20:37:28:948]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu

MSI (s) (3C:A0) [20:37:28:949]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop

MSI (s) (3C:A0) [20:37:28:952]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

MSI (s) (3C:A0) [20:37:28:953]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

MSI (s) (3C:A0) [20:37:28:954]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

MSI (s) (3C:A0) [20:37:28:955]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Start Menu

MSI (s) (3C:A0) [20:37:28:956]: SHELL32::SHGetFolderPath returned: C:\Users\tluk\Desktop

MSI (s) (3C:A0) [20:37:28:958]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates

MSI (s) (3C:A0) [20:37:28:958]: SHELL32::SHGetFolderPath returned: C:\windows\Fonts

MSI (s) (3C:A0) [20:37:28:958]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16

MSI (s) (3C:A0) [20:37:28:964]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.

MSI (s) (3C:A0) [20:37:28:964]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.

MSI (s) (3C:A0) [20:37:28:964]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.

MSI (s) (3C:A0) [20:37:28:964]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2

MSI (s) (3C:A0) [20:37:28:964]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2

MSI (s) (3C:A0) [20:37:28:964]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'c:\windows\Installer\3d7bfc3d.msi'.

MSI (s) (3C:A0) [20:37:28:964]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'c:\Teams_windows_x64.msi'.

MSI (s) (3C:A0) [20:37:28:964]: Machine policy value 'MsiDisableEmbeddedUI' is 0

MSI (s) (3C:A0) [20:37:28:964]: EEUI - Disabling MsiEmbeddedUI for service because it's not a quiet/basic install

MSI (s) (3C:A0) [20:37:28:964]: Note: 1: 2205 2: 3: PatchPackage

MSI (s) (3C:A0) [20:37:28:964]: Machine policy value 'DisableRollback' is 0

MSI (s) (3C:A0) [20:37:28:964]: User policy value 'DisableRollback' is 0

MSI (s) (3C:A0) [20:37:28:964]: PROPERTY CHANGE: Adding UILevel property. Its value is '5'.

MSI (s) (3C:A0) [20:37:28:965]: PROPERTY CHANGE: Adding Preselected property. Its value is '1'.

MSI (s) (3C:A0) [20:37:28:965]: APPCOMPAT: [DetectVersionLaunchCondition] Launch condition already passes.

MSI (s) (3C:A0) [20:37:28:965]: Doing action: INSTALL

MSI (s) (3C:A0) [20:37:28:965]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:28: INSTALL.

MSI (s) (3C:A0) [20:37:28:966]: Running ExecuteSequence

MSI (s) (3C:A0) [20:37:28:966]: Doing action: AppSearch

MSI (s) (3C:A0) [20:37:28:966]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:28: AppSearch.

MSI (s) (3C:A0) [20:37:28:967]: Skipping AppSearch action: already done on client side

Action ended 20:37:28: AppSearch. Return value 0.

MSI (s) (3C:A0) [20:37:28:967]: Doing action: LaunchConditions

MSI (s) (3C:A0) [20:37:28:967]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:28: LaunchConditions.

Action ended 20:37:28: LaunchConditions. Return value 1.

MSI (s) (3C:A0) [20:37:28:969]: Doing action: ValidateProductID

MSI (s) (3C:A0) [20:37:28:969]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:28: ValidateProductID.

Action ended 20:37:28: ValidateProductID. Return value 1.

MSI (s) (3C:A0) [20:37:28:970]: Doing action: CostInitialize

MSI (s) (3C:A0) [20:37:28:970]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:28: CostInitialize.

MSI (s) (3C:A0) [20:37:28:970]: Machine policy value 'MaxPatchCacheSize' is 10

MSI (s) (3C:A0) [20:37:28:971]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.

MSI (s) (3C:A0) [20:37:28:971]: Note: 1: 2205 2: 3: Patch

MSI (s) (3C:A0) [20:37:28:971]: Note: 1: 2205 2: 3: PatchPackage

MSI (s) (3C:A0) [20:37:28:971]: Note: 1: 2205 2: 3: MsiPatchHeaders

MSI (s) (3C:A0) [20:37:28:971]: Note: 1: 2205 2: 3: __MsiPatchFileList

MSI (s) (3C:A0) [20:37:28:971]: Note: 1: 2205 2: 3: PatchPackage

MSI (s) (3C:A0) [20:37:28:971]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId`

MSI (s) (3C:A0) [20:37:28:971]: Note: 1: 2205 2: 3: Patch

Action ended 20:37:28: CostInitialize. Return value 1.

MSI (s) (3C:A0) [20:37:28:972]: Doing action: FileCost

MSI (s) (3C:A0) [20:37:28:972]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:28: FileCost.

MSI (s) (3C:A0) [20:37:28:972]: Note: 1: 2205 2: 3: MsiAssembly

MSI (s) (3C:A0) [20:37:28:972]: Note: 1: 2205 2: 3: Class

MSI (s) (3C:A0) [20:37:28:972]: Note: 1: 2205 2: 3: Extension

MSI (s) (3C:A0) [20:37:28:972]: Note: 1: 2205 2: 3: TypeLib

Action ended 20:37:28: FileCost. Return value 1.

MSI (s) (3C:A0) [20:37:28:973]: Doing action: CostFinalize

MSI (s) (3C:A0) [20:37:28:973]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:28: CostFinalize.

MSI (s) (3C:A0) [20:37:28:973]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.

MSI (s) (3C:A0) [20:37:28:973]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.

MSI (s) (3C:A0) [20:37:28:973]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.

MSI (s) (3C:A0) [20:37:28:973]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.

MSI (s) (3C:A0) [20:37:28:973]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.

MSI (s) (3C:A0) [20:37:28:973]: Note: 1: 2205 2: 3: Patch

MSI (s) (3C:A0) [20:37:28:973]: Note: 1: 2205 2: 3: Condition

MSI (s) (3C:A0) [20:37:28:974]: PROPERTY CHANGE: Modifying WindowsFolder property. Its current value is 'C:\windows\'. Its new value: 'c:\windows\'.

MSI (s) (3C:A0) [20:37:28:974]: PROPERTY CHANGE: Modifying ProgramFilesFolder property. Its current value is 'C:\Program Files (x86)\'. Its new value: 'c:\Program Files (x86)\'.

MSI (s) (3C:A0) [20:37:28:974]: Target path resolution complete. Dumping Directory table...

MSI (s) (3C:A0) [20:37:28:974]: Note: target paths subject to change (via custom actions or browsing)

MSI (s) (3C:A0) [20:37:28:974]: Dir (target): Key: TARGETDIR , Object: c:\

MSI (s) (3C:A0) [20:37:28:974]: Dir (target): Key: WindowsFolder , Object: c:\windows\

MSI (s) (3C:A0) [20:37:28:974]: Dir (target): Key: ProgramFilesFolder , Object: c:\Program Files (x86)\

MSI (s) (3C:A0) [20:37:28:974]: Dir (target): Key: APPLICATIONROOTDIRECTORY , Object: c:\Program Files (x86)\Teams Installer\

MSI (s) (3C:A0) [20:37:28:974]: Note: 1: 2205 2: 3: MsiAssembly

MSI (s) (3C:A0) [20:37:28:974]: Note: 1: 2228 2: 3: MsiAssembly 4: SELECT `MsiAssembly`.`Attributes`, `MsiAssembly`.`File_Application`, `MsiAssembly`.`File_Manifest`, `Component`.`KeyPath` FROM `MsiAssembly`, `Component` WHERE `MsiAssembly`.`Component_` = `Component`.`Component` AND `MsiAssembly`.`Component_` = ?

Action ended 20:37:28: CostFinalize. Return value 1.

MSI (s) (3C:A0) [20:37:28:974]: Doing action: AssignOptions

MSI (s) (3C:A0) [20:37:28:974]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:28: AssignOptions.

MSI (s) (3C:A0) [20:37:28:975]: PROPERTY CHANGE: Adding ARGS property. Its value is 'default'.

Action ended 20:37:28: AssignOptions. Return value 1.

MSI (s) (3C:A0) [20:37:28:975]: Doing action: AssignSourceAndAllUser

MSI (s) (3C:A0) [20:37:28:975]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:28: AssignSourceAndAllUser.

MSI (s) (3C:A0) [20:37:28:975]: PROPERTY CHANGE: Adding AddAndRemoveRegKeysAndFiles property. Its value is 'Source=default;AllUser=1'.

Action ended 20:37:28: AssignSourceAndAllUser. Return value 1.

MSI (s) (3C:A0) [20:37:28:976]: Doing action: InstallValidate

MSI (s) (3C:A0) [20:37:28:976]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:28: InstallValidate.

MSI (s) (3C:A0) [20:37:28:976]: PROPERTY CHANGE: Deleting MsiRestartManagerSessionKey property. Its current value is '84341155ba1bc840b4070c8fe47601e0'.

MSI (s) (3C:A0) [20:37:28:976]: Note: 1: 2205 2: 3: Dialog

MSI (s) (3C:A0) [20:37:28:976]: Feature: MainApplication; Installed: Absent; Request: Local; Action: Local

MSI (s) (3C:A0) [20:37:28:976]: Component: Teams.exe; Installed: Absent; Request: Local; Action: Local

MSI (s) (3C:A0) [20:37:28:976]: Component: setup.json; Installed: Absent; Request: Local; Action: Local

MSI (s) (3C:A0) [20:37:28:976]: Component: RegistryEntries; Installed: Absent; Request: Local; Action: Null

MSI (s) (3C:A0) [20:37:28:976]: Component: AllUserRegistryEntries; Installed: Absent; Request: Local; Action: Local

MSI (s) (3C:A0) [20:37:28:976]: Component: __RegistryEntries65; Installed: Null; Request: Local; Action: Null

MSI (s) (3C:A0) [20:37:28:976]: Component: __AllUserRegistryEntries65; Installed: Null; Request: Local; Action: Local

MSI (s) (3C:A0) [20:37:28:976]: Note: 1: 2205 2: 3: BindImage

MSI (s) (3C:A0) [20:37:28:976]: Note: 1: 2205 2: 3: ProgId

MSI (s) (3C:A0) [20:37:28:976]: Note: 1: 2205 2: 3: PublishComponent

MSI (s) (3C:A0) [20:37:28:976]: Note: 1: 2205 2: 3: SelfReg

MSI (s) (3C:A0) [20:37:28:976]: Note: 1: 2205 2: 3: Extension

MSI (s) (3C:A0) [20:37:28:976]: Note: 1: 2205 2: 3: Font

MSI (s) (3C:A0) [20:37:28:976]: Note: 1: 2205 2: 3: Shortcut

MSI (s) (3C:A0) [20:37:28:976]: Note: 1: 2205 2: 3: Class

MSI (s) (3C:A0) [20:37:28:976]: Note: 1: 2205 2: 3: Icon

MSI (s) (3C:A0) [20:37:28:976]: Note: 1: 2205 2: 3: TypeLib

MSI (s) (3C:A0) [20:37:28:978]: Note: 1: 2205 2: 3: _RemoveFilePath

MSI (s) (3C:A0) [20:37:28:980]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.

