Microsoft Office Excel ActiveX Fix


As planned, Microsoft released a security patch for an Office ActiveX vulnerability on 12/9/2015. Any dated (and I mean code as old as 10-years) Excel VBA macros with ActiveX controls no longer work post-patching. Here are some links if you need to understand more:

Official Microsoft Excel Blog

Frankly, the ideal way to repair this issue is to replace the underlying vulnerable ActiveX VBA code.

Where that isn’t practical, the following fix works for Excel 2007 and Excel 2010, but you need a working unpatched machine to start.

Working directory – C:\Users\%Username%\AppData\Local\Temp

Folder and files to copy –



Copy and replace the working folders to the broken machine and the macros should start working again.

Each of the directories above contain uncorrupted *.exd files. The issue is resolved when you replace the corrupted files on the broken PC.

Email me if you need a working copy of the files.

Still digging into Excel 2013…



Posted in Uncategorized | Leave a comment

Surface Pro 3 Powers Off when Plugged In – Power Cord Issue – Two Outlet Power Brick

Surface Pro 3 – Hard system fault although connected  to wall outlet, power light is on, and battery sufficiently charged.

When powering on a Surface Pro 3, immediately after log on, the system would completely shut off. It’s plugged in (power light on at the connector) and checking the power icon, it shows that the system is correctly plugged in and charging.

It isn’t.

The power supply for all Surface Pro devices is a two part plug that, if not completely connected at the power brick, will cause the device to randomly power off, even if the battery is charged.

Surface Pro Two Piece Power Supply

Microsoft Surface Pro 3 Power Supply – Unassembled

Ensuring the wall-outlet cord is completely connected will correct this issue. Also, make sure you have all of the firmware updates.

Bad connection leads to a short

Make sure the wall outlet cord is completely connected to the power brick.


Posted in Configuration, Microsoft | Tagged | Leave a comment

Manually Checking For Windows Updates in an SCCM-Controlled Environment

Windows 8.1 – When using the Control Panel Windows Update “Check for Updates” button, the system returns “No Updates are Available.” Subsequently using the hyperlink “Check online for updates from Microsoft Update” shows numerous updates are available.

One of my roles as IT Operations Manager is Desktop support. I conduct post-deployment “spot checks” of deployed Windows 8.1 PCs and discovered that we were missing some critical Windows updates. While we use SCCM 2012 to manage our patch deployments, missing Office 2013 patches leads to numerous Excel issues for our users. Why?

  1. Our SCCM doesn’t check for Office Updates
  2. Check for updates only checks the local PC’s update folder.
  3. The update doesn’t check for other Windows products
Check for Updates

Control Panel’s Check for Windows Updates

When I click the “Check for Updates” button

Your Windows is up to Date

Post-Button Notification


Click on “Check Settings” on the left hand side and check the box the “Give me updates for other Microsoft products…”

Give me other updates too!

Check the box that states “Give me updates for other Microsoft products…”

After clicking the “Check online for updates from Microsoft Update”

Updates are available

Numerous updates available online

The “Check for Updates” button checks the local PC’s update folder and doesn’t see any new Windows updates. This is expected behavior since an SCCM GPO turns this off. Manually checking online grabs the latest updates. I’ve also modified our SCCM patching routine to check for all Microsoft products. This is going to be a bear during the first run, but after that we’ll obtain all of the latest hotfixes, patches, et al. Risk? Hardly, since Microsoft and the whole community does such a great job of catching issues before we deploy to our user base. We also deploy to three test groups over three-weeks before final deployment.


Posted in Change Management, Configuration, Microsoft | Tagged , , | 2 Comments

System Center 2012 (SCSM) Orchestrator – “Cannot resolve display name…”


Every now and then, when working in Orchestrator, I inadvertently enter the wrong field value in an Update Object step.

Search results for the error have a lot of recommendations to check the language settings for Orchestrator. What I found is that you’ve probably entered an invalid list value in the field.



