cloudp service deployment guide - · pdf file• office 365 enterprise e1 • office 365...
TRANSCRIPT
CloudPortal Service Manager Office 365 Service Deployment Guide
Contents Office365servicetopology.............................................................................................................2
Typicalmessageflowexample........................................................................................................3
AddyourdomaininOffice365........................................................................................................3
ActiveDirectorySynchronization....................................................................................................8
Systemrequirement....................................................................................................................9
InstallandconfigureActiveDirectorysynchronization...............................................................9
InstallandconfigureOffice365Webservice...............................................................................12
StepstoinstalltheWebservice...............................................................................................12
ImportandconfigureOffice365Service......................................................................................16
ToimportandconfiguretheOffice365Service.......................................................................16
ProvisionOffice365servicetocustomerandusers.....................................................................17
ToprovisionOffice365servicetoresellers..............................................................................17
ToprovisionOffice365servicetocustomer............................................................................18
ToprovisionOffice365servicetouser....................................................................................18
Toforcethesynchronizationmanuallyandreviewthestatus.................................................19
Office365propertiesthatcanbeconfiguredfromCloudPortalServiceManager..................19
Office365Reporting.....................................................................................................................20
Prerequisites.............................................................................................................................20
Office365Reseller....................................................................................................................21
Office365Customer.................................................................................................................22
Office365Plan..........................................................................................................................23
Howtocollecttracefordebug.....................................................................................................24
TraceforCPSMwebserver.......................................................................................................25
TraceforProvisioningEngine...................................................................................................25
TraceforOffice365WebService.............................................................................................25
KnowIssues/limitation.................................................................................................................26
FAQ...............................................................................................................................................26
CloudServiceNanjingTeamLastupdate:March15,2016
Office 365 service topology Office365serviceisprovidedby2components:
1. Office365servicepackage2. Office365webservice
FollowingisthetopologyofOffice365service:
• “CPSM”meansCPSMwebserver,CPSMprovisionengine,CPSMdatabase• “Office365WS”isthemachinewhichhasOffice365webserviceinstalled• “DC”meansDomainController• “Office365”meanstheOffice365serviceprovidedbyMicrosoft
CPSMneverinteractswithOffice365directly.ItsendsrequeststoOffice365WebServiceandOffice365WebServiceisresponsibleforcommunicatingwithOffice365(providedbyMicrosoft).
BesidesactingasaproxybetweenCPSMandOffice365,Office365WebServicecantriggerADSyncfunctionalityaswell.TheADSyncfunctionalityisprovidedbyMicrosoftAzureADConnect.So,theMicrosoftAzureADConnecthastobeinstalledonthesamemachineasOffice365webservice.
Typical message flow example ThefollowingisanexampleofatypicalmessageflowwhenperformingOffice365serviceprovisiononCPSMassumingthedatabaseisinstalledontheCPSMwebserveraswell:
Likeotherservices,provisionenginewillsendamessagetoOffice365WebService.Office365WebServicewilltalktoOffice365andAzureADConnectdependsontherequesttype.
Add your domain in Office 365 TouseOffice365serviceforCloudPortalServiceManager,youmusthavepurchasedOffice365serviceaccountfromMicrosoft,variousbusinessplanareavailable,currentlyonlyOn-lineExchangeservicepropertiescanbeconfiguredbyCloudPortalServiceManager.It’srecommendedthatyousubscribetothebelowbusinessplanwithExchangeOnlineservicefromMicrosoft.
• Office365BusinessEssentials• Office365BusinessPremium• Office365EnterpriseE1• Office365EnterpriseE3
• Office365EnterpriseE5
Forthereseller,wesuggestyousubscribeOffice365Enterprisebusinessplanbecausetheusermaximumvalueis“Unlimited”.
AfteryougettheOffice365servicecredentials,thedomainmustbecreatedinOffice365sothatyoucanactivateActiveDirectorysynchronizationtoSyncusersfromlocalADtoAzureAD.
1. GototheManagedomainspage.(Ifyou'renotalreadysignedintoOffice365,you'llbepromptedtosignin.Ifthelinkdoesn'twork,herearestepstonavigatetotheManagedomainspage).
2. ChooseAdddomaintostartthesetupwizard,whichguidesyouthroughverifyingyourdomain
andothersetupsteps.
3. Typeyourdomainnameinthesetupwizard.
4. AddthecustomizedDNSrecordsoOffice365canconfirmyouownthedomain.Office365typicallydetectsyourdomain'sDNShostandprovidesstep-by-stepinstructionsforaddingtherecord.