MSI (s) (3C:A0) [20:37:28:981]: Note: 1: 2205 2: 3: BindImage

MSI (s) (3C:A0) [20:37:28:981]: Note: 1: 2205 2: 3: ProgId

MSI (s) (3C:A0) [20:37:28:981]: Note: 1: 2205 2: 3: PublishComponent

MSI (s) (3C:A0) [20:37:28:981]: Note: 1: 2205 2: 3: SelfReg

MSI (s) (3C:A0) [20:37:28:981]: Note: 1: 2205 2: 3: Extension

MSI (s) (3C:A0) [20:37:28:981]: Note: 1: 2205 2: 3: Font

MSI (s) (3C:A0) [20:37:28:981]: Note: 1: 2205 2: 3: Shortcut

MSI (s) (3C:A0) [20:37:28:981]: Note: 1: 2205 2: 3: Class

MSI (s) (3C:A0) [20:37:28:981]: Note: 1: 2205 2: 3: Icon

MSI (s) (3C:A0) [20:37:28:981]: Note: 1: 2205 2: 3: TypeLib

MSI (s) (3C:A0) [20:37:28:981]: Note: 1: 2727 2:

MSI (s) (3C:A0) [20:37:28:981]: Note: 1: 2205 2: 3: FilesInUse

MSI (s) (3C:A0) [20:37:28:990]: Note: 1: 2727 2:

Action ended 20:37:28: InstallValidate. Return value 1.

MSI (s) (3C:A0) [20:37:28:990]: Doing action: InstallInitialize

MSI (s) (3C:A0) [20:37:28:990]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:28: InstallInitialize.

MSI (s) (3C:A0) [20:37:28:991]: Machine policy value 'AlwaysInstallElevated' is 0

MSI (s) (3C:A0) [20:37:28:991]: User policy value 'AlwaysInstallElevated' is 0

MSI (s) (3C:A0) [20:37:28:991]: BeginTransaction: Locking Server

MSI (s) (3C:A0) [20:37:28:991]: Note: 1: 2203 2: C:\windows\Installer\inprogressinstallinfo.ipi 3: -2147287038

MSI (s) (3C:A0) [20:37:28:991]: Note: 1: 1715 2: Teams Machine-Wide Installer

MSI (s) (3C:A0) [20:37:28:991]: Note: 1: 2205 2: 3: Error

MSI (s) (3C:A0) [20:37:28:991]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1715

MSI (s) (3C:A0) [20:37:28:991]: Calling SRSetRestorePoint API. dwRestorePtType: 0, dwEventType: 102, llSequenceNumber: 0, szDescription: "Installed Teams Machine-Wide Installer".

MSI (s) (3C:A0) [20:37:28:991]: The System Restore service is disabled. Returned status: 1058. GetLastError() returned: 1058

MSI (s) (3C:A0) [20:37:28:991]: Note: 1: 2203 2: C:\windows\Installer\inprogressinstallinfo.ipi 3: -2147287038

MSI (s) (3C:A0) [20:37:28:991]: Server not locked: locking for product {731F6BAA-A986-45A4-8936-7C3AAAAA760B}

Action ended 20:37:29: InstallInitialize. Return value 1.

MSI (s) (3C:A0) [20:37:29:594]: Doing action: ProcessComponents

MSI (s) (3C:A0) [20:37:29:594]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:29: ProcessComponents.

MSI (s) (3C:A0) [20:37:29:595]: Note: 1: 2205 2: 3: MsiPatchCertificate

MSI (s) (3C:A0) [20:37:29:595]: LUA patching is disabled: missing MsiPatchCertificate table

MSI (s) (3C:A0) [20:37:29:595]: Resolving source.

MSI (s) (3C:A0) [20:37:29:595]: Resolving source to launched-from source.

MSI (s) (3C:A0) [20:37:29:595]: Setting launched-from source as last-used.

MSI (s) (3C:A0) [20:37:29:595]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'c:\'.

MSI (s) (3C:A0) [20:37:29:595]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'c:\'.

MSI (s) (3C:A0) [20:37:29:595]: PROPERTY CHANGE: Adding SourcedirProduct property. Its value is '{731F6BAA-A986-45A4-8936-7C3AAAAA760B}'.

MSI (s) (3C:A0) [20:37:29:595]: SOURCEDIR ==> c:\

MSI (s) (3C:A0) [20:37:29:595]: SOURCEDIR product ==> {731F6BAA-A986-45A4-8936-7C3AAAAA760B}

MSI (s) (3C:A0) [20:37:29:596]: Determining source type

MSI (s) (3C:A0) [20:37:29:596]: Source type from package 'Teams_windows_x64.msi': 2

MSI (s) (3C:A0) [20:37:29:596]: SECREPAIR: Hash Database: C:\windows\Installer\SourceHash{731F6BAA-A986-45A4-8936-7C3AAAAA760B}

MSI (s) (3C:A0) [20:37:29:597]: Note: 1: 2262 2: SourceHash 3: -2147287038

MSI (s) (3C:A0) [20:37:29:611]: SECREPAIR: New Hash Database creation complete.

MSI (s) (3C:A0) [20:37:30:997]: Source path resolution complete. Dumping Directory table...

MSI (s) (3C:A0) [20:37:30:997]: Dir (source): Key: TARGETDIR , Object: c:\ , LongSubPath: , ShortSubPath:

MSI (s) (3C:A0) [20:37:30:997]: Dir (source): Key: WindowsFolder , Object: c:\ , LongSubPath: , ShortSubPath:

MSI (s) (3C:A0) [20:37:30:997]: Dir (source): Key: ProgramFilesFolder , Object: c:\ , LongSubPath: , ShortSubPath:

MSI (s) (3C:A0) [20:37:30:997]: Dir (source): Key: APPLICATIONROOTDIRECTORY , Object: c:\ , LongSubPath: Teams Installer\ , ShortSubPath: p506qewb\

MSI (s) (3C:A0) [20:37:30:997]: Note: 1: 2205 2: 3: ActionText

MSI (s) (3C:A0) [20:37:30:999]: Note: 1: 2205 2: 3: ActionText

MSI (s) (3C:A0) [20:37:31:000]: Note: 1: 2205 2: 3: ActionText

Action ended 20:37:31: ProcessComponents. Return value 1.

MSI (s) (3C:A0) [20:37:31:004]: Doing action: UnpublishFeatures

MSI (s) (3C:A0) [20:37:31:004]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:31: UnpublishFeatures.

Action ended 20:37:31: UnpublishFeatures. Return value 1.

MSI (s) (3C:A0) [20:37:31:005]: Doing action: RemoveRegistryValues

MSI (s) (3C:A0) [20:37:31:005]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:31: RemoveRegistryValues.

Action ended 20:37:31: RemoveRegistryValues. Return value 1.

MSI (s) (3C:A0) [20:37:31:006]: Doing action: RemoveFiles

MSI (s) (3C:A0) [20:37:31:006]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:31: RemoveFiles.

MSI (s) (3C:A0) [20:37:31:007]: Note: 1: 2205 2: 3: RemoveFile

MSI (s) (3C:A0) [20:37:31:007]: Note: 1: 2205 2: 3: RemoveFile

Action ended 20:37:31: RemoveFiles. Return value 0.

MSI (s) (3C:A0) [20:37:31:007]: Doing action: InstallFiles

MSI (s) (3C:A0) [20:37:31:007]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:31: InstallFiles.

MSI (s) (3C:A0) [20:37:31:009]: Note: 1: 2205 2: 3: Patch

MSI (s) (3C:A0) [20:37:31:009]: Note: 1: 2228 2: 3: Patch 4: SELECT `Patch`.`File_`, `Patch`.`Header`, `Patch`.`Attributes`, `Patch`.`Sequence`, `Patch`.`StreamRef_` FROM `Patch` WHERE `Patch`.`File_` = ? AND `Patch`.`#_MsiActive`=? ORDER BY `Patch`.`Sequence`

MSI (s) (3C:A0) [20:37:31:009]: Note: 1: 2205 2: 3: Error

MSI (s) (3C:A0) [20:37:31:009]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1302

MSI (s) (3C:A0) [20:37:31:009]: Note: 1: 2205 2: 3: MsiSFCBypass

MSI (s) (3C:A0) [20:37:31:009]: Note: 1: 2228 2: 3: MsiSFCBypass 4: SELECT `File_` FROM `MsiSFCBypass` WHERE `File_` = ?

MSI (s) (3C:A0) [20:37:31:009]: Note: 1: 2205 2: 3: MsiPatchHeaders

MSI (s) (3C:A0) [20:37:31:009]: Note: 1: 2228 2: 3: MsiPatchHeaders 4: SELECT `Header` FROM `MsiPatchHeaders` WHERE `StreamRef` = ?

MSI (s) (3C:A0) [20:37:31:010]: Note: 1: 2205 2: 3: PatchPackage

MSI (s) (3C:A0) [20:37:31:010]: Note: 1: 2205 2: 3: MsiPatchHeaders

MSI (s) (3C:A0) [20:37:31:010]: Note: 1: 2205 2: 3: PatchPackage

Action ended 20:37:31: InstallFiles. Return value 1.

MSI (s) (3C:A0) [20:37:31:012]: Doing action: WriteRegistryValues

MSI (s) (3C:A0) [20:37:31:012]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:31: WriteRegistryValues.

Action ended 20:37:31: WriteRegistryValues. Return value 1.

MSI (s) (3C:A0) [20:37:31:016]: Doing action: RegisterUser

MSI (s) (3C:A0) [20:37:31:016]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:31: RegisterUser.

Action ended 20:37:31: RegisterUser. Return value 1.

MSI (s) (3C:A0) [20:37:31:017]: Doing action: RegisterProduct

MSI (s) (3C:A0) [20:37:31:017]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:31: RegisterProduct.

MSI (s) (3C:A0) [20:37:31:018]: Note: 1: 2205 2: 3: Error

MSI (s) (3C:A0) [20:37:31:018]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1302

MSI (s) (3C:A0) [20:37:31:019]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'.

Action ended 20:37:31: RegisterProduct. Return value 1.

MSI (s) (3C:A0) [20:37:31:020]: Doing action: PublishFeatures

MSI (s) (3C:A0) [20:37:31:020]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:31: PublishFeatures.

Action ended 20:37:31: PublishFeatures. Return value 1.

MSI (s) (3C:A0) [20:37:31:022]: Doing action: PublishProduct

MSI (s) (3C:A0) [20:37:31:022]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:31: PublishProduct.

MSI (s) (3C:A0) [20:37:31:023]: Note: 1: 2205 2: 3: Icon

MSI (s) (3C:A0) [20:37:31:023]: Note: 1: 2228 2: 3: Icon 4: SELECT `Name`, `Data` FROM `Icon`

Action ended 20:37:31: PublishProduct. Return value 1.

