Skype for Business server 2015 CU appearing in Windows Update again

Looks like Microsoft have started pushing the latest Skype for Business 2015 CU via Automatic Updates:

Even thought the master KB for updates still says that they wont do this:

Seen on Edge, Front End, stand alone Mediation and PChat servers.

A change in policy at Microsoft or someone messing up?

If you do try to install this way then you're going to get a nice error as the CU (as usual) requires that the SfB Services are stopped:

If you do stop the services (Stop-CsWindowsService) prior to running Windows Update, then the update will pop the installer window as if you had manually downloaded the update:

As there is no database update since .281 maybe this is an okay way to install the updates, but just remember to restart the services afterwards if you are not going to be restarting the server!

To be honest anyone who wants to have control over the deployment of the CU wont be allowing this anyway as they would control via WSUS/SCCM etc.

Unable to login to Skype for Business Online with BT Home Hub 6 - part 2

My frustrations with using the BT Home Hub 6 and Skype for Business Online are documented here:

Here's my write up on how I've fixed it:

First thing I tired was contacting BT. My first call was not great, eventually I got through to a team who I was told would be happy to talk to me about the issues but they would want a credit card number..... I made my excuses and left....   ;-)

I tried again and got through to a grumpy lady who (after I asked if she could disable IP6 on the Home Hub 6) literally said:

and said I should send the Home Hub 6 back < sigh > 

I went digging into the Home Hub 6 and found that I have both IP6 and IP4 public IP addresses, meaning things like my Tado which don't support IP6 can continue to work:

However my work laptop has an IP4 and IP6 address:

So the easiest thing to force my SfB client to talk to the O365 homed servers would be to disable IP6 on my laptop. The correct way of doing that is documented here:

But doing so would break Direct Access on my laptop, which would be a Bad Thing (TM)

Instead I forced the laptop to prefer IP4 over IP6 by making the following registry change:

(reg change file here:!Arx7Ss1l4DQIgZSrJsx7M0EtARKBXuI)

After a reboot I'm in business!

Hope that this helps someone out there.

Presence Unknown..... BUT WHY!

Have had a long running issue with a single user at a customer where I was unable to IM them or see their presence:

However they could IM me and see my presence fine.

The customer has on-prem Lync servers. I am on Office 365 which is setup in a Hybrid with our on-prem servers. Other people in Modality who are on-prem (Response Group users) could see this person fine (you want a name - okay, it's Leon).

It should be noted that I used to be able to see the presence and IM with no issue, also, after I moved to O365 I could. Something changed later* Anyway - back to the story....

When Leon IM'd me I would get errors like this in my event logs:

504  Server Time-Out
ms-diagnostics:  27002;reason="From-Uri Domain is not in the receiver-tenant allow list";source="Office365ServerName.INFRA.LYNC.COM";appName="IncomingFederation";OriginalPresenceState="0";CurrentPresenceState="0";MeInsideUser="No";ConversationInitiatedBy="6";SourceNetwork="5";RemotePartyCanDoIM="Yes"

A search on that error didn't really bring anything up of value as it was talking about the whole domain needing white listing and that couldn't be correct as it was a single user issue. We tried moving to different PC's, different networks, investigated policies that Leon had but all came up nil.

The issue wasn't a big enough pain for Leon to want to spend too much time troubleshooting but eventually while discussing about their customers Office 365 plans a light bulb went off.

"Leon, have you got your user account in Office 365 as well"

After confirming he had it was as simple as turning off Skype for Business for his user account in the customers O365 tenant:

and we were back in business:

So what happened?

My account is in Office 365. Leon's account was on-prem. He also had an account in Office 365 but Hybrid was not setup.

Therefore, when Leon IM'd me, his client talked to his on-prem Edge, resolved the DNS for Modality Edge, and got proxied to me in O365.

However, when I attempted to IM Leon, my client talked to O365, who saw that there was a matching O365 tenant for the domain and sent the IM there. Simply turning off Leon from having an Office 365 Skype for Business account allowed the Modality Office 365 tenant to ignore looking up his details in the cloud, I found the customers Edge server and all was well in the world.