TakeMicrosoftDNSserviceasanexample.Makesureyou’veregisteredthedomainnamefrom
theDNSprovider,thenameserverisconfiguredforthisdomain,andthatrecordscanbequeriedexternally.
a. OpenDNSManagerontheDNShostmachine,expandForwardLookupZones,click
onthedomain,rightclickmenu->OtherNewRecords,selectTXTrecordtype,theninputTXTnameandTXTvalue.
b. ClickOKtoexit.
OrifyourDNSishostedbyGoDaddy,youcanchoosetologinGoDaddy,recordscanbeaddedautomatically
5. Whenyou'veaddedtherecordatyourDNShost,finishthisstepbychoosingOkay,I'veaddedtherecord.
6. Followthestepstonext,atStepSetupdomain,youcanchoosetherecordsareaddedautomaticallyifyou’reusingGoDaddytohostyourDNS,oraddtheMXrecords,TXTrecords,SRVrecordsmanuallyifyouareusingotherDNShosts,clickaddtheserecordsyourself,you’llseetherecordsdetails,whatrecordsshouldbeaddeddependonyourchoice,ifyou’llenableExchangeOn-LineandneedtheautodiscovercapabilityforOutlookclient,enable
Outlook on the web for email, calendar, and contacts
Detailrecordsthatneedtobeaddedwillshowuponthenextpage.
UseMicrosoftDNSserviceasanexampletoaddtheserecords:
a. OpenDNSManagerontheDNShostmachine,expandForwardLookupZones,clickonthedomain,rightclickmenu,andclickNewMailExchange(MX)
b. ClickNewAlias(CNAME)c. ClickOtherNewRecordsandselectTXTrecordtypetoaddTXTrecords
Or,youcanrefertoCreateDNSrecordsatanyDNShostingproviderforOffice365fordetailsifyou’reusinganotherDNShostingprovider.
7. Afteryouhaveaddedtheserecords,clickOkay,I’veaddedtherecordstofinishtheprocedure.
Active Directory Synchronization ForCloudPortalServiceManager,useraccountswillbecreatedonlocalActiveDirectorybyutilizingthesynchronizationcapabilityofAzureADConnect.LocalaccountscanbesyncedtoOffice365AzureADandOffice365licensecanbeassignedtotheuser.Aftergrantingthelicense,enduserscanaccessservicesprovidedbyOffice365withalocalUPNandpassword.
AzureADConnectshouldbeinstalledandconfiguredonthedomain-joinedmachinetogetherwithOffice365WebServiceinthedomainthatyouwantuserstosynctoOffice365.
Forlarge-scalecustomers,morethanoneAzureADConnectwithOffice365WebServicemachinecanbeinstalledandconfigured.AfterconfiguringtheServerConnection,specifytheWebserviceserverfromtheServicesettingsforOffice365onthecustomerlevel.WetestedAzureADConnectversion1.1.119.0.
System requirement WhenpreparingaservertohosttheAzureADConnectandOffice365Webservice,ensureThefollowingrequirementaremet:HardwareConfiguration • Twoormoreserver-classprocessors,2.0GHZorhigher
• Minimum4GBRAMrecommended• Minimum50GBfreediskspaceavailable
OperatingSystem WindowsServer2012R2.NETVersion .NETFramework4.0installedWindowsserverroles • ManagementTools->IISManagementconsole
• ManagementTools->IISManagementScriptsandTools
Install and configure Active Directory synchronization 1. AfteraddingyourlocaldomaininOffice365domains,DownloadtheAzureADConnect
toyourdomain-joinedmachine,andinstallit.2. Afterinstallation,launchtheMicrosoftAzureActiveDirectoryConnectwizardand
chooseUserexpresssettingsintheExpressSettingspage.3. EnteryourAzureADadministratorcredentialsandclickNext.4. Inthisstep,enteryourActiveDirectoryDomainServicesenterpriseadministrator
credentialsandclickNext.5. LeavetheExchangehybriddeploymentandStartthesynchronizationprocessassoon
astheconfigurationcompletesuncheckedandclickInstall.Theinstallationprocessmaytakeawhile.
6. Goto{AzureADConnectinstalllocation}\MicrosoftAzureActiveDirectory\Connect\SetupFiles\AADPowerShell,andclickAdministrationConfig-en,clickNextandclickInstalltoinstallAADPowershell.