MSI (s) (3C:A0) [20:37:31:026]: Skipping action: AddAndRemoveRegKeysAndFiles (condition is false)

MSI (s) (3C:A0) [20:37:31:027]: Skipping action: RemoveRegKeyFromPreviousInstall (condition is false)

MSI (s) (3C:A0) [20:37:31:027]: Doing action: RunInstalledExecutable

MSI (s) (3C:A0) [20:37:31:027]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:31: RunInstalledExecutable.

Action ended 20:37:31: RunInstalledExecutable. Return value 1.

MSI (s) (3C:A0) [20:37:31:027]: Skipping action: UninstallAllUsers (condition is false)

MSI (s) (3C:A0) [20:37:31:027]: Doing action: InstallFinalize

MSI (s) (3C:A0) [20:37:31:027]: Note: 1: 2205 2: 3: ActionText

Action start 20:37:31: InstallFinalize.

MSI (s) (3C:A0) [20:37:31:028]: Running Script: C:\windows\Installer\MSI10E8.tmp

MSI (s) (3C:A0) [20:37:31:028]: PROPERTY CHANGE: Adding UpdateStarted property. Its value is '1'.

MSI (s) (3C:A0) [20:37:31:030]: Note: 1: 2265 2: 3: -2147287035

MSI (s) (3C:A0) [20:37:31:030]: Machine policy value 'DisableRollback' is 0

MSI (s) (3C:A0) [20:37:31:030]: Note: 1: 2318 2:

MSI (s) (3C:A0) [20:37:31:031]: Note: 1: 2318 2:

MSI (s) (3C:A0) [20:37:31:032]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2

MSI (s) (3C:A0) [20:37:31:032]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1380230320,LangId=1033,Platform=0,ScriptType=1,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)

MSI (s) (3C:A0) [20:37:31:032]: Executing op: ProductInfo(ProductKey={731F6BAA-A986-45A4-8936-7C3AAAAA760B},ProductName=Teams Machine-Wide Installer,PackageName=Teams_windows_x64.msi,Language=1033,Version=17039360,Assignment=1,ObsoleteArg=0,,,PackageCode={D13493A3-8362-4830-B7EB-F2BB8D0A7FB8},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0,ProductDeploymentFlags=3)

MSI (s) (3C:A0) [20:37:31:033]: Executing op: DialogInfo(Type=0,Argument=1033)

MSI (s) (3C:A0) [20:37:31:033]: Executing op: DialogInfo(Type=1,Argument=Teams Machine-Wide Installer)

MSI (s) (3C:A0) [20:37:31:033]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])

MSI (s) (3C:A0) [20:37:31:033]: Executing op: SetBaseline(Baseline=0,)

MSI (s) (3C:A0) [20:37:31:033]: Executing op: SetBaseline(Baseline=1,)

MSI (s) (3C:A0) [20:37:31:033]: Executing op: ActionStart(Name=ProcessComponents,Description=Updating component registration,)

MSI (s) (3C:A0) [20:37:31:034]: Executing op: ProgressTotal(Total=4,Type=1,ByteEquivalent=24000)

MSI (s) (3C:A0) [20:37:31:034]: Executing op: ComponentRegister(ComponentId={12D08AD5-1D6E-5FB4-BD58-FEDBBD0AE4A2},KeyPath=c:\Program Files (x86)\Teams Installer\Teams.exe,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (3C:A0) [20:37:31:035]: WIN64DUALFOLDERS: Substitution in 'c:\Program Files (x86)\Teams Installer\Teams.exe' folder had been blocked by the 1 mask argument (the folder pair's iSwapAttrib member = 0).

MSI (s) (3C:A0) [20:37:31:035]: Executing op: ComponentRegister(ComponentId={52D21741-86EF-55AA-ADD0-C59C05C8C5D0},KeyPath=c:\Program Files (x86)\Teams Installer\setup.json,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (3C:A0) [20:37:31:036]: WIN64DUALFOLDERS: Substitution in 'c:\Program Files (x86)\Teams Installer\setup.json' folder had been blocked by the 1 mask argument (the folder pair's iSwapAttrib member = 0).

MSI (s) (3C:A0) [20:37:31:036]: Executing op: ComponentRegister(ComponentId={87A0B33B-DABE-57DC-9022-8E578F0DCD63},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (3C:A0) [20:37:31:036]: Executing op: ComponentRegister(ComponentId={C22D37D7-64FE-50F8-892D-B7F15BB5E957},KeyPath=02:\SOFTWARE\Microsoft\Teams\AllUser,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (3C:A0) [20:37:31:037]: Executing op: ActionStart(Name=InstallFiles,Description=Copying new files,Template=File: [1], Directory: [9], Size: [6])

MSI (s) (3C:A0) [20:37:31:037]: Executing op: ProgressTotal(Total=114379571,Type=0,ByteEquivalent=1)

MSI (s) (3C:A0) [20:37:31:038]: Executing op: SetTargetFolder(Folder=c:\Program Files (x86)\Teams Installer\)

MSI (s) (3C:A0) [20:37:31:038]: Executing op: SetSourceFolder(Folder=1\p506qewb\|Teams Installer\)

MSI (s) (3C:A0) [20:37:31:038]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=contents.cab,BytesPerTick=65536,CopierType=2,ModuleFileName=c:\windows\Installer\3d7bfc3d.msi,,,,,IsFirstPhysicalMedia=1)

MSI (s) (3C:A0) [20:37:31:038]: Executing op: FileCopy(SourceName=rszfv7f1.jso|setup.json,SourceCabKey=setup.json,DestName=setup.json,Attributes=512,FileSize=27,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=722840857,HashPart2=1220015691,HashPart3=1996476716,HashPart4=-1427398628,,)

MSI (s) (3C:A0) [20:37:31:038]: File: c:\Program Files (x86)\Teams Installer\setup.json; To be installed; Won't patch; No existing file

MSI (s) (3C:A0) [20:37:31:038]: Source for file 'setup.json' is compressed

MSI (s) (3C:A0) [20:37:31:041]: Executing op: FileCopy(SourceName=Teams.exe,SourceCabKey=Teams.exe,DestName=Teams.exe,Attributes=512,FileSize=114379544,PerTick=65536,,VerifyMedia=1,,,,,CheckCRC=0,Version=1.4.0.2781,Language=1033,InstallMode=58982400,,,,,,,)

MSI (s) (3C:A0) [20:37:31:041]: File: c:\Program Files (x86)\Teams Installer\Teams.exe; To be installed; Won't patch; No existing file

MSI (s) (3C:A0) [20:37:31:041]: Source for file 'Teams.exe' is compressed

MSI (s) (3C:A0) [20:37:31:517]: Executing op: CacheSizeFlush(,)

MSI (s) (3C:A0) [20:37:31:517]: Executing op: ActionStart(Name=WriteRegistryValues,Description=Writing system registry values,Template=Key: [1], Name: [2], Value: [3])

MSI (s) (3C:A0) [20:37:31:545]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=13200)

MSI (s) (3C:A0) [20:37:31:545]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Teams,,BinaryType=0,,)

MSI (s) (3C:A0) [20:37:31:545]: Executing op: RegAddValue(Name=AllUser,Value=1,)

MSI (s) (3C:A0) [20:37:31:546]: Executing op: ActionStart(Name=RegisterProduct,Description=Registering product,Template=[1])

MSI (s) (3C:A0) [20:37:31:546]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=contents.cab,BytesPerTick=0,CopierType=2,ModuleFileName=c:\windows\Installer\3d7bfc3d.msi,,,,,IsFirstPhysicalMedia=1)

MSI (s) (3C:A0) [20:37:31:546]: Executing op: DatabaseCopy(DatabasePath=c:\windows\Installer\3d7bfc3d.msi,ProductCode={731F6BAA-A986-45A4-8936-7C3AAAAA760B},,,)

MSI (s) (3C:A0) [20:37:31:547]: Note: 1: 1402 2: UNKNOWN\Products\AAB6F137689A4A549863C7A3AAAA67B0\InstallProperties 3: 2

MSI (s) (3C:A0) [20:37:31:548]: Note: 1: 2318 2: c:\windows\Installer\3d7bfc3f.msi

MSI (s) (3C:A0) [20:37:31:548]: File will have security applied from OpCode.

MSI (s) (3C:A0) [20:37:31:638]: Executing op: ProductRegister(UpgradeCode={4009BE0E-5D51-5D91-B94C-D00D7B5FE829},VersionString=1.4.0.2781,,,,InstallSource=c:\,Publisher=Microsoft Corporation,,,,,,,,,,,,EstimatedSize=111685,,,,)

MSI (s) (3C:A0) [20:37:31:645]: Executing op: ProductCPDisplayInfoRegister()

MSI (s) (3C:A0) [20:37:31:645]: Executing op: ActionStart(Name=PublishFeatures,Description=Publishing Product Features,Template=Feature: [1])

MSI (s) (3C:A0) [20:37:31:646]: Executing op: FeaturePublish(Feature=MainApplication,,Absent=2,Component=lU~&)spSiFoC}doxb~E]PGX]BInAUC_rqHZ3)M+l?}4ZSKUB8DlQv.DKPN)H~fcJg%[$%B.,Jcv{-c9D)

MSI (s) (3C:A0) [20:37:31:647]: Executing op: ActionStart(Name=PublishProduct,Description=Publishing product information,)

MSI (s) (3C:A0) [20:37:31:647]: Executing op: CleanupConfigData()

MSI (s) (3C:A0) [20:37:31:647]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AAB6F137689A4A549863C7A3AAAA67B0\Patches 3: 2

MSI (s) (3C:A0) [20:37:31:647]: Executing op: RegisterPatchOrder(Continue=0,SequenceType=1,Remove=0)

MSI (s) (3C:A0) [20:37:31:647]: Note: 1: 1402 2: UNKNOWN\Products\AAB6F137689A4A549863C7A3AAAA67B0\Patches 3: 2

MSI (s) (3C:A0) [20:37:31:648]: Executing op: ProductPublish(PackageKey={D13493A3-8362-4830-B7EB-F2BB8D0A7FB8})

MSI (s) (3C:A0) [20:37:31:648]: Note: 1: 1402 2: UNKNOWN\Installer\Products\AAB6F137689A4A549863C7A3AAAA67B0 3: 2

MSI (s) (3C:A0) [20:37:31:648]: Note: 1: 1402 2: UNKNOWN\Installer\Products\AAB6F137689A4A549863C7A3AAAA67B0 3: 2

MSI (s) (3C:A0) [20:37:31:648]: Note: 1: 1402 2: UNKNOWN\Installer\Products\AAB6F137689A4A549863C7A3AAAA67B0 3: 2