Notice how the Sequence ID and Status are set to 4. In my first attempt, I had selected Status instead of the correct Sequence ID.

Since “4” is not a selection from our Status drop-down list, the runbook would error with the “Cannot resolve display name (Displayname 2) to name.”

Correcting the field value with an acceptable selection or data value will resolve the issue.




Posted in Uncategorized | Leave a comment

Cireson Outlook Console Add-In for Service Manager 2012 Review

For those busy IT Managers who don’t have enough time to read the full blog article…

If you use SCSM 2012, purchase the Cireson Outlook Add-In. It’s one of the best third-party add-ons I’ve found to help with the day-to-day management of work items. Watch their video to see why. This is a true “killer” app.

Read on for the reasons why I like it so much on my Windows 8.1 Office 2013 32-bit desktop.

Face it, the Microsoft-based workforce lives and breathes in their Outlook client during day-to-day work. Any time we need to leave Outlook, it slows down our productivity. Cireson appears to have solved this problem for my Help Desk team. Now they can manage work items right from their inbox.

Some of the great things about this add-in:

  • It’s faster than the both the native SCSM 2012 portal and thick client. Not just a little faster, but “smoking fast” faster.
  • Installation takes minutes and setup is painless.
  • Allows you to manage your email inbox like a ticket queue. You can assign, create, or manage work items.
  • Supremely more intuitive than the native forms within the SCSM console.
  • Required fields within SCSM work item forms are much easier to recognize.

While the product is awesome, it’s not perfect, but these minor issues don’t distract from the overall awesome awesomeness.

  • Doesn’t like Office 2013 64-bit. I’m working with Cireson on a solution.
  • I still can’t teleport using the product. Very disappointing.

Features I’d love to see down the road (other than teleporting):

  • Ability to “Right Click” via the console.
  • Keep the “My Active Workitems” sort order after closing

Now for some way cool screen shots…

Figure 1 – All of the options when you right click on an email

Figure 2 – Here’s the Ribbon Bar options for Create

Figure 3 – The Ribbon Bar Edit Features

Figure 4 – What you get when you Edit – Really like the ability to just list incidents assigned to me

Figure 5 – Create Incident Form – Note the bold red boxes and the Tasks selection at the top left corner. No right task pane required to RESOLVE an incident.

Drop me a line in the comments if you have any questions.


Posted in SCSM 2012, Uncategorized | Tagged , , | 2 Comments

SCSM 2012 Console Optimization Trick

Attended a really cool Service Manager Customer LyncUp! with Travis Wright today. You can learn more about it here –

If you’re an SCSM geek, I strongly encourage attending these.

While there were some great discussions about various SCSM topics, the one thing I took away today was a tip provided by Travis to optimize the SCSM thick client.

Don’t maximize the desktop application.

Seems there’s a WPF bug. Simply restore it and then stretch the window to grab the amount of screen space you need.

I was pretty surprised at how much this sped up my console. Give it a try.



Posted in SCSM 2012 | Tagged , | Leave a comment

Windows Surface Pro and Direct Access Hit a Home Run


Our company has a very mobile Sales team who travel most of the United States and part of Mexico. Their success, as is much of our company, is tied to an agile response to Sales opportunities and customer relations. While laptops and Cisco Any-Connect did meet their needs, both were clunky and Cisco Any-Connect accounted for over 600-service desk incidents in 2012. Our traders and IT staff also detested Cisco Any-Connect and the required token key, although using their smart phones to obtain a key did alleviate having to carry around that annoying RSA dongle.

Simply, we needed to mobilize their “at the office” desktop experience and make traveling transparent to their technology. Direct Access delivers this!