ForthelatestversionofAzureADConnect,thesynchronizationwillautomaticallybeactivatedonceMicrosoftAzureActiveDirectoryConnectwizardissuccessfullyinstalled.
ForthelatestversionofAzureADConnect,theAADPowershellshouldbeinstalledseparately.
Foraneasymanagement,youcanusethetoolSynchronizationServiceManagerinstalledwithAzureADConnect,whichislocatedunder{AzureADConnectinstalllocation}\MicrosoftAzureADSync\UIShell\miisclient.exe
ImportantNotes:
• Forthemulti-domain(includingsub-domain)environment,anadditionalconfigurationstepisneededtoselecttherightdomainwhereAzureADConnectandOffice365webserviceserverexists.Otherwise,AzureADConnectwillselectallthedomainsandOUstosyncbydefault.Wedon'tsupportmulti-partitionscenario;onlyonedomaincanbeselected,oritwillfailintheprocessofOffice365webserviceconfiguration.
Ifyourenvironmentisamulti-domain(includingsub-domain)deployment,followthestepsbelow.
1. LaunchtheAzureADConnectWizard2. ChooseCustomizesynchronizationoptions,andclickNext3. EnteryourAzureADadministratorcredentialsandclickNext4. EnteryourActiveDirectoryDomainServicesenterpriseadministratorcredentialsand
clickNext5. SelecttherightdomaintobesyncedintheDomainandOUfilteringpageandclickNext
6. UncheckalltheselectionsandclickNext7. ClickInstalltore-configureAzureADConnect
Install and configure Office 365 Web Service Office365WebServiceshouldbeinstalledtogetherwithAzureADConnect.ItwillbeinvokedremotelybyProvisionenginetosyncusersandgroupsforCloudPortalServiceManagercustomerstoOffice365.
Steps to install the web service 1. LaunchtheSetup.exefromtheOffice365webserviceinstallationfolders2. EnableOffice365WebServicecheckbox,clickNextandfollowthestepstofinishthe
installation
3. ClicktheConfigurebuttontoconfiguretheservice4. IftheEncryptionserviceURLisnotaccessible,itwillshowthiswindow.Enteryour
ServiceURLandclickNext
5. Install/importadomaincertificateonOffice365WebServiceserver,toenableProvisionEngineservertotrustthecertificateinstalledontheOffice365webserviceserver,therootCertificateAuthority(CA)forthecertificateontheOffice365WebServiceservermustresidewithintheTrustedRootCertificateAuthoritiesnodeonProvisionEngineServer,ThefollowingillustrationshowstheCAforthecertificateontheOffice365WebServiceserver,called“ca”,whichislocatedintheTrustedRootCertificateAuthoritiespath.
SpecifytheSSLCertificateinstalled.PleasenotethatwhetheryoucheckUseSSLornot,itwillalwaysuseSSL.
6. ClickNexttofinishtheinstallation7. Totestifthewebserviceisworkingornot,enterhttps://yourhost/Office365WS/
Office365WCFService.svcintoyourbrowser.Itshouldshowthecontentbelow:
ImportantNotes:
• DuringtheOffice365WebServiceconfigurationprocess,youshoulddisableADScheduleSync.Instead,enableADScheduleSyncmanuallybyTaskScheduler.a. GotothepathofC:\ProgramFile(x86)\Citrix\Cortex\Provisioning
Engine\UsageDataofprovisioningengineserver.b. Threebatchfilesexists.Theyare“DailyAMUsageData.bat”,
“DailyPMUsageData.bat”,“HourlyUsageData.bat”.YoucanopenTaskScheduler,expandTaskScheduler(Local)->TaskSchedulerLibrary->Citrix->CloudPortalServiceManagertoseethedetailsofeachscheduletask.
c. Add"RequestGenerator.exe"-q"Bulk"-n"Office365-ScheduleSync"-t"BulkRequests"-m"Office365ScheduleSync"-p"BulkRequestType""office365schedulesync"-p"ServiceName""OFFICE365"tooneofthetreefiles.Werecommendaddingthescriptto“DailyPMUsageData.bat”.
Import and configure Office 365 Service To import and configure the Office 365 Service
1. Loginasaserviceprovideradministrator.FromConfiguration->SystemManager->ServiceSchema,clickImportaService,locatethe.packagefileandfollowthestepstoimporttheservice.
2. Afterimportiscomplete,eitherrestarttheCortexQueueMonitorserviceorrestartthemachineontheServicesManagerprovisioningserver.