MSI (s) (3C:A0) [20:37:31:648]: Note: 1: 1402 2: UNKNOWN\Installer\Products\AAB6F137689A4A549863C7A3AAAA67B0 3: 2

MSI (s) (3C:A0) [20:37:31:648]: Note: 1: 1402 2: UNKNOWN\Installer\Products\AAB6F137689A4A549863C7A3AAAA67B0 3: 2

MSI (s) (3C:A0) [20:37:31:648]: Note: 1: 1402 2: UNKNOWN\Installer\Products\AAB6F137689A4A549863C7A3AAAA67B0 3: 2

MSI (s) (3C:A0) [20:37:31:648]: Note: 1: 1402 2: UNKNOWN\Installer\Products\AAB6F137689A4A549863C7A3AAAA67B0 3: 2

MSI (s) (3C:A0) [20:37:31:648]: Note: 1: 1402 2: UNKNOWN\Installer\Products\AAB6F137689A4A549863C7A3AAAA67B0 3: 2

MSI (s) (3C:A0) [20:37:31:648]: Note: 1: 1402 2: UNKNOWN\Installer\Products\AAB6F137689A4A549863C7A3AAAA67B0 3: 2

MSI (s) (3C:A0) [20:37:31:648]: Note: 1: 1402 2: UNKNOWN\Installer\Products\AAB6F137689A4A549863C7A3AAAA67B0 3: 2

MSI (s) (3C:A0) [20:37:31:648]: Note: 1: 1402 2: UNKNOWN\Installer\Products\AAB6F137689A4A549863C7A3AAAA67B0 3: 2

MSI (s) (3C:A0) [20:37:31:649]: Executing op: UpgradeCodePublish(UpgradeCode={4009BE0E-5D51-5D91-B94C-D00D7B5FE829})

MSI (s) (3C:A0) [20:37:31:649]: Executing op: SourceListPublish(,,,,NumberOfDisks=1)

MSI (s) (3C:A0) [20:37:31:649]: Note: 1: 1402 2: UNKNOWN\Installer\Products\AAB6F137689A4A549863C7A3AAAA67B0\SourceList 3: 2

MSI (s) (3C:A0) [20:37:31:650]: Executing op: ProductPublishClient(,,)

MSI (s) (3C:A0) [20:37:31:650]: Executing op: SourceListRegisterLastUsed(SourceProduct={731F6BAA-A986-45A4-8936-7C3AAAAA760B},LastUsedSource=c:\)

MSI (s) (3C:A0) [20:37:31:650]: Entering CMsiConfigurationManager::SetLastUsedSource.

MSI (s) (3C:A0) [20:37:31:650]: Specifed source is already in a list.

MSI (s) (3C:A0) [20:37:31:650]: User policy value 'SearchOrder' is 'nmu'

MSI (s) (3C:A0) [20:37:31:650]: Adding new sources is allowed.

MSI (s) (3C:A0) [20:37:31:650]: Set LastUsedSource to: c:\.

MSI (s) (3C:A0) [20:37:31:650]: Set LastUsedType to: n.

MSI (s) (3C:A0) [20:37:31:650]: Set LastUsedIndex to: 1.

MSI (s) (3C:A0) [20:37:31:651]: Executing op: ActionStart(Name=RunInstalledExecutable,,)

MSI (s) (3C:A0) [20:37:31:651]: Executing op: CustomActionSchedule(Action=RunInstalledExecutable,ActionType=3090,Source=c:\Program Files (x86)\Teams Installer\Teams.exe,Target=--allUsers,)

MSI (s) (3C:A0) [20:38:19:163]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=231032259)

MSI (s) (3C:A0) [20:38:19:168]: Note: 1: 2265 2: 3: -2147287035

MSI (s) (3C:A0) [20:38:19:168]: User policy value 'DisableRollback' is 0

MSI (s) (3C:A0) [20:38:19:168]: Machine policy value 'DisableRollback' is 0

MSI (s) (3C:A0) [20:38:19:172]: Note: 1: 2265 2: 3: -2147287035

MSI (s) (3C:A0) [20:38:19:177]: Note: 1: 2318 2:

MSI (s) (3C:A0) [20:38:19:178]: Note: 1: 2318 2:

MSI (s) (3C:A0) [20:38:19:180]: No System Restore sequence number for this installation.

MSI (s) (3C:A0) [20:38:19:180]: Unlocking Server

MSI (s) (3C:A0) [20:38:19:711]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.

Action ended 20:38:19: InstallFinalize. Return value 1.

MSI (s) (3C:A0) [20:38:19:849]: Doing action: CopyConfig

MSI (s) (3C:A0) [20:38:19:849]: Note: 1: 2205 2: 3: ActionText

Action start 20:38:19: CopyConfig.

MSI (s) (3C:28) [20:38:19:864]: Invoking remote custom action. DLL: C:\windows\Installer\MSICFC5.tmp, Entrypoint: CopyConfig

MSI (s) (3C:E8) [20:38:19:868]: Generating random cookie.

MSI (s) (3C:E8) [20:38:19:871]: Created Custom Action Server with PID 4048 (0xFD0).

MSI (s) (3C:50) [20:38:19:924]: Running as a service.

MSI (s) (3C:50) [20:38:19:931]: Hello, I'm your 32bit Impersonated custom action server.

SFXCA: Extracting custom action to temporary directory: C:\windows\Installer\MSICFC5.tmp-\

SFXCA: Binding to CLR version v4.0.30319

Calling custom action SetupConfigCustomAction!Squirrel.SetupConfigCustomAction.SettingsCustomActions.CopyConfig

Reading Args default

Action ended 20:38:20: CopyConfig. Return value 1.

MSI (s) (3C:A0) [20:38:20:361]: Skipping action: Uninstall (condition is false)

Action ended 20:38:20: INSTALL. Return value 1.

Property(S): ALLUSER = 1

Property(S): NETFRAMEWORK45 = #528372

Property(S): APPLICATIONROOTDIRECTORY = c:\Program Files (x86)\Teams Installer\

Property(S): TARGETDIR = c:\

Property(S): AddAndRemoveRegKeysAndFiles = Source=default;AllUser=1

Property(S): ARGS = default

Property(S): ProgramFilesFolder = c:\Program Files (x86)\

Property(S): SourceDir = c:\

Property(S): SOURCE = default

Property(S): OPTIONS = default

Property(S): allUsersInstallSupported = 1

Property(S): Manufacturer = Microsoft Corporation

Property(S): ProductCode = {731F6BAA-A986-45A4-8936-7C3AAAAA760B}

Property(S): ProductLanguage = 1033

Property(S): ProductName = Teams Machine-Wide Installer

Property(S): ProductVersion = 1.4.0.2781

Property(S): UpgradeCode = {4009BE0E-5D51-5D91-B94C-D00D7B5FE829}

Property(S): SecureCustomProperties = NETFRAMEWORK45

Property(S): MsiLogFileLocation = c:\Teams.log

Property(S): PackageCode = {D13493A3-8362-4830-B7EB-F2BB8D0A7FB8}

Property(S): ALLUSERS = 1

Property(S): ProductState = -1

Property(S): PackagecodeChanging = 1

Property(S): CURRENTDIRECTORY = C:\windows\system32

Property(S): CLIENTUILEVEL = 0

Property(S): CLIENTPROCESSID = 640

Property(S): ACTION = INSTALL

Property(S): VersionDatabase = 200

Property(S): ROOTDRIVE = c:\

Property(S): EXECUTEACTION = INSTALL

Property(S): INSTALLLEVEL = 1

Property(S): SECONDSEQUENCE = 1

Property(S): ADDLOCAL = MainApplication

Property(S): MsiSystemRebootPending = 1

Property(S): VersionMsi = 5.00

Property(S): VersionNT = 603

Property(S): VersionNT64 = 603

Property(S): WindowsBuild = 9600

Property(S): ServicePackLevel = 0

Property(S): ServicePackLevelMinor = 0

Property(S): MsiNTProductType = 3

Property(S): WindowsFolder = c:\windows\

Property(S): WindowsVolume = c:\

Property(S): System64Folder = C:\windows\system32\

Property(S): SystemFolder = c:\windows\SysWOW64\

Property(S): TerminalServer = 1

Property(S): TempFolder = C:\Users\tluk\AppData\Local\Temp\

Property(S): CommonFilesFolder = C:\Program Files (x86)\Common Files\

Property(S): ProgramFiles64Folder = C:\Program Files\

Property(S): CommonFiles64Folder = C:\Program Files\Common Files\

Property(S): AppDataFolder = C:\Users\tluk\AppData\Roaming\

Property(S): FavoritesFolder = C:\Users\tluk\Favorites\

Property(S): NetHoodFolder = C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Network Shortcuts\

Property(S): PersonalFolder = \\BTAFS01\BTA-Users$\tluk\Documents\

Property(S): PrintHoodFolder = C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\

Property(S): RecentFolder = C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Recent\

Property(S): SendToFolder = C:\Users\tluk\AppData\Roaming\Microsoft\Windows\SendTo\

Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\

Property(S): CommonAppDataFolder = C:\ProgramData\

Property(S): LocalAppDataFolder = C:\Users\tluk\AppData\Local\

Property(S): MyPicturesFolder = \\BTAFS01\BTA-Users$\tluk\Pictures\

Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\

Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Property(S): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\

Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\

Property(S): DesktopFolder = C:\Users\Public\Desktop\

Property(S): FontsFolder = C:\windows\Fonts\

Property(S): GPTSupport = 1

Property(S): OLEAdvtSupport = 1

Property(S): ShellAdvtSupport = 1

Property(S): MsiAMD64 = 6

Property(S): Msix64 = 6

Property(S): Intel = 6

Property(S): PhysicalMemory = 8192

Property(S): VirtualMemory = 3293

Property(S): AdminUser = 1

Property(S): MsiTrueAdminUser = 1

Property(S): LogonUser = tluk

Property(S): UserSID = S-1-5-21-1632277108-4152571024-2139639571-1312

Property(S): UserLanguageID = 1033

Property(S): ComputerName = BTA-VDI-1

Property(S): SystemLanguageID = 1033

Property(S): ScreenX = 1024

Property(S): ScreenY = 768

Property(S): CaptionHeight = 19

Property(S): BorderTop = 1

Property(S): BorderSide = 1

Property(S): TextHeight = 16

Property(S): TextInternalLeading = 3

Property(S): ColorBits = 32

Property(S): TTCSupport = 1

Property(S): Time = 20:38:20

Property(S): Date = 2/4/2021

Property(S): MsiNetAssemblySupport = 4.8.4084.0

Property(S): MsiWin32AssemblySupport = 6.3.19041.546

Property(S): RedirectedDllSupport = 2

Property(S): MsiRunningElevated = 1

Property(S): Privileged = 1

Property(S): DATABASE = c:\windows\Installer\3d7bfc3d.msi

Property(S): OriginalDatabase = c:\Teams_windows_x64.msi

Property(S): UILevel = 5

Property(S): Preselected = 1

Property(S): CostingComplete = 1

Property(S): OutOfDiskSpace = 0

Property(S): OutOfNoRbDiskSpace = 0

Property(S): PrimaryVolumeSpaceAvailable = 0

Property(S): PrimaryVolumeSpaceRequired = 0

Property(S): PrimaryVolumeSpaceRemaining = 0

Property(S): SourcedirProduct = {731F6BAA-A986-45A4-8936-7C3AAAAA760B}

Property(S): SOURCEDIR = c:\

Property(S): ProductToBeRegistered = 1

MSI (s) (3C:A0) [20:38:20:444]: MainEngineThread is returning 0

MSI (s) (3C:64) [20:38:20:447]: RESTART MANAGER: Session closed.