Simple when you know how!

*what changed? The customer got Office 365 but had not setup all the hybrid integration (as they didn't want to use it all at that time).

CCE 2.1.0 - Draining Calls

The Cloud Connector Edition system for Skype for Business online is a very impressive collection of scripts and glue and luck that has the ability to build a complete SfB voice infrastructure and patch it automatically. One of the parts of this is not as good as it could be, read on if you get call drops when updating :-)

Environment is 2x CCE hosts in the same site. For the test below I first put the CCE2 into maintenance and make calls. Therefore forcing all calls through CCE1.

I make two calls:

Ensure that both calls are up and running and show on the Sonus:

Logging into the Mediation Server on the CCE1 you can see the calls are running through it:

Take CCE2 out of maintenance so that both CCE's take service calls (both calls are still running on CCE1).

On CCE1 run the command Enter-CcUpdate on an elevated PowerShell session

Based on the documentation ( I would expect this to drain the mediation server, waiting for the two nailed up calls to complete and to then gracefully stop the services.

Instead I get this:

Services are stopped and both calls are dropped. Bit of a fail when the documentation says:

"The appliance is “drained”—that is, all existing calls will complete, but new calls are rejected."


"The Enter-CcUpdate cmdlet will ensure that all running calls on a Cloud Connector appliance will complete, but the appliance will reject any new calls, which are transferred to other production appliances. This cmdlet enables you to update an appliance without affecting end users calls." (my emphasis!)

(Bonus points for the spelling of "Drainning" and "Forceing")

Its now logged as a ticket with Microsoft and I'll update as and when I have a resolution.

Update: 22nd January 2018
Confirmed as a bug and passed to Product Group to address. Workaround is to connect to Mediation Server and perform a Stop-CSWindowsService -Graceful command

Unable to login to Skype for Business Online with BT Home Hub 6

This is an embarrassing post to write but I hope it will help someone out there in troubleshooting! Anyway, on with the story:

Working for Modality Systems is great, but when I joined I pointed out that the daily commute was not something I fancied:

(side note - 2 hour 11 minutes - in which universe??)

Luckily working from home is one of those things you can do with the magic of Unified Communications Intelligent Communications as work really is that thing you do and not the place you go.

And that's fine until it stops working, lets set the scene.....

Its the Thursday after patch Tuesday. The previous day (Wednesday) I was in the Modality Systems main off in St Albans. Laptop had updated and working fine, Office install is Click-to-run. My user account is sync'ed from our internal domain to Office 365 and my Skype for Business account is homed in Office 365 with our setup being hybrid.

I boot my laptop and login. Direct access does its stuff, Group Policies apply, Outlook, Teams, OneNote, and SfB all load up and I start on some emails. I need to reach out to a colleague so switch to SfB and am presented by this:

"interesting" I think, I wonder why Skype is not signing in. Its been 15 minutes so since I logged onto the laptop so its really stuck, click cancel and try again but no joy..... 

Must be an O365 outage on Skype only, Teams and Outlook are fine and I can browse the internet with no issues so I plod over to the portal to check service status....

.....okay, so something about my account then, I check the internal AD and Azure AD, nothing looks out of place. I clear out the certificates from my local store....

....delete the contents of C:\Users\tobie.fysh\AppData\Local\Microsoft\Office\16.0\Lync and reboot, still no joy!

Boot up a laptop that has not been patched (and as a separate change, runs Office MSI). Still no joy. Leave that updating to latest versions and try and see this:

Ohhhh, so something is broken on our tenant then! I click the to “tell me more” and it takes me to:

Post on our internal Teams chat and Email some of the guys in the office (feeling like a failure at this point). No-one else in the org appears to be having issues so seems to be local to me.

While awaiting a reply go think maybe Edge related (as we are hybrid the DNS records point to our on-prem Edge server so prior to the endpointcache being updated I'm going to be hitting that). I RDPto a VM inside the network (over the magic that is Direct Access and IP4 to IP6 natting) and load Lync 2013 (its a test box) and I can login to my account!