3. Inthecontrolpanel,enabletheserviceatthetoplevel:a. UnderServiceFilter,selectTopEnvironmentServices
b. FromtheServicesManagermenubarinthecontrolpanel,chooseConfiguration>SystemManager>ServiceDeploymentandthenexpandOffice365ClickSave
4. Enabletheserviceatthelocationlevel:a. UnderServiceFilter,selectActiveDirectoryLocationServicesandchoose
aLocationFilter,ifapplicableb. FromtheServicesManagermenubarinthecontrolpanel,chooseConfiguration>
SystemManager>ServiceDeploymentandthenexpandOffice365ClickSave5. Verifycredentials:
a. FromtheServicesManagermenubar,chooseConfiguration>SystemManager>Credentials
b. CreatetheadministrativeimpersonationaccountfortheOffice365servicebyclickingAdd,andthenenteringausername,password,anddomain(preferablyinFullyQualifiedDomainNameform).
6. Enabletheserver:a. FromtheServicesManagermenubar,chooseConfiguration>SystemManager>
Servers.b. Iftheserveronwhichyouinstalledtheserviceisnotlisted,clickRefreshServerListc. ExpandtheentryfortheserverandverifythatServerEnabledisselected
ImportantNotes:
• FortheOffice365webserviceserver(theserverthatAzureADConnectandOffice365webserviceareinstalled),theserverAliasshouldbespecifiedasserverFQDN
7. Assigntheserverroles:a. FromtheServicesManagermenubar,chooseConfiguration>SystemManager>
ServerRoles,andthenexpandtheentryfortheserverb. UnderServerConnectionComponents,selectOffice365,andthenclickSave
8. Addaserverconnection:a. FromtheServicesManagermenubar,chooseConfiguration>SystemManager>
ServerConnections.SelectaLocationFilterifapplicable,clickNewConnection,andthenselectortypethefollowinginformationforthewebservice.ServerRole:Office365Server:WebServiceserverFQDNCredentials:URLBase:/Office365WS/Office365WCFService.svcProtocol:httpsPort:443Timeout:200000
b. OntheServerConnectionspage,clicktheiconintheTestcolumnfortheserver.Theiconturnsgreenforasuccessfulconnection.Arediconindicatesanunsuccessfulconnection.Hoverovertheicontogetmoreinformationaboutthefailedconnection.
Provision Office 365 service to customer and users TheOffice365servicecanbeprovisionedtoresellers,customers,andendusers,aftertheprovisioning,theendusercanlogintheOffice365servicefromMicrosoftbythelocalActiveDirectorycredentials.AnExchangemailboxwillbecreatedforthisenduseraswell,afterproperlicenseisassigned.
To provision Office 365 service to resellers
1. FromtheServicesManagermenubar,clickCustomersandselecttheresellerforwhomyouwanttoprovisionservices
2. SelectServices.TheCustomerServicespageappears
3. Fromtheserviceslist,clickReseller
4. SelecttheOffice365servicecheckboxandthenclicktheOffice365servicename
5. UnderResellerServiceSetup,selecttheuserplanandcustomerplantobeoffered,ifanychanges,clickSave
6. ClickAdvancedSettingsto:
§ Specifythemaximumnumberofusersthatthecustomercanprovisionwiththisservice.
§ Enableordisablebilling.
7. ClickProvision
To provision Office 365 service to customer
1. FromtheServicesManagermenubar,clickCustomersandselectthecustomerforwhomyouwanttoprovisionservices.
2. SelectServices.TheCustomerServicespageappears.
3. ClickOffice365.TheServicePlanConfigurationpageappears.
4. Selecttheappropriatecustomerplan.
5. EnterthecorrectOffice365administratorusernameandpassword6. ClickAdvancedSettingsto:
§ Selectauserplan.
§ Specifythemaximumnumberofusersthatthecustomercanprovisionwiththisservice.
§ Enableordisablebilling.