MSI (s) (3C:64) [20:38:20:447]: No System Restore sequence number for this installation.

MSI (s) (3C:64) [20:38:20:450]: User policy value 'DisableRollback' is 0

MSI (s) (3C:64) [20:38:20:450]: Machine policy value 'DisableRollback' is 0

MSI (s) (3C:64) [20:38:20:450]: Incrementing counter to disable shutdown. Counter after increment: 0

MSI (s) (3C:64) [20:38:20:450]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2

MSI (s) (3C:64) [20:38:20:453]: Note: 1: 2265 2: 3: -2147287035

MSI (s) (3C:64) [20:38:20:454]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2

MSI (s) (3C:64) [20:38:20:455]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1

MSI (s) (3C:64) [20:38:20:456]: Destroying RemoteAPI object.

MSI (s) (3C:E8) [20:38:20:456]: Custom Action Manager thread ending.

MSI (c) (80:40) [20:38:20:459]: Back from server. Return value: 0

MSI (c) (80:40) [20:38:20:459]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1

MSI (c) (80:40) [20:38:20:459]: PROPERTY CHANGE: Deleting SECONDSEQUENCE property. Its current value is '1'.

Action ended 20:38:20: ExecuteAction. Return value 1.

Action ended 20:38:20: INSTALL. Return value 1.

Property(C): ALLUSER = 1

Property(C): NETFRAMEWORK45 = #528372

Property(C): APPLICATIONROOTDIRECTORY = c:\Program Files (x86)\Teams Installer\

Property(C): TARGETDIR = c:\

Property(C): ProgramFilesFolder = c:\Program Files (x86)\

Property(C): SourceDir = c:\

Property(C): SOURCE = default

Property(C): OPTIONS = default

Property(C): allUsersInstallSupported = 1

Property(C): Manufacturer = Microsoft Corporation

Property(C): ProductCode = {731F6BAA-A986-45A4-8936-7C3AAAAA760B}

Property(C): ProductLanguage = 1033

Property(C): ProductName = Teams Machine-Wide Installer

Property(C): ProductVersion = 1.4.0.2781

Property(C): UpgradeCode = {4009BE0E-5D51-5D91-B94C-D00D7B5FE829}

Property(C): SecureCustomProperties = NETFRAMEWORK45

Property(C): MsiLogFileLocation = c:\Teams.log

Property(C): PackageCode = {D13493A3-8362-4830-B7EB-F2BB8D0A7FB8}

Property(C): ALLUSERS = 1

Property(C): ProductState = -1

Property(C): PackagecodeChanging = 1

Property(C): CURRENTDIRECTORY = C:\windows\system32

Property(C): CLIENTUILEVEL = 0

Property(C): CLIENTPROCESSID = 640

Property(C): MsiSystemRebootPending = 1

Property(C): VersionDatabase = 200

Property(C): VersionMsi = 5.00

Property(C): VersionNT = 603

Property(C): ACTION = INSTALL

Property(C): VersionNT64 = 603

Property(C): WindowsBuild = 9600

Property(C): ServicePackLevel = 0

Property(C): ServicePackLevelMinor = 0

Property(C): MsiNTProductType = 3

Property(C): WindowsFolder = c:\windows\

Property(C): WindowsVolume = c:\

Property(C): System64Folder = C:\windows\system32\

Property(C): SystemFolder = c:\windows\SysWOW64\

Property(C): TerminalServer = 1

Property(C): TempFolder = C:\Users\tluk\AppData\Local\Temp\

Property(C): CommonFilesFolder = C:\Program Files (x86)\Common Files\

Property(C): ProgramFiles64Folder = C:\Program Files\

Property(C): CommonFiles64Folder = C:\Program Files\Common Files\

Property(C): AppDataFolder = C:\Users\tluk\AppData\Roaming\

Property(C): FavoritesFolder = C:\Users\tluk\Favorites\

Property(C): NetHoodFolder = C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Network Shortcuts\

Property(C): PersonalFolder = \\BTAFS01\BTA-Users$\tluk\Documents\

Property(C): PrintHoodFolder = C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\

Property(C): RecentFolder = C:\Users\tluk\AppData\Roaming\Microsoft\Windows\Recent\

Property(C): SendToFolder = C:\Users\tluk\AppData\Roaming\Microsoft\Windows\SendTo\

Property(C): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\

Property(C): CommonAppDataFolder = C:\ProgramData\

Property(C): LocalAppDataFolder = C:\Users\tluk\AppData\Local\

Property(C): MyPicturesFolder = \\BTAFS01\BTA-Users$\tluk\Pictures\

Property(C): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\

Property(C): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Property(C): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\

Property(C): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\

Property(C): DesktopFolder = C:\Users\Public\Desktop\

Property(C): FontsFolder = C:\windows\Fonts\

Property(C): GPTSupport = 1

Property(C): OLEAdvtSupport = 1

Property(C): ShellAdvtSupport = 1

Property(C): MsiAMD64 = 6

Property(C): Msix64 = 6

Property(C): Intel = 6

Property(C): PhysicalMemory = 8192

Property(C): VirtualMemory = 3287

Property(C): AdminUser = 1

Property(C): MsiTrueAdminUser = 1

Property(C): LogonUser = tluk

Property(C): UserSID = S-1-5-21-1632277108-4152571024-2139639571-1312

Property(C): UserLanguageID = 1033

Property(C): ComputerName = BTA-VDI-1

Property(C): SystemLanguageID = 1033

Property(C): ScreenX = 1920

Property(C): ScreenY = 1080

Property(C): CaptionHeight = 23

Property(C): BorderTop = 1

Property(C): BorderSide = 1

Property(C): TextHeight = 16

Property(C): TextInternalLeading = 3

Property(C): ColorBits = 32

Property(C): TTCSupport = 1

Property(C): Time = 20:38:20

Property(C): Date = 2/4/2021

Property(C): MsiNetAssemblySupport = 4.8.4084.0

Property(C): MsiWin32AssemblySupport = 6.3.19041.546

Property(C): RedirectedDllSupport = 2

Property(C): MsiRunningElevated = 1

Property(C): Privileged = 1

Property(C): DATABASE = c:\Teams_windows_x64.msi

Property(C): OriginalDatabase = c:\Teams_windows_x64.msi

Property(C): SOURCEDIR = c:\

Property(C): VersionHandler = 5.00

Property(C): ROOTDRIVE = c:\

Property(C): EXECUTEACTION = INSTALL

Property(C): UILevel = 5

Property(C): CostingComplete = 0

Property(C): OutOfDiskSpace = 0

Property(C): OutOfNoRbDiskSpace = 0

Property(C): PrimaryVolumeSpaceAvailable = 0

Property(C): PrimaryVolumeSpaceRequired = 0

Property(C): PrimaryVolumeSpaceRemaining = 0

Property(C): INSTALLLEVEL = 1

=== Logging stopped: 2/4/2021 20:38:20 ===

MSI (c) (80:40) [20:38:20:464]: Note: 1: 1707

MSI (c) (80:40) [20:38:20:464]: Note: 1: 2205 2: 3: Error

MSI (c) (80:40) [20:38:20:464]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1707

MSI (c) (80:40) [20:38:20:464]: Note: 1: 2205 2: 3: Error

MSI (c) (80:40) [20:38:20:464]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709

MSI (c) (80:40) [20:38:20:464]: Product: Teams Machine-Wide Installer -- Installation completed successfully.

MSI (c) (80:40) [20:38:20:464]: Windows Installer installed the product. Product Name: Teams Machine-Wide Installer. Product Version: 1.4.0.2781. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.

MSI (c) (80:40) [20:38:20:465]: Grabbed execution mutex.

MSI (c) (80:40) [20:38:20:465]: Cleaning up uninstalled install packages, if any exist

MSI (c) (80:40) [20:38:20:471]: MainEngineThread is returning 0

=== Verbose logging stopped: 2/4/2021 20:38:20 ===

Problem

Those who are looking for a PowerShell script to batch password protect PDF documents will quickly come across the following post as returned by Google:

Password Protect PDF document using windows Powershell script
https://efcomputer.net.au/blog/password-protect-pdf-document/

The author provides the following PowerShell script that uses the itextsharp.dll:

[System.Reflection.Assembly]::LoadFrom("itextsharp.dll")

function PSUsing {

param (

[System.IDisposable] $inputObject = $(throw "The parameter -inputObject is required."),

[ScriptBlock] $scriptBlock = $(throw "The parameter -scriptBlock is required.")

)

Try {

&$scriptBlock

}

Finally {

if ($inputObject.psbase -eq $null) {

$inputObject.Dispose()

} else {

$inputObject.psbase.Dispose()

}

}

}

$xlCellTypeLastCell = 11

$startRow,$col=2,1

$excel=new-object -com excel.application

$wb=$excel.workbooks.open("c:\temp\PDFList.xlsx")

for ($i=1; $i -le $wb.sheets.count; $i++)

{

$j=0;

$sh=$wb.Sheets.Item($i)

$endRow=$sh.UsedRange.SpecialCells($xlCellTypeLastCell).Row

$rangeAddress=$sh.Cells.Item($startRow+1,$col).Address() + ":" +$sh.Cells.Item($endRow+1,$col).Address()

$sh.Range($rangeAddress).Value2 | foreach {

$contract=$sh.Cells.Item($startRow + $j,$col).Value2

$filesource = $sh.Cells.Item($startRow + $j,$col+1).Value2

$filedest = $sh.Cells.Item($startRow + $j,$col+2).Value2

$dob=$sh.Cells.Item($startRow + $j,$col+3).Value2

New-Object PSObject -Property @{Contract=$contract;Dob=$dob}

$file = New-Object System.IO.FileInfo $filesource

$fileWithPassword = New-Object System.IO.FileInfo $filedest

$password = $dob

PSUsing ( $fileStreamIn = $file.OpenRead() ) {

PSUsing ( $fileStreamOut = New-Object System.IO.FileStream($fileWithPassword.FullName,[System.IO.FileMode]::Create,[System.IO.FileAccess]::Write,[System.IO.FileShare]::None) ) {

PSUsing ( $reader = New-Object iTextSharp.text.pdf.PdfReader $fileStreamIn ) {

[iTextSharp.text.pdf.PdfEncryptor]::Encrypt($reader, $fileStreamOut, $true, $password, $password, [iTextSharp.text.pdf.PdfWriter]::ALLOW_PRINTING)

}

}

}

$j++

}

}

$excel.Workbooks.Close()

At the time of this writing in Feb 2021, clicking on the link provided by the author brings us https://sourceforge.net/projects/itextsharp/files/ which no longer provides a download to the file.