So if I'm external to our network I can login to SfB but inside the network I'm fine?? Can't be tenant related. Maybe something about our Azure AD boxes, scratching head here.....

Suggestion comes back from colleague to try my mobile app:

wait... wait... wait...

No joy.

Okay, so looks like my account, for fun I switch to bounSky and just check that I can login using my client to another estate and bang, I'm in. I test a few (Lync Server 2010, 2013 and a SfB 2015 server) all okay.

I then try a pure cloud customer.

And can't login..... I try a second customer who is hybrid and I can't login to a O365 user. On that same customer I then try a user account that is homed on-prem and CAN login (and these tenants are all hosted in different regions to the Modality tenant).

Brain is tied in knots now. About to log a ticket with O365 support but for fun think that there might be something about my home network. I turn on the hotspot fucntion of my phone connect the laptop to it and bang, the lovely 4G network allows me to login straight away.

Have a think about my network. What's changed recently. My Router. My lovely new Home Hub 6. Thanks BT, maybe its you! I reboot the router.

No joy, I then remember that I commented while doing firewall traces last week that I appeared to have an IP6 address with my new router:

I dig out the old Home Hub 5 (it was in the returns box awaiting to go back to BT) and plumb it in...... I now have an IP4 address:

And immediately desktop Skype for Business signs in.

My phone, signs in (it was on the WIFI before, go check the screenshot!)

Obviously Mr Cropley has already tweeted a reply to me:

And directs me to the source:

So - I need to support customers who wont have enabled IP6 in their tenants so as a consequence the Home Hub 5 is back in pride of place beside the fish tank and the HH6 is being say in the corner like a naughty child

I've tweeted BT to see if they can help disable IP6 on my account:

and will update if I get a response.

Update 14th December: Here's the fix!

PEM certificate files on Windows

While doing certificate renewals for a client recently I was given PEM format files which I needed to convert into a certificate that Windows can consume.

  1. Download a copy of OpenSSL which has been complied for Windows (
    Note: You can do this on your workstation, it does not need to be done on the same machine that created the certificate request.

  2. Extract to a temporary directory:

  3. Extract the files you got from the Public CA into the same directory

  4. From an elevated command prompt Change Directory into your folder and type the following command:

    openssl.exe pkcs12 -export -out server.p12 -inkey PrivateKey.txt -in SSLCert.txt

  5. OpenSSL will ask you for a Password and then ask you to confirm:

  6. And a portable certificate file will be created:

  7. Now simply import into the Windows certificate store and you're good to go

CCE unable to report into Office 365.

2x CCE Appliances. Both using the same username and password under tenant admin (checked using Get-CcCredential).

Auto Upgrade kicks in and both successfully upgrade to v2.0.0:

However looking in Office 365 Admin Portal we can see that one never checked back in with the mothership to say its upgraded:

Looking in the CceManagementService.log we saw the following:

"CceService Warning: 0 : Appliance Manager: Failed to Load or update tenant configuration. Exception: System.Management.Automation.CmdletInvocationException: Failed to logon with given credentials. Make sure correct user name and password provided. ---> Microsoft.Rtc.Admin.Authentication.CommonAuthException: Failed to logon with given credentials. Make sure correct user name and password provided. ---> Microsoft.Rtc.Admin.Authentication.IdcrlExtendedException: 

All checks that we could think of were performed (re-entering credentials, reboots, checking networking, proxies) but to no avail.

Opened a ticket with Office 365 support who at the outset seemed equally as confused. It should be noted that all through this the VM's continued to work fine and calls were traversing the CCE's - it was "only" the management service that was failing to login.

While this was happening, version 2.0.1 of CCE was released and BOTH hosts upgraded themselves:

even though still in the portal only one was reporting back in:

Eventually a reply came back to try to upgrade the Skype for Business Online, Windows PowerShell Module to a newer version, taking it from:


And after restarting the Management Service we have success:

The explanation I had back from Microsoft Support was the tenant was enabled for ADAL and the latest PowerShell supports MFA enabled accounts. They were unable to explain why this was only affecting one CCE though.......