7. ClickAdvancedSettings->ServiceSettings,enable“ServerwhichhasOffice365webserviceinstalled”,choosetheproperserverfromthedropdownlist,clickApplychanges
8. ClickProvision,ThiswillprovisionOffice365servicetothiscustomerandtriggersynchronizationrequesttoAzureADConnectautomatically,whichwillsyncalllocalusersandgroupsbelongtothiscustomertoOffice365cloud.Youcanalsoforcesyncthelocalusers,groupsandpasswordfromtheServicesManagermenubarinthecontrolpanel.SelectServices->Office365->AzureADConnect,enableSyncADobjectsandpropertiesandForcesyncADPasswordscheckbox.Then,clickSyncbuttontosynclocalusers,groupsandpasswordtoOffice365
ImportantNotes:
• UserofthecustomershouldnothavethesameUPNwithOffice365admin,otherwiseitwillfailintheprocessofsynchronization.IfthesyncedusershavethesameUPNwithAzureADusers,wewilltrytodeleteusersinAzureADfirstandthensynceduserstoAzureAD
• Customer’sPrimaryDomainnameshouldmatchthedomainconfiguredonOffice365portal,otherwisetheActiveDirectoryaccountwillbesyncedtodefaultdomainconfiguredonOffice365portal
• Ifit’sanewcustomerwithoutanyuserprovisionedbefore,it’ssuggestedtohavealluserscreatedbeforegoingtoServices->Office365->AzureADConnecttotriggerthesynchronization
• Ifyoure-installtheAzureADconnecttoolontheserverwithOffice365webserviceinstalledforthecustomer,Office365serviceshouldbere-provisionedforthiscustomer,otherwiseaccountssynchronizationmayfailforthiscustomer
To provision Office 365 service to user
1. FromtheServicesManagermenubar,clickUsersandselecttheuserforwhomyouwanttoprovisionservices.
2. SelectServices.TheUserServicespageappears.
3. ClickOffice365.TheUserServiceSetuppageappears.
4. Choosetheappropriateuserplan.
5. SelectthelicensefromLicenseAssignmentyouwanttoassign.
6. ClickServiceSettingstospecifyservicemessageinformation.Ifyouchangesettings,clickApplychanges.
9. ClickProvision.Iftheuserdoesn’texistonOffice365,therewillbea‘NotSynced’errorlinkbesideAzureADStatus.ClickNotSyncedlinkandredirecttothesyncpagetotriggerasynch.Aftertheprovisionisdone,theuserwillhavelicenseusageauthorizationandsomesettingsoftheuserwillsetinOffice365portal.
To force the synchronization manually and review the status 1. Loginasacustomerserviceadmin.FromtheServiceManagermenubar,clickServices-
>Office365->AzureADConnect,enableSyncADObjectsandpropertiesorForcesyncADpasswords,thenclickSyncbuttontosynccurrentcustomer’sobjects,propertiesorpasswordtoAzureAD.
2. Loginasacustomerserviceadmin.FromtheServiceManagermenubar,clickServices->Office365->AccountSummary.ThecurrentOffice365account’sSKUandcompanyinformationwillberetrieved.
3. LoginasServiceProviderAdministrator.FromtheServiceManagermenubar,clickServices->Office365->ServerAssignmentand,reviewtheusageofOffice365webserviceconnection.
Office 365 properties that can be configured from CloudPortal Service Manager HideFromAddressList
• OnCPSM,fromOffice365->ServiceSettings->ExchangeOnlineCommon,youcanenable/disableHideFromAddressListproperty
• Afterprovisioningtheservicetotheuser,youcancheckitbyloggingintoOffice365:Admin->ExchangeAdminCenter->recipients->mailbox,thendoubleclickthemailboxongeneralpage
UserMailAlias
• OnCPSM,fromOffice365->ServiceSettings->ExchangeOnlineCommon,youcansetthemailboxaliaspattern
• Afterprovisioningtheservicetotheuser,youcancheckitbyloggingintoOffice365:Admin->ExchangeAdminCenter->recipients->mailbox,thendoubleclickthemailboxongeneralpage
OutlookonWeb
• OnCPSM,fromOffice365serviceuserplan,youcanenable/disableOutlookOnWeb• Afterprovisioningtheservicetotheuser,youcancheckitbyloggingintoOffice365:
Admin->ExchangeAdminCenter->recipients->mailbox,thenselectthemailboxattherightcorner
UserRole
• OnCPSM,fromOffice365serviceuserplan,youcansettheuserroleasUser,GlobaladministratororLimitedAdminRole
• Afterprovisioningtheservicetotheuser,youcancheckitbyloggingintoOffice365:Admin->Users->ActiveUsers,selecttheuser,thenclickEDITUSERROLES
UserLocation
• OnCPSM,fromOffice365serviceuserplan,youcanchoosetheuserlocationfromthedropdownlist
• Afterprovisioningtheservicetotheuser,youcancheckitbyloggingintoOffice365:Admin->Users->ActiveUsers,selecttheuser,thenclickEditbuttonunderAssignedlicense
Office 365 Reporting ForOffice365reports,we’llkeepexistingresellerreports,planreportsandcustomerreports.CPSMwillalsoproduceOffice365usagereports.CSP/Reseller/CustomercanviewtheusageofOffice365fromdifferentlevels.Forexample,thereportsincludehowmanylicensesareavailable,theOffice365licenseusageofeachuser,andthesyncserverusageofeachcustomer
TheOffice365reportingusesTaskSchedulertocollectOffice365usagedataonceaday,sothereportsarenotinrealtime.Theactiontakensoncustomersoruserstodaymayshowintomorrow’sreports
ToproperlyshowtheOffice365reports,someprerequisitesareneeded.