Googling the for “itextsharp” returns a link to iTextSharp 5.5.13.2 located here https://www.nuget.org/packages/iTextSharp/ with the description that version 7 has replaced it but still available to be downloaded (along with security patches in the future):

With the package extracted, we proceed replicate the spreadsheet as shown in the post:

Then while placing the itextsharp.dll file into the same directory as the PowerShell script, we execute it but receive the following error:

New-Object : Could not load file or assembly 'BouncyCastle.Crypto, Version=1.8.6.0, Culture=neutral, PublicKeyToken=0e99375e54769942' or one of its

dependencies. The system cannot find the file specified.

At C:\itextsharp.5.5.13.2\lib\PasswordProtectPDF.ps1:46 char:22

+ ... ( $reader = New-Object iTextSharp.text.pdf.PdfReader $fileStreamIn ) ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (:) [New-Object], FileNotFoundException

+ FullyQualifiedErrorId : System.IO.FileNotFoundException,Microsoft.PowerShell.Commands.NewObjectCommand

Solution

The reason why the error above is presented is because the BouncyCastle.Crypto assembly is also needed for the PowerShell script. In addition to downloading:

iTextSharp 5.5.13.2
https://www.nuget.org/packages/iTextSharp/

We should also download the following BouncyCastle:

BouncyCastle 1.8.6.1
https://www.nuget.org/packages/BouncyCastle/1.8.6.1

**Note that the latest version 1.8.9 at the time of this writing does not work.

With the two packages downloaded, rename the extension .nupkg to .zip and unpack them into folders.

Place the following files into same directory:

1. BouncyCastle.Crypto.dll
2. itextsharp.dll
3. PasswordProtectPDF.ps1 (this is the script provided by the author above)

Before executing the PowerShell script, make sure the following line is added to the beginning so that the BouncyCastle.Crypto.dll is loaded:

Add-Type -Path "C:\itextsharp.5.5.13.2\lib\BouncyCastle.Crypto.dll"

Proceeding to run the PowerShell script will now complete successfully:

If you prefer not to work in the ISE environment then the line can either be added directly into the PS1, or run the Add-Type -Path "C:\itextsharp.5.5.13.2\lib\BouncyCastle.Crypto.dll" separately:

The PDFs with the a password configured should now be present in the destination folder:

I found that the script the author provided didn’t really match the formatting I wanted for the PowerShell output and spreadsheet (my use case had nothing to do with contract numbers and date of birth) so I’ll be making modifications to it and writing another blog post for it.

I was recently asked to provide an way to batch process a set of Microsoft Excel and Word documents to password protect them and managed to use VBA to accomplish this. Coding isn’t something I commonly perform so I thought I’d write this blog post for anyone who may be looking for something similar as well as have it for myself to reference in the future.

Using an Excel Spreadsheet with passwords to password protect Excel files

1. Begin by creating an Excel spreadsheet with two columns and fill in the Password column with as many rows of passwords as there are Excel files to encrypt:

2. Save the file at a location that is outside of the folder containing the Excel files to encrypt. We will use C:\temp for this example.

3. Launch Excel, click on the Developer tab and click on Visual Basic:

4. Click on the Insert tab and then Module:

5. Paste the following code into the module:

Sub ProtectMultiExcelWithOpenPasswordwithExcelReferenceFile()

     Application.ScreenUpdating = False

    'Disable privacy settings warning

     Application.DisplayAlerts = False

    Dim passwordListExcel As Workbook

    Dim protectThisWorkbook As Workbook

    Dim strPassword As String, strFile As String, strFolder, strDestFolder As String

    Dim passwordRow As Integer

    strFolder = "C:\Excel\"

    strFile = Dir(strFolder & "*.xlsx", vbNormal)

    strDestFolder = "C:\Excel\Encrypted\"

    ' OPEN THE EXCEL WORKBOOK WITH PASSWORDS

    Set passwordListExcel = Workbooks.Open("C:\temp\ExcelFiles.xlsx")

    'SET ROW TO START AT 2 IGNORING THE HEADER

    passwordRow = 2

    ' BEGIN LOOPING THROUGH EXCEL WORKBOOK TO SET PASSWORDS

    While strFile <> ""

      Set protectThisWorkbook = Workbooks.Open(Filename:=strFolder & strFile)

      strPassword = passwordListExcel.Worksheets("Sheet1").Range("B" & passwordRow).Formula

      'OPEN EXCEL, SET PASSWORD, SAVE AND CLOSE

      With protectThisWorkbook

        .Password = strPassword

        .SaveAs Filename:=strDestFolder & "Encrypted-" & strFile, Password:=strPassword

        .Close

      End With

      ' WRITE THE DOCUMENT NAME INTO THE CELL BESIDE THE PASSWORD IN THE REFERENCE SPREADSHEET

       passwordListExcel.Worksheets("Sheet1").Range("A" & passwordRow).Formula = strFile

      'INCREMENT THE ROW COUNT BY 1 TO GO TO THE NEXT ROW

      passwordRow = passwordRow + 1

      strFile = Dir()

      Wend

       passwordListExcel.Close True

      Set passwordListExcel = Nothing

End Sub

6. Update the variables to desired values:

strFolder: Where the source files are

strDestFolder: Where the destination password protected files should be

Set passwordListExcel = Workbooks.Open("C:\temp\ExcelFiles.xlsx"): Update the path to where the spreadsheet with the passwords is located as created in step #1.

7. Proceed to run the module by clicking on the play button or F5:

8. Reopening the reference Excel spreadsheet will now have the encrypted document name filled out:

9. Encrypted files should be present in the defined directory:

Generate random passwords to password protect Excel files

The following demonstrates how use VBA code to generate random passwords, encrypt Excel files in a specified folder, write the Excel file name and the respective password into an Excel spreadsheet.

1. Begin by creating an Excel spreadsheet with two columns with the heading Document Name and Password:

2. Save the file at a location that is outside of the folder containing the Excel files to encrypt. We will use C:\temp for this example.

3. Launch Excel, click on the Developer tab and click on Visual Basic: 

4. Click on the Insert tab and then Module:

5. Paste the following code into the module: 

Function RandomString(Length As Integer)

Dim CharacterBank As Variant

Dim x As Long

Dim str As String

'Test Length Input

  If Length < 1 Then

    MsgBox "Length variable must be greater than 0"

    Exit Function

  End If

CharacterBank = Array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", _

  "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", _

  "y", "z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "!", "@", _

  "#", "$", "%", "^", "&", "*", "A", "B", "C", "D", "E", "F", "G", "H", _

  "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", _

  "W", "X", "Y", "Z")

'Randomly Select Characters One-by-One

  For x = 1 To Length

    Randomize

    str = str & CharacterBank(Int((UBound(CharacterBank) - LBound(CharacterBank) + 1) * Rnd + LBound(CharacterBank)))

  Next x

'Output Randomly Generated String

  RandomString = str

End Function

Sub ProtectMultiExcelWithOpenPasswordwithExcelReferenceFile()

     Application.ScreenUpdating = False

    'Disable privacy settings warning

     Application.DisplayAlerts = False

    Dim passwordListExcel As Workbook

    Dim protectThisWorkbook As Workbook

    Dim strPassword As String, strFile As String, strFolder, strDestFolder As String

    Dim passwordRow As Integer

    Dim passwordLength As Integer

    strFolder = "C:\Excel\"

    strFile = Dir(strFolder & "*.xlsx", vbNormal)

    strDestFolder = "C:\Excel\Encrypted\"

    passwordLength = 14

    ' OPEN THE EXCEL WORKBOOK WITH PASSWORDS

   Set passwordListExcel = Workbooks.Open("C:\temp\ExcelFiles.xlsx")

    'SET ROW TO START AT 2 IGNORING THE HEADER

    passwordRow = 2

    ' BEGIN LOOPING THROUGH EXCEL WORKBOOK TO SET PASSWORDS

    While strFile <> ""

      Set protectThisWorkbook = Workbooks.Open(Filename:=strFolder & strFile)

      'GENERATE RANDOM PASSWORD WITH SPECIFIED LENGTH

      strPassword = RandomString(passwordLength)

      'OPEN EXCEL, SET PASSWORD, SAVE AND CLOSE

      With protectThisWorkbook

        .Password = strPassword

        .SaveAs Filename:=strDestFolder & "Encrypted-" & strFile, Password:=strPassword

        .Close

      End With

      ' WRITE THE DOCUMENT NAME INTO THE CELL BESIDE THE PASSWORD IN THE REFERENCE SPREADSHEET

      passwordListExcel.Worksheets("Sheet1").Range("A" & passwordRow).Formula = strFile

      ' WRITE THE PASSWORD INTO THE CELL IN THE REFERENCE SPREADSHEET

       passwordListExcel.Worksheets("Sheet1").Range("B" & passwordRow).Formula = strPassword

      'INCREMENT THE ROW COUNT BY 1 TO GO TO THE NEXT ROW

      passwordRow = passwordRow + 1

      strFile = Dir()

      Wend

       passwordListExcel.Close True

      Set passwordListExcel = Nothing

End Sub

6. Update the variables to desired values:

strFolder: Where the source files are

strDestFolder: Where the destination password protected files should be

Set passwordListExcel = Workbooks.Open("C:\temp\ExcelFiles.xlsx"): Update the path to where the spreadsheet with the passwords is located as created in step #1.

7. Proceed to run the module by clicking on the play button or F5:

8. Reopening the reference Excel spreadsheet will now have the encrypted document name and password filled out:

9. Encrypted files should be present in the defined directory:

Using an Excel Spreadsheet with passwords to password protect Word files

The following demonstrates how to use an Excel spreadsheet with passwords to password protect a folder with Word files.

1. Begin by creating an Excel spreadsheet with two columns and fill in the Password column with as many rows of passwords as there are Word files to encrypt:

2. Save the file at a location that is outside of the folder containing the Excel files to encrypt. We will use C:\temp for this example.