Skype Room System v2 custom image guide

Working at Modality Systems means that we get access to future tech by being part of the TAP programs for Skype for Business, usually that’s access to early versions of software (such as the redesigned Mac client, Teams, or pre-release Cumulative Updates) or new features being enabled on our Office 365 tenant (such as Auto Attendant, and Call Queues).

Iain Smith managed to get us onto the Rigel TAP program and have been using beta hardware devices in both of our main meeting rooms in our St Albans office for a fair few months going through different iterations of the software. Recently Logitech gave us a one of their Smart Docks which we have put to good use in our boardroom. The extender cable system means we can easily have the console of the Skype Room System v2 in the centre of the room driving the two Front of Room displays.

Recently Microsoft released the documentation for how to put a custom image onto the device but the documentation is clearly a v1 as it doesn’t give the full information about how the image will work over the screens.

I’ve spent a little while playing with the images and have found the following:

The SRSv2 can be deployed with either a single Front of Room display or dual displays, but for both you need to create an image that is 3840X1080 pixels. This is 2x Full HD screens stitched together. So even if your SRS has a single screen then you are require to create the same size file but it will use the right hand side of the image only.

However there is a complication in that the console will also use this image, however it is not a Full HD screen. As such I've produced the following image that you can use as a template for your SRSv2's

This image and the associated SkypeSettings.xml can be found here): 

A device with dual Front of Room displays will show the red rectangle on the left screen, the yellow and blue rectangle on the right hand screen. The console will only show the yellow rectangle (which makes the console screen resolution 1620X1080 pixels).

If you device only has a single Front of Room display then you still need to create an image that 3840X1080 pixels however only the right hand side is used.

To demonstrate this here are some images of the two meeting rooms in the Modality Systems St Albans office with the above image on both:

Single Front of Room screen system:

Dual Front of Room screen system:

If you have any questions about the SRSv2 please let me know in the comments and I'll do my best to help.

LS Data MCU error on Lync 201x & SfB 2015 after May 2017 OS patching

Update 12/12/2017 12:05 - SfB CU out taking the version to 6.0.9319.510 has a fix for this. Nothing expected for Lync Server 2013 or 2010.

Update 23/05/2017 23:12 - Official confirmation should appear under within 24 hours. Product Group have Development Resource assigned so looks like a CU will be coming to fix this.

Seeing multiple customers on Lync 2010, Lync 2013 and Skype for Business server 2015 front ends:

Front End event log every minute, Event ID 41026 followed by 41025:

"No connectivity with any of Web Conferencing Edge Server, External Skype for Business clients cannot use Web Conferencing modality

On the Edge server seeing the following:

"Web Conferencing Server connection failed to establish

Over the past 3 minutes Skype for Business Server has experienced incoming TLS connection failures 1 times(s). The error code of the last failure is 0x80072746 and the last connection was from the host ""."

After trying disabling IP 6 on FE and Edge:

and “On FE you can change IIS Web sites bindings to IPv4 IP address instead of all unassigned.”

The fix so far was to uninstall the May Security and Quality rollup for the .Net Framework 4.5.2, reading the release notes this hardens TLS communications for EKU so seems to fit with the error messages being shown

Server 2012:

Server 2012 r2:

Logged with Microsoft as ticket 117051115723411

Update 21:54 (changed title as well):

Confirmed by Microsoft as known issue and public KB is being prepared:

"This update adds an additional check on Enhanced Key Usage (EKU), since all Lync/ SfB Server usually use the Web Server template they will only have the Server Authentication in the EKU."

Issue has been reproduced on Lync 2010, Lync 2013 and Skype for Business 2015 on all supported server versions (2008r2, 2012, 2012r2).

Current Workarounds:

1 - Request new Edge Internal certificate with the Client and Server Authentication.


2 - On the Front Ends disable the check for the Web Conferencing Service. Please note that these registry keys are for the default install locations.

Lync Server 2010:

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\System.Net.ServicePointManager.RequireCertificateEKUs /v "C:\Program Files\Microsoft Lync Server 2010\Web Conferencing\DataMCUSvc.exe" /t REG_DWORD /d 0 /f

Note: Lync Server 2010 still uses the .NET 3.5 this is why we have the v2.0.50727.