Prerequisites • CloudPortalServicesManagerReportingRoleshouldbeinstalledcorrectly• ReportsofOffice365schemeshouldbeenabledwhenimportingtheOffice365package• Addtheactioninfowithinthebatchfilefromtheprovisioningengine,whichwillallow
Office365usagedatatobecollectedandsenttoprovisioningenginebytaskschedulera. GotothepathC:\ProgramFile(x86)\Citrix\Cortex\ProvisioningEngine\UsageData
ofprovisioningengineserverb. Addscriptbelowtofile“DailyPMUsageData.bat”
"RequestGenerator.exe"-q"Bulk"-n"Office365-UsageDataRequest"-t"BulkRequests"-m"GetUsageData"-p"BulkRequestType""office365usagedatarequest"-p"ServiceName""OFFICE365"
c. OpenTaskScheduler,expandTaskScheduler(Local)->TaskSchedulerLibrary->Citrix->CloudPortalServiceManagertoseethedetailsofthescheduletask
• IfyouhaveOffice365webserviceinstalled,youshouldfirstuninstallit,thenreinstallOffice365webservicewiththereportingfeaturea. Gotosyncserver,openControlPanelb. ClickUninstallaprogrambelowProgramsc. Right-clickCitrixCloudPortalServicesManagerOffice365WebService,click
Uninstalld. FollowstepsforInstallandconfigureOffice365WebServicetoinstallthenewest
versionofOffice365webservice
Office 365 Reseller Thisportalprovidesalinktoaccessthereseller’sreportingpage.Theresellerreportingpageincludes365servicestatisticsforthereseller.AnadditionaltableisaddedtoshowlicenseusageforallthesyncedandOffice365provisionedusersofthereseller.Tenitemsareincludedwithinthenewaddedtable.
Customer
ThenameofthecustomerwhohasOffice365serviceprovisionedandiscreatedbythereseller.
Location
Thenameofthelocationinwhichtheuserbelongsto
SyncServer
ThesyncserverthatthecustomerisusingforOffice365
UserName
ThenameoftheuserwhohasOffice365serviceprovisionedandiscreatedbythecustomer.
LoginName
TheloginnameoftheuserwhohasOffice365serviceprovisioned
NumberOfLicense
ThenumberofOffice365licensestheuserhasprovisioned
UserLicense
Thenameofthelicensestheuserhasprovisioned
LastSyncTime
Thelastsynchronizationtimeoftheuser
RefreshTime
ThetimewhenthereportiscollectedfromOffice365webservicefortheuser.ItissetintheTaskScheduler,theroutinetimetocollectOffice365usagedatais11:00:00PM
Reseller
Thenameoftheresellerofthecustomer
Office 365 Customer Thisportalprovidesalinktoaccesscustomer’sreportingpage.ThecustomerreportingpageincludesdetailsoftheOffice365servicestatisticsofthecustomer.Besidesthegeneralreports,thispageprovidesreportstoshowhowmanylicensesareavailableforcustomertouse,licenseusageofallthesyncedandOffice365provisionedusersofthecustomer.
InCustomerDetailstable,threeadditionalitemsareaddedtothetable,theyareLocation,SyncServerandRefreshTime.
Location
Thenameofthelocationthatthecustomerbelongsto
SyncServer
TheADConnectSyncserverthecustomerisusingforOffice365
RefreshTime
ThetimewhenOffice365usagedataiscollectedfromwebserviceserver
Atabletoshowtheavailablelicensequantityforthecustomer,inthistable,sixitemsareincluded,theyareLicense,ActiveUnits,ConsumedUnits,LockedOutUnits,SuspendedUnits,TargetClass.