We took two routes – 1) iPad using Citrix Receiver 2) Windows 8 Surface Pro or Windows 7 laptop using Direct Access

After internal IT testing, we selected Windows Server 2012 Direct Access and Windows 8 Surface Pros for some of our Sales staff and senior Portfolio Managers. We started with our “early adopters” and then let technology envy do the rest (we have a very competitive group of users and when someone sees that they are falling behind because their peer has better technology, they want it). Our users immediately told us how much more they liked Direct Access but, as expected, were struggling with Windows 8 (really missed the Start button). We overcame this challenge with some one-on-one training and a one-page reference sheet (search and you’ll find plenty of examples). They quickly became comfortable the OS and overlooked the nuances after experiencing the mobility of the new VPN and tablet. For those users who wanted to stay with their Windows 7 laptops, we added DA to their system. That alone improved the mobile user experience. Eventually, all our mobile users were very pleased with this experience and this positive response continues.

It’s important to note that we are a Windows environment (SharePoint workflows, server, Win7 desktop, and MS SQL databases) using third-party applications and proprietary .NET solutions. Everything that worked in Windows 7 worked in Windows 8. We don’t experience many of the non-Microsoft pain points.

While the Citrix iPad solution worked well and delivered a reliable product, the user experience was so different they eventually stopped using iPads for business processes (other than email). Our users also disliked the additional “clicks” to obtain the final business information from the Citrix-published applications. We continue to support this option, but it’s not nearly as enterprise effective as DA and the windows-based devices.

Security is always an issue for us and removing the RSA key requirement for VPN didn’t increase our exposure. You can’t log in to our network with Direct Access without an active AD account. Your device also has to be in a special AD OU and you have to log in at least once at the office to receive a certificate. Only devices we issued and control can access our network after the company’s approval. Any device with a Citrix Receiver app, valid RSA key, and valid AD account can remote in. This increases network exposure. Simply, none-AD objects can access your network.

Here’s other reasons why the Surface Pro and Direct Access work better than the iPad Citrix solution:

  • Identical user experience anywhere when connected. Wi-fi, network cable, whatever.
  • Drive mapping works immediately when connected. We were pleasantly surprised by how much this was desired by our user base.
  • Single sign-on process to access their work environment when traveling.
  • Excellent n-tier application performance.
  • Full Microsoft Office experience.
  • Internet Explorer 10 is faster.
  • DA allows for two-way connectivity. We can now ensure our remote users receive SCCM 2012 patching and software deployments remotely.
  • Remote desktop support with Dameware or TeamViewer is much easier.
  • You can still use Cisco Anyconnect as a backup VPN solution.
  • DA client is part of the Windows 8 CAL and cheaper than the Citrix solution.
  • While the costs of a Surface Pro and ancillary equipment is more costly than an iPad (+$300-ish), it is cheaper than our standard laptop with docking station (-$600).

What we don’t like about the Surface Pro but liked about the iPad:

  • Battery life (4-hours for the Pro but over 10 for the iPad).
  • Lack of internal network connectivity (Verizon, for example).
  • We had to reimage each of our Surface Pros with Windows 8 Enterprise. We do this for all our systems anyway, using SCCM 2012, but still wanted to raise this as an issue for other teams.

Things you need to remember:

  • This is IPv6 and while we haven’t experienced any communication issues with IPv6, it is different. Research it and understand the differences.
  • Server 2012 Direct Access is ready for prime time while Server 2008 isn’t.
  • Windows 8 DA is much easier to install than Windows 7.
  • High-availability or Business Continuity for DA is painful, but achievable.
  • Learn to use IE 10 compatibility mode. We overcame all of our issues using this or F12.
  • Direct Access only works on certain versions of Windows 7 Ultimate or Enterprise and Windows 8 Enterprise (You’ll have to reimage your Surface Pros)
  • There are plenty of Direct Access and IPv6 troubleshooting sites, but here is a good one. Also, here’s one specifically for Windows 7. Our issues almost always point to a time problem with the Surface Pro or laptop time being greater than 5-minutes off.

Our mobile staff is more nimble, capable, and spend much less time on the phone with my help desk staff, which means their devoting more time to the job and not to the technology.


Home run!



Posted in Uncategorized | 3 Comments