Lync Server 2013:

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.RequireCertificateEKUs /v "C:\Program Files\Microsoft Lync Server 2013\Web Conferencing\DataMCUSvc.exe" /t REG_DWORD /d 0 /f

Skype for Business Server 2015:

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.RequireCertificateEKUs /v "C:\Program Files\Skype for Business Server 2015\Web Conferencing\DataMCUSvc.exe" /t REG_DWORD /d 0 /f

After adding the registry key simply restart the Web Conferencing service

Thanks to David Paulino (Twitter) at Microsoft for the update.

Update 22nd May 2017 11:07
Seeing different items broken in different environments from the following list: Q and A, Screen Share, Whiteboard, PowerPoint sharing via OWAS/WAK/OOS (Thanks Py7h0n and others for reporting).

Windows Server 2012 Windows Update taking ages

Update: 23rd May 2019:

This old chestnut has raised its head again with the May 2019 updates.
If Windows Updates are taking and age.
  1.  Stop the Windows Update Service
  2. Download the correct Flash Player update from 
  3. Install
  4. Check for updates
  5. Relax ;-)

Original post:

There's a known issue at the moment with server patching when you have the Desktop Experience feature installed (which means Lync/Skype for Business FE's).

Running check now results in the never ending progress bar:

and looking in the WindowsUpdate.log file we never see any progress.

Speaking to Microsoft support this is due to a bug in Adobe Flash and its interaction with the WU client. If you look at your processor usage you can see that the Windows Update process is running, it's just that you are getting no feedback.

On one server I started this process running on 23rd April and it finally finished with patches available on the 6th May:

So if you have the time to wait then this does work (no need to try to kick it by deleting stuff, re-registering DLL's, or performing any of the voodoo that you can find suggested in the TechNet forums!).

If you don't have this time then the advice I had from Microsoft was:
  1. Install MS17-005: Security update for Adobe Flash Player: February 21, 2017 (Use the Microsoft Update Catalog) :-
  2. Install MS17-023: Security update for Adobe Flash Player: March 14, 2017 (Use the Microsoft Update Catalog) :-
  3. Check for updates (should be back to normal speed).
If that doesn't work then:

Remove the Desktop experience feature and then check for updates. To remove do the following:

  1. Open Server Manager on the machine.
  2. Click on Manage>> Remove Roles and Features.
  3. We have to then be on the features tab and then under "User Interfaces and Infrastructure" uncheck "Desktop Experience" and the click next and finish

Modality Systems CustomInvite tool AD/GPO deployment an (almost) step by step

Update: 22nd March 2019 - little amendment to the script so that it now checks that the version of CI already present is equal or greater than the version being offered by the script - this allows the easy spot roll out of new versions to individuals for testing. Hint - big change coming soon  ;-)

Working for Modality Systems has been a blast for the last 18 months and for the last few I was helping to look after internal IT while we recruited for a new IT Manager (Welcome Dan!) PS - we're always on the look out for top talent to join us.

One of the reasons that we are Partner of Year (Communications) is our vibrant dev team who have publically released some brilliant tools over the years such as SuperToast (which I was pushing back in 2012!!), and the Business Applications suite. This is alongside the tons of custom development work that they do for customers (I'd love to blog about this but our Dev MVP Tom Morgan will have beaten me to it!).

Our newest public release is CustomInvite. This is not a post about how good the software is (it is very cool), instead this is about how I deploy versions to staff machines so we can dogfood drink the champagne of our award winning tool.

As yet we are not using System Centre Configuration Manager to deploy software through the Modality estate so I had to go back to good old system startup scripts (advantage - FREE!). Our users have domain joined machines in the main with Direct Access back to the corp network so this method would work for the majority of users. We have a mixed estate of both Office 2013 and 2016 and a mixed "bitness" of Office of both 32 and 64 bit. Most third party addins like CustomInvite are only designed for 32 bit Office but our dev team have made sure 64 bit is treated like a first class citizen too!

First part of the deployment is to get the files into AD. We have 4 files that come from CustomInvite and then another two files that we are going to create manually.