License
ThenameisfromMicrosoft,normallyitequatestothelicense.ItmeanstheuniquestringIDoftheaccount/SKUcombination
ActiveUnits
Thenumberofactivelicenses
ConsumedUnits
Thenumberoflicensesthathavebeenused
LockedOutUnits
Thenumberoflicensesthathavebeenlockedout
SuspendedUnits
Thenumberofsuspendedlicensesthatarenotavailableforassignment
TargetClass
ThetargetclassofthisSKU.OnlySKUswithtargetclassequaluserareassignable
AtabletoshowlicenseusageofallthesyncedandOffice365provisionedusersofthecustomerisadded,thetableincludessixitems,theyareUserName,LoginName,UserPlan,NumberOfLicense,License,LastSyncTime.
UserName
ThenameoftheuserwhohasprovisionedtheOffice365serviceandiscreatedbythecustomer
LoginName
TheOffice365loginnameoftheuser
UserPlan
Theuserplanthattheuserhasbeenprovisioned
NumberOfLicense
Thenumberofthelicensesthathavebeenassignedtotheuser
License
Licenses,whichhavebeenassignedtotheuser
LastSyncTime
Thetimeoflastsynchronizationfortheuser
Office 365 Plan Thisportalprovidesalinktoaccessplanbasedreportingpage.InOffice365reportingfeature,thereisnochangeforthispart,allcodesaregeneratedbyplatform,i.e.thecontentsoftheplanbasedreportingpageisexactlythesameasotherfeatures,itonlylistshowmanycustomers/usersareusingthecustomerplan/userplan.
ImportantNotes:
• Foruserusagedatainresellerreportsandcustomerreports,onlysyncedusersprovisionedwithOffice365arelisted.TheusersfromAzureADwithstatus“Incloud”willnotbelistedinthereports.
• Whenacustomeroruserprovisioningfails,theinformationontheuserorcustomerwillstillshowinthereport.
How to collect trace for debug Besidestheexistingtracefunctionality,log4netisintegratedintoCPSMwebserver,provisioningengineandOffice365webservicetoprovideadditionaltracetohelpdebug.
Tracelevelandsavedtracelocationcanbeconfiguredbymodifyingthetraceconfigurationfile.
Thereare7levelsoftrace:
1. OFF–shutdownthetracefunctionality2. FATAL–traceun-recoverableerror3. ERROR–traceerrorsthatwillnotbreaktheservice4. WARN–tracewarnings5. INFO–traceinformationsuchaswhattheapplicationisdoing6. DEBUG–tracethefunctionstackswhichisusedfordebugpurpose7. ALL–openalltraceoption(FATAL,ERROR,WARN,INFO,DEBUG)
Thefollowingisanexampleofhowtomodifythetracelevel.Withinthetraceconfigurationfile,you’llfindinformationsuchas:
<root><levelvalue="ALL"/><appender-refref="RollingLogFileAppender"/><!--<appender-refref="ConsoleAppender"/>--><!--<appender-refref="A"/>--></root>
Currentdefaultlevelis“ALL”,usercancustomizethetracelevel.Note,pleasedon’tchangetheappenderinfounlessyouareveryfamiliarwithlog4netconfiguration
Tochangethetracelocation,modifytheinformationbelow:
<appendername="RollingLogFileAppender"type="log4net.Appender.RollingFileAppender">
<filevalue="c:\Office365Web_log\log_"/>
<appendToFilevalue="true"/>
<maxSizeRollBackupsvalue="5"/>
<maximumFileSizevalue="5000KB"/>
<DatePatternvalue="yyyy-MM-dd'.txt'"/>
<rollingStylevalue="Composite"/>
<staticLogFileNamevalue="false"/>
<layouttype="log4net.Layout.PatternLayout">
<headervalue="[Header]"/>
<footervalue="[Footer]"/>
<conversionPatternvalue="%date[%thread]%-5level[%L]--%message%newline"/>
</layout>
</appender>
Note,pleasedonotmodifyotherparts,unlessyouareveryfamiliarwithlog4netconfiguration
Trace for CPSM web server ForCPSMwebserver,thelogconfigurationfileis:
C:\inetpub\CortexManagement\CortexDotNet\Services\Office365\WebLog.config
ThedefaulttracelogisstoredwithinpathofthemachinewhichhasCPSMwebserverdeployed:
C:\ProgramFiles(x86)\Citrix\Cortex\CortexWeb\CortexDotNet\Services\log\
Andthedefaulttracelevelis“ALL”