3. Launch Word, click on the Developer tab and click on Visual Basic: 

4. Click on the Insert tab and then Module:

5. Paste the following code into the module:

Sub ProtectMultiDocWithOpenPasswordwithExcelReferenceFile()

    Application.ScreenUpdating = False

    'Disable privacy settings warning

    Application.DisplayAlerts = False

    Dim excelObject As Object

    On Error Resume Next

    Set excelObject = GetObject(, "Excel.Application")

    If Err Then

        Set excelObject = CreateObject("Excel.Application")

    End If

    On Error GoTo 0

    Dim passwordListExcel

    Dim protectThisDocument As Document

    Dim strPassword As String, strFile As String, strFolder, strDestFolder As String

    Dim passwordRow As Integer

  strFolder = "C:\Word\"

    strFile = Dir(strFolder & "*.docx", vbNormal)

    strDestFolder = "C:\Word\Encrypted\"

    ' OPEN THE EXCEL WORKBOOK WITH PASSWORDS

    Set passwordListExcel = excelObject.Workbooks.Open("C:\temp\WordFiles.xlsx")

    'SET ROW TO START AT 2 IGNORING THE HEADER

    passwordRow = 2

    ' BEGIN LOOPING THROUGH WORD WORKBOOK TO SET PASSWORDS

    While strFile <> ""

      Set protectThisDocument = Documents.Open(FileName:=strFolder & strFile)

      strPassword = passwordListExcel.Worksheets("Sheet1").Range("B" & passwordRow).Formula

      'OPEN WORD, SET PASSWORD, SAVE AND CLOSE

      With protectThisDocument

        .Password = strPassword

        .SaveAs2 FileName:=strDestFolder & "Encrypted-" & strFile, Password:=strPassword

        .Close

      End With

      ' WRITE THE DOCUMENT NAME INTO THE CELL BESIDE THE PASSWORD IN THE REFERENCE SPREADSHEET

      passwordListExcel.Worksheets("Sheet1").Range("A" & passwordRow).Formula = strFile

      'INCREMENT THE ROW COUNT BY 1 TO GO TO THE NEXT ROW

      passwordRow = passwordRow + 1

      strFile = Dir()

      Wend

      passwordListExcel.Close True

      Set passwordListExcel = Nothing

End Sub

6. Update the variables to desired values:

strFolder: Where the source files are

strDestFolder: Where the destination password protected files should be

Set passwordListExcel = Workbooks.Open("C:\temp\WordFiles.xlsx"): Update the path to where the spreadsheet with the passwords is located as created in step #1.

7. Proceed to run the module by clicking on the play button or F5:

8. Reopening the reference Excel spreadsheet will now have the encrypted document name filled out:

9. Encrypted files should be present in the defined directory:

Generate random passwords to password protect Word files

The following demonstrates how use VBA code to generate random passwords, encrypt Word files in a specified folder, write the Word file name and the respective password into an Excel spreadsheet.

1. Begin by creating an Excel spreadsheet with two columns with the heading Document Name and Password:

2. Save the file at a location that is outside of the folder containing the Excel files to encrypt. We will use C:\temp for this example.

3. Launch Word, click on the Developer tab and click on Visual Basic: 

4. Click on the Insert tab and then Module:

5. Paste the following code into the module:

Function RandomString(Length As Integer)

Dim CharacterBank As Variant

Dim x As Long

Dim str As String

'Test Length Input

  If Length < 1 Then

    MsgBox "Length variable must be greater than 0"

    Exit Function

  End If

CharacterBank = Array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", _

  "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", _

  "y", "z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "!", "@", _

  "#", "$", "%", "^", "&", "*", "A", "B", "C", "D", "E", "F", "G", "H", _

  "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", _

  "W", "X", "Y", "Z")

'Randomly Select Characters One-by-One

  For x = 1 To Length

    Randomize

    str = str & CharacterBank(Int((UBound(CharacterBank) - LBound(CharacterBank) + 1) * Rnd + LBound(CharacterBank)))

  Next x

'Output Randomly Generated String

  RandomString = str

End Function

Sub ProtectMultiDocWithOpenPasswordwithExcelReferenceFile()

    Application.ScreenUpdating = False

    'Disable privacy settings warning

    Application.DisplayAlerts = False

    Dim excelObject As Object

    On Error Resume Next

    Set excelObject = GetObject(, "Excel.Application")

    If Err Then

        Set excelObject = CreateObject("Excel.Application")

    End If

    On Error GoTo 0

    Dim passwordListExcel

    Dim protectThisDocument As Document

    Dim strPassword As String, strFile As String, strFolder, strDestFolder As String

    Dim passwordRow As Integer

    Dim passwordLength As Integer

    strFolder = "C:\Word\"

    strFile = Dir(strFolder & "*.docx", vbNormal)

   strDestFolder = "C:\Word\Encrypted\"

    passwordLength = 14

    ' OPEN THE EXCEL WORKBOOK WITH PASSWORDS

    Set passwordListExcel = excelObject.Workbooks.Open("C:\temp\WordFiles.xlsx")

    'SET ROW TO START AT 2 IGNORING THE HEADER

    passwordRow = 2

    ' BEGIN LOOPING THROUGH WORD WORKBOOK TO SET PASSWORDS

    While strFile <> ""

      Set protectThisDocument = Documents.Open(FileName:=strFolder & strFile)

      'GENERATE RANDOM PASSWORD WITH SPECIFIED LENGTH

      strPassword = RandomString(passwordLength)

      'OPEN WORD, SET PASSWORD, SAVE AND CLOSE

      With protectThisDocument

        .Password = strPassword

        .SaveAs2 FileName:=strDestFolder & "Encrypted-" & strFile, Password:=strPassword

        .Close

      End With

      ' WRITE THE DOCUMENT NAME INTO THE CELL BESIDE THE PASSWORD IN THE REFERENCE SPREADSHEET

      passwordListExcel.Worksheets("Sheet1").Range("A" & passwordRow).Formula = strFile

      ' WRITE THE PASSWORD INTO THE CELL IN THE REFERENCE SPREADSHEET

      passwordListExcel.Worksheets("Sheet1").Range("B" & passwordRow).Formula = strPassword

      'INCREMENT THE ROW COUNT BY 1 TO GO TO THE NEXT ROW

      passwordRow = passwordRow + 1

      strFile = Dir()

      Wend

      passwordListExcel.Close True

      Set passwordListExcel = Nothing

End Sub

6. Update the variables to desired values:

strFolder: Where the source files are

strDestFolder: Where the destination password protected files should be

Set passwordListExcel = Workbooks.Open("C:\temp\WordFiles.xlsx"): Update the path to where the spreadsheet with the passwords is located as created in step #1.

7. Proceed to run the module by clicking on the play button or F5:

8. Reopening the reference Excel spreadsheet will now have the encrypted document name and password filled out:

9. Encrypted files should be present in the defined directory:

I was recently asked to provide an way to batch process a set of Microsoft Word documents that are still saved in the older .doc format to the modern .docx format and I wasn’t able to find a script that did exactly what I wanted so ended up writing one for the client. Coding isn’t my forte given it is not something I commonly perform so I thought I’d write this blog post for anyone who may be looking for something similar as well as have it for myself to reference in the future.

The following demonstrates how to open .doc documents in a specified folder and save them as .docx.

1. Begin by launching Word, click on the Developer tab and click on Visual Basic: 

2. Click on the Insert tab and then Module:

3. Paste the following code into the module:

Sub UpdateOldDocToDocx()

    Application.ScreenUpdating = False

    'Disable privacy settings warning

    Application.DisplayAlerts = False

    Dim oldDocument As Document

    Dim strPassword As String, strFile As String, strFolder, strDestFolder As String

    Dim passwordRow As Integer

    strFolder = "C:\Word\"

    strFile = Dir(strFolder & "*.doc", vbNormal)

    strDestFolder = "C:\Word\Upgraded\"

    ' BEGIN LOOPING THROUGH OLD WORD DOCUMENTS

    While strFile <> ""

      Set oldDocument = Documents.Open(FileName:=strFolder & strFile)

      'OPEN WORD, SAVE AND CLOSE

      With oldDocument

        .SaveAs2 FileName:=strDestFolder & strFile & "x", FileFormat:=wdFormatXMLDocument, CompatibilityMode:=15

        .Close

      End With

      strFile = Dir()

      Wend

End Sub

6. Update the variables to desired values:

strFolder: Where the source files are

strDestFolder: Where the destination password protected files should be

7. Proceed to run the module by clicking on the play button or F5:

8. The upgraded files should be present in the defined directory:

As a follow up to my previous post:

Attempting to use itextsharp.dll throws the error: "Could not load file or assembly 'BouncyCastle.Crypto, Version=1.8.6.0, Culture=neutral, PublicKeyToken=0e99375e54769942'..."

http://terenceluk.blogspot.com/2021/02/attempting-to-use-itextsharpdll-throws.html

… the script provided in the blog post did not match the requirements I needed so I’ve gone ahead to modify it and created two versions:

1. Uses an Excel spreadsheet with predefined passwords to password protect PDF documents and fills in the name of the file
2. Uses an Excel spreadsheet to fill in PDF file names and the randomly generated password used to password protect it

The following are the two PowerShell scripts:

Using PowerShell to Password Protect Adobe PDF Files (requires only passwords)

The following describes how to use PowerShell to password protect Adobe PDF files with a reference spreadsheet with only the passwords defined. The PowerShell script’s logic is as follows:

1. Opens up a spreadsheet with two columns:
   1. Source Name < blank
   2. Password < password specified
2. Looks into a directory and begins password protecting the documents with the passwords in the spreadsheet AND fills in the source name column with the file name
3. Saves the PDF into another directory

1. Begin by creating a spreadsheet with two columns leaving the Source Name blank with the Password column filled in:

    a) Source Name

    b) Password

2. Proceed by creating a .ps1 file from the following code (also attached as PasswordProtectPDF.ps1):

Add-Type -Path "C:\itextsharp.5.5.13.2\lib\BouncyCastle.Crypto.dll"

[System.Reflection.Assembly]::LoadFrom("itextsharp.dll")

function PSUsing {

param (

[System.IDisposable] $excelSheetNumbernputObject = $(throw "The parameter -inputObject is required."),

[ScriptBlock] $scriptBlock = $(throw "The parameter -scriptBlock is required.")