The first two files to deploy are the GroupPolicy Template files that need do be dropped onto a domain controller:

File Location
CustomInvite.admx C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions
CustomInvite.adml C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\en-US

Now we have these files in AD (wait for replication) its time to setup your policy for your templates. The pre-requisites for this is that you have your RTF templates stored on a UNC share somewhere (or you know where that will be). Now you can create a Group Policy Object like so:

  1. The name of the default template that CustomInvite should load
  2. Your license code
  3. How often CustomInvite should look for new templates in.....
  4. ......this UNC location
Note that this is a Computer Configuration and that the User Configuration is disabled.

Next part is to create the GPO that installs CustomInvite. I separate this out into a second GPO so that I can have multiple versions of the GPO to target different teams with different installs.

This GPO simply has a Computer Startup Script that does the actual install:

  1. The script file that will run
  2. Forcing the PC to wait for the network (otherwise the script may not be found).
Note that this is a Computer Configuration and that the User Configuration is again disabled.

Note that the script is a simple batch file and the run time for a PC connected over home broadband is about ~5 seconds:

The contents to the batch file is as follows:


REM --------------------------------------------------------------------------------------------------------------------
REM  Installs CustomInvite
REM --------------------------------------------------------------------------------------------------------------------

REM --------------------------------------------------------------------------------------------------------------------
REM  Changelog
REM 20170130 - DLL looked for changed from "Modality.LyncAppointmentAddin.dll" to "Modality.CustomInvite.dll"
REM 20170207 - Added in variable names to make future updates easier
REM --------------------------------------------------------------------------------------------------------------------

REM --------------------------------------------------------------------------------------------------------------------
REM  How to use
REM  Ensure you have the two install files in the same directory as this script file.
REM  Install files need to have the name "CustomInvite_Outlookx##_?.??.msi"
REM  Where "#" is the bitness of the version file (86 or 64)
REM  and ?.?? is the version number.
REM  Once you have these then you can amend the variables below

REM --------------------------------------------------------------------------------------------------------------------
REM  Variables

Set _CustomInviteVersion=2.20
Set _32BitCustomInviteVersion=2.20.6247.28084
Set _64BitCustomInviteVersion=2.20.6247.28179
Set _OUFolderName={C0B66EA0-1F62-4977-A716-8AAEE5996CF8}

REM --------------------------------------------------------------------------------------------------------------------
REM   Seriously - here be dragons!
REM --------------------------------------------------------------------------------------------------------------------

SET WMICCommand="WMIC Path CIM_DataFile WHERE Name='C:\\Program Files (x86)\\Modality Systems\\CustomInvite\\Modality.CustomInvite.dll' Get Version"
FOR /F "skip=1" %%X IN ('%WMICCommand%') DO (
IF %%X GEQ %_32BitCustomInviteVersion% GOTO :foundCustomInviteX86

SET WMICCommand="WMIC Path CIM_DataFile WHERE Name='C:\\Program Files\\Modality Systems\\CustomInvite\\Modality.CustomInvite.dll' Get Version"
FOR /F "skip=1" %%X IN ('%WMICCommand%') DO (
IF %%X GEQ %_64BitCustomInviteVersion% GOTO :foundCustomInviteX64
echo %date% %time% - WARN - CustomInvite %_CustomInviteVersion% NOT found on %computername% >> \\mk-dc-01\SoftwareDistribution\CustomInvite\log\Install.txt

REM --------------------------------------------------------------------------------------------------------------------
REM  Check Registry for Outlook Bitness
REM --------------------------------------------------------------------------------------------------------------------

FOR /F "TOKENS=3 SKIP=2" %%A IN ('REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Office\ClickToRun\Configuration" /v Platform') DO (SET BN_VALUE=%%A)
if %BN_VALUE% EQU x64 goto x64CTR
if %BN_VALUE% EQU x86 goto x86CTR

FOR /F "TOKENS=3 SKIP=2" %%A IN ('REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Office\16.0\Outlook" /v Bitness') DO (SET BN_VALUE=%%A)
if %BN_VALUE% EQU x64 goto x64Office2016
if %BN_VALUE% EQU x86 goto x86Office2016