Trace for Provisioning Engine Forprovisioningengine,thelogconfigurationfilecanbefoundfromthepathofthemachinethathastheprovisioningenginedeployed:
C:\ProgramFiles(x86)\Citrix\Cortex\ProvisioningEngine\Citrix.Csm.Provisioning.Actions.Office365.dll.config
Thedefaulttracelogisstoredwithin:
C:\ProgramFiles(x86)\Citrix\Cortex\ProvisioningEngine\log\
Andthedefaulttracelevelis“ALL”
Trace for Office 365 Web Service ForOffice365WebService,thelogconfigurationfilecanbefoundfromthepathofthemachinethathasOffice365deployed:
C:\inetpub\CortexServices\Office365WS\bin\WebServiceLog.config
Thedefaulttracelogisstoredwithin:
C:\ProgramFiles(x86)\Citrix\Cortex\Services\log\
Thedefaulttracelevelis“ALL”
TraceforOffice365WindowsService
ForOffice365WindowsService,thelogconfigurationfilecanbefoundfromthepathofthemachinethathasOffice365deployed:
C:\ProgramFiles(x86)\Citrix\Cortex\Services\Office365WS\ADConnectorSvc\WindowsServiceLog.config
Thedefaulttracelogisstoredwithin:
C:\ProgramFiles(x86)\Citrix\Cortex\Services\log\
Andthedefaulttracelevelis“ALL”
Know Issues/limitation 1. Ifyou’reusingIE11.x,andsetthe“IEEnhancedSecurityConfiguration”toOff,make
sureIE->Tools->CompatibilityViewSettings,DisplayintranetsitesinCompatibilityViewandUseMicrosoftcompatibilitylistsareunchecked,oryoumayencounterdisplayerror.
2. IfyouwanttoprovisionmultipleCPSMcustomerstoasingleOffice365serviceaccountafterconfiguringmultipledomains,it’ssuggestedtohaveonlyonedomainconfiguredforoneOffice365serviceaccountandprovisiononeCSPMcustomertoitbecauseoflimitationsofAzureADConnecttool.Previouslysyncedaccountswillbedeletedafterswitchingtosyncanothercustomer’saccountbyOffice365WebService.
3. Disabled/Expiredlicenseinformationwillshowonuserserviceprovisionpage.Anyprovisionrequestwhichisassignedtotheselicenseswillcauseprovisionfailure.
4. LocaldomainmustbeconfiguredonOffice365beforetheprovisionoritwillcauseprovisionfailure.
5. OntheAzureADConnectpage,it’sone-waycheckforaccountmatchingbetweenlocalandcloud.
6. Frequentdeleteuser,createuserandsynctoOffice365maycausetheAzureADConnecttothrowa“Attributevaluemustbeunique”error.
7. TheuserstobesyncedshouldnothavethesameUPNwithusersalreadyinAzureAD,especiallyuserswithGlobaladministratorroleinAzureAD.ItwillcauseanerrorinthesyncingprocessofCPSM.
8. IfAzureADschedulesyncisdisabledbyOffice365webservice,youneedtotriggertheADschedulesyncbyTaskSchedulerinprovisioningengine,manually.
9. CPSMcanonlyworkwithAzureADConnectversionabove1.1.105.0,anyversionpriorto1.1.105.0willnotbesupported.
10. WhenprovisioningOffice365toauser,theremaybeanerrorlike“setOWAtimeout”.ThisisbecauseExchangeOnlineneedstosetOWAtoprepareprimaryaddressforauser.Thismaytakealongtime.Theprovisionactionwilltakefiveminutestowaitforthepreparation.Ifthedurationexceedsfiveminutes,anerrormayoccur.ContacttheserviceadministratororMicrosoftforsupport.
FAQ Q:WhatcanIdoifIwanttoenableSkypeforBusinessformycustomers?
A:Firstly,youshouldenable“SkypeforBusinessforinstantmessagingandonlinemeetings”atthedomainsetupontheOffice365portal,addcorrespondingDNSrecordstoyourDNSserver
Aftertheuserisprovisioned,then,logintotheOffice365portalastheglobaladministrator,USERS->ActiveUsers,selecttheuser,atthelicenseassignmentpage,expandthebusinessplan.MakesureSkypeforBusinessOnlineisselectedandclickSAVE.
Q:HowistheOffice365accountstoredinCloudPortalServiceManager?Isitpossibletoleakthisinformation?
A:Thesecredentialareencryptedandstoredinthedatabaseandtransferredbyhttps.Itisnotreadablebyanythird-partytool.