)

Try {

&$scriptBlock

}

Finally {

if ($excelSheetNumbernputObject.psbase -eq $null) {

$excelSheetNumbernputObject.Dispose()

} else {

$excelSheetNumbernputObject.psbase.Dispose()

}

}

}

$sourcePath = "C:\PDF\"

$destinationPath = "C:\PDF\WithPassword\"

$excelReferenceSheet = "c:\ScriptsNew\PDFList.xlsx"

$xlCellTypeLastCell = 11

$startRow,$col=2,1

$excelSheetNumber=1

# OPEN EXCEL FILE WITH PASSWORDS

$excel=new-object -com excel.application

$excel.DisplayAlerts = $false

$excel.Visible = $false

$workbook=$excel.workbooks.open($excelReferenceSheet)

$worksheet=$workbook.Sheets.Item($excelSheetNumber)

$rowIncrement=0;

# BEGIN TRAVERSING THROUGH SOURCE FOLDER

$files = Get-ChildItem "C:\PDF\\*" -file

foreach ($f in $files){

# WRITE SOURCE FILE NAME INTO SPREADSHEET

#Write-Output $f.name

$worksheet.Cells.Item($startRow + $rowIncrement,$col) = $f.name

#RETRIEVE PASSWORD FROM EXCEL

$password=$worksheet.Cells.Item($startRow + $rowIncrement,$col+1).Value2

#Write-Output $password

$rowIncrement++

$fullSourcePathAndFileName = $sourcePath + $f.name

$destinationPathAndFileName = $destinationPath + $f.name

# PASSWORD PROTECT PDF

New-Object PSObject -Property @{Source=$sourcePath + $sourceFileName;Destination=$destinationFileName;Password=$password}

$file = New-Object System.IO.FileInfo $fullSourcePathAndFileName

$fileWithPassword = New-Object System.IO.FileInfo $destinationPathAndFileName

PSUsing ( $fileStreamIn = $file.OpenRead() ) {

PSUsing ( $fileStreamOut = New-Object System.IO.FileStream($fileWithPassword.FullName,[System.IO.FileMode]::Create,[System.IO.FileAccess]::Write,[System.IO.FileShare]::None) ) {

PSUsing ( $reader = New-Object iTextSharp.text.pdf.PdfReader $fileStreamIn ) {

[iTextSharp.text.pdf.PdfEncryptor]::Encrypt($reader, $fileStreamOut, $true, $password, $password, [iTextSharp.text.pdf.PdfWriter]::ALLOW_PRINTING)

}

}

}

}

$workbook.SaveAs($excelReferenceSheet)

$excel.Close

$excel.Quit()

[System.GC]::Collect()

[System.GC]::WaitForPendingFinalizers()

[System.Runtime.Interopservices.Marshal]::ReleaseComObject($worksheet)

[System.Runtime.Interopservices.Marshal]::ReleaseComObject($excel)

Remove-Variable -Name excel

3. Open the ps1 script and edit the 3 paths as highlighted in red above:

$sourcePath = "C:\PDF\" <-- Directory containing the source PDFs

$destinationPath = "C:\PDF\WithPassword\" <-- Directory containing the source PDFs

$excelReferenceSheet = "c:\ScriptsNew\PDFList.xlsx"<-- Directory where the spreadsheet that the script will reference for the PDF file name and password

4. Download the following .nupkg packages:

iTextSharp 5.5.13.2
https://www.nuget.org/packages/iTextSharp/

BouncyCastle 1.8.6.1
https://www.nuget.org/packages/BouncyCastle/1.8.6.1

Rename the .nupkg extension to .zip, extract them to a folder and then copy the itextsharp.dll and BouncyCastle.Crypto.dll files

5. Create the directory where the password protected PDF files will be stored.

6. Proceed to execute the PowerShell script to password protect PDFs.

7. New PDFs should be created in the destination directory upon successfully executing the PowerShell script.

8. The spreadsheet referenced for configuring the passwords will have the Source Name column filled in with the file names of the password protected PDFs:

Using PowerShell to Password Protect Adobe PDF Files (auto generate passwords)

The following describes how to use PowerShell to password protect Adobe PDF files with a reference spreadsheet with only the passwords defined. The PowerShell script’s logic is as follows:

1. Opens up a spreadsheet with two columns:
   1. Source Name < blank
   2. Password < password specified
2. Looks into a directory and begins password protecting the documents with the passwords in the spreadsheet AND fills in the source name column with the file name
3. Saves the PDF into another directory

1. Begin by creating a spreadsheet with two columns leaving the Source Name and Password columns blank:

    a) Source Name

    b) Password

2. Proceed by creating a .ps1 file from the following code (also attached as PasswordProtectPDF.ps1):

Add-Type -Path "C:\itextsharp.5.5.13.2\lib\BouncyCastle.Crypto.dll"

Add-Type -AssemblyName System.Web

[System.Reflection.Assembly]::LoadFrom("itextsharp.dll")

function PSUsing {

param (

[System.IDisposable] $excelSheetNumbernputObject = $(throw "The parameter -inputObject is required."),

[ScriptBlock] $scriptBlock = $(throw "The parameter -scriptBlock is required.")

)

Try {

&$scriptBlock

}

Finally {

if ($excelSheetNumbernputObject.psbase -eq $null) {

$excelSheetNumbernputObject.Dispose()

} else {

$excelSheetNumbernputObject.psbase.Dispose()

}

}

}

$sourcePath = "C:\PDF\"

$destinationPath = "C:\PDF\WithPassword\"

$excelReferenceSheet = "C:\Scripts-GeneratePassword\PDFList.xlsx"

$xlCellTypeLastCell = 11

$startRow,$col=2,1

$excelSheetNumber=1

$passwordLength = 15

$numberOfSpecialCharacters = 4

# OPEN EXCEL FILE TO FILL OUT PDF FILENAME AND PASSWORDS

$excel=new-object -com excel.application

$excel.DisplayAlerts = $false

$excel.Visible = $false

$workbook=$excel.workbooks.open($excelReferenceSheet)

$worksheet=$workbook.Sheets.Item($excelSheetNumber)

$rowIncrement=0;

# BEGIN TRAVERSING THROUGH SOURCE FOLDER

$files = Get-ChildItem "C:\PDF\\*" -file

foreach ($f in $files){

# WRITE SOURCE FILE NAME INTO SPREADSHEET

#Write-Output $f.name

$worksheet.Cells.Item($startRow + $rowIncrement,$col) = $f.name

#GENERATE RANDOM PASSWORD AND FILL OUT SPREADSHEET

$password = [System.Web.Security.Membership]::GeneratePassword($passwordLength,$numberOfSpecialCharacters)

$worksheet.Cells.Item($startRow + $rowIncrement,$col+1).Value2 = $password

#Write-Output $password

$rowIncrement++

$fullSourcePathAndFileName = $sourcePath + $f.name

$destinationPathAndFileName = $destinationPath + $f.name

# PASSWORD PROTECT PDF

New-Object PSObject -Property @{Source=$sourcePath + $sourceFileName;Destination=$destinationFileName;Password=$password}

$file = New-Object System.IO.FileInfo $fullSourcePathAndFileName

$fileWithPassword = New-Object System.IO.FileInfo $destinationPathAndFileName

PSUsing ( $fileStreamIn = $file.OpenRead() ) {

PSUsing ( $fileStreamOut = New-Object System.IO.FileStream($fileWithPassword.FullName,[System.IO.FileMode]::Create,[System.IO.FileAccess]::Write,[System.IO.FileShare]::None) ) {

PSUsing ( $reader = New-Object iTextSharp.text.pdf.PdfReader $fileStreamIn ) {

[iTextSharp.text.pdf.PdfEncryptor]::Encrypt($reader, $fileStreamOut, $true, $password, $password, [iTextSharp.text.pdf.PdfWriter]::ALLOW_PRINTING)

}

}

}

}

$workbook.SaveAs($excelReferenceSheet)

$excel.Close

$excel.Quit()

[System.GC]::Collect()

[System.GC]::WaitForPendingFinalizers()

[System.Runtime.Interopservices.Marshal]::ReleaseComObject($worksheet)

[System.Runtime.Interopservices.Marshal]::ReleaseComObject($excel)

Remove-Variable -Name excel

3. Open the ps1 script and edit the 3 paths as highlighted in red above:

$sourcePath = "C:\PDF\" <-- Directory containing the source PDFs

$destinationPath = "C:\PDF\WithPassword\" <-- Directory containing the source PDFs

$excelReferenceSheet = "c:\ScriptsNew\PDFList.xlsx"<-- Directory where the spreadsheet that the script will reference for the PDF file name and password

$passwordLength = 15<-- The length of the randomly generated password

$numberOfSpecialCharacters = 4<-- The amount of non-numerical special characters in the password (e.g. !, -, $, &, @, #, %, etc)

4. Download the following .nupkg packages:

iTextSharp 5.5.13.2

https://www.nuget.org/packages/iTextSharp/

BouncyCastle 1.8.6.1

https://www.nuget.org/packages/BouncyCastle/1.8.6.1

Rename the .nupkg extension to .zip, extract them to a folder and then copy the itextsharp.dll and BouncyCastle.Crypto.dll files

5. Create the directory where the password protected PDF files will be stored.

6. Proceed to execute the PowerShell script to password protect PDFs.

7. New PDFs should be created in the destination directory upon successfully executing the PowerShell script.

8. The spreadsheet referenced for configuring the passwords will have the Source Name column filled in with the file names and corresponding passwords of the password protected PDFs:

Problem

You’ve completed configuring two Citrix StoreFront configured as a Load Balancing Virtual Server that is published by a Citrix ADC / NetScaler Gateway but noticed that the successfully logging on would continuously display the prompt:

Cannot complete your request.

Attempting to directly access the Load Balancing Virtual Server representing the StoreFront servers exhibits the same issue.

The following article’s recommendations does not appear to correct the issue:

Common Resolutions to “Cannot Complete Your Request” Error when connecting directly to StoreFront Server
https://support.citrix.com/article/CTX207162

Solution

The Cannot Complete Your Request prompt can be caused by many reasons but one of the more common reason I’ve come across is if the Load Balancing Virtual Server representing the StoreFront servers does not have Persistence configured:

To correct the issue, add the Persistence setting to the Load Balancing Virtual Server representing the StoreFront servers and configure

Select Persistence Type: SOURCEIP

Time-out (mins): the desired duration

Leave the rest as defaults.

Applying the settings should correct the issue:

Problem

You’ve completed configuring a Citrix Gateway with Duo MFA as described in the following configuration documentation:

Duo for Citrix Gateway Basic Primary Authentication
https://duo.com/docs/citrix-netscaler

However, you notice that authenticating through the portal does not display the Duo 2FA prompt as expected:

Note how only a field labeled as Password is displayed:

It should be noticed that entering the passcode from the Duo mobile app would successfully authenticate the identity but the following expected Duo login prompt is the desired outcome:

Solution

One of the common reasons why this behavior would be exhibited is if the portal them RFWebUI is selected (this the default theme in later versions of Citrix ADM / NetScalers) and the quick way to see if this is causing an issue is to switch the them to X1 as shown below:

However, the better solution is to refer to the following KB:

Is the Citrix Gateway RFWebUI theme compatible with Duo?
https://help.duo.com/s/article/3755?language=en_US

Which will refer to the complete instructions for information on how to configure the RFWebUI theme with Duo: https://duo.com/docs/citrix-netscaler#configure-the-proxy-for-your-citrix-gateway

Prior to implementing the configuration, verify that the requirements of having the Citrix ADC / NetScaler and Authentication Proxy at a certain version is met:

citrix_netscaler -Use citrix_netscaler when with the Default, Green Bubbles, or X1 themes.

citrix_netscaler_rfwebui - Use citrix_netscaler_rfwebui with the RFWebUI theme. Requires Authentication Proxy v3.1.0 and NS build 12.1-51.16 or later.