FOR /F "TOKENS=3 SKIP=2" %%A IN ('REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Office\15.0\Outlook" /v Bitness') DO (SET BN_VALUE=%%A)
if %BN_VALUE% EQU x64 goto x64Office2013
if %BN_VALUE% EQU x86 goto x86Office2013

if %BN_VALUE% EQU "?" goto OutlookNotFound

REM --------------------------------------------------------------------------------------------------------------------
REM  Log Outlook Bitness
REM --------------------------------------------------------------------------------------------------------------------

echo %date% %time% - INFO - Office ClickToRun x86 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto InstallX86

echo %date% %time% - INFO - Office ClickToRun x64 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto InstallX64

echo %date% %time% - INFO - Office 2016 x86 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto InstallX86

echo %date% %time% - INFO - Office 2016 x64 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto InstallX64

echo %date% %time% - INFO - Office 2013 x86 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto InstallX86

echo %date% %time% - INFO - Office 2013 x64 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto InstallX64

REM --------------------------------------------------------------------------------------------------------------------
REM  Install X86 Version
REM --------------------------------------------------------------------------------------------------------------------

Echo %date% %time% - INFO - Attempting install of CustomInvite %_CustomInviteVersion% x86 on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
MD c:\ModalityCustomInvite
CD c:\ModalityCustomInvite
Copy \\DOMAINNAME\SysVol\DOMAINNAME\Policies\%_OUFolderName%\Machine\Scripts\Startup\CustomInvite_Outlookx86_%_CustomInviteVersion%.msi c:\ModalityCustomInvite
MSIEXEC /passive /i CustomInvite_Outlookx86_%_CustomInviteVersion%.msi 
del CustomInvite_Outlookx86_%_CustomInviteVersion%.msi
SET WMICCommand="WMIC Path CIM_DataFile WHERE Name='C:\\Program Files (x86)\\Modality Systems\\CustomInvite\\Modality.CustomInvite.dll' Get Version"
FOR /F "skip=1" %%X IN ('%WMICCommand%') DO (
IF %%X == %_32BitCustomInviteVersion% GOTO :InstalledCustomInviteX86 
Echo %date% %time% - FAIL - CustomInvite %_CustomInviteVersion% x86 Failed to install on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto End

REM --------------------------------------------------------------------------------------------------------------------
REM  Install X64 Version
REM --------------------------------------------------------------------------------------------------------------------

Echo %date% %time% - INFO - Attempting install of CustomInvite %_CustomInviteVersion% x64 on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
MD c:\ModalityCustomInvite
CD c:\ModalityCustomInvite
Copy \\DOMAINNAME\SysVol\DOMAINNAME\Policies\%_OUFolderName%\Machine\Scripts\Startup\CustomInvite_Outlookx64_%_CustomInviteVersion%.msi c:\ModalityCustomInvite
MSIEXEC /passive /i CustomInvite_Outlookx64_%_CustomInviteVersion%.msi 
del CustomInvite_Outlookx64_%_CustomInviteVersion%.msi
SET WMICCommand="WMIC Path CIM_DataFile WHERE Name='C:\\Program Files\\Modality Systems\\CustomInvite\\Modality.CustomInvite.dll' Get Version"
FOR /F "skip=1" %%X IN ('%WMICCommand%') DO (
IF %%X == %_64BitCustomInviteVersion% GOTO :InstalledCustomInviteX64
Echo %date% %time% - FAIL - CustomInvite %_CustomInviteVersion% x64 Failed to install on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto End

REM --------------------------------------------------------------------------------------------------------------------
REM  Found Correct Custom Invite x86 Version
REM --------------------------------------------------------------------------------------------------------------------
echo %date% %time% - INFO - CustomInvite %_CustomInviteVersion% x86 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto end

REM --------------------------------------------------------------------------------------------------------------------
REM  Found Correct Custom Invite x64 Version
REM --------------------------------------------------------------------------------------------------------------------
echo %date% %time% - INFO - CustomInvite %_CustomInviteVersion% x64 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto end

REM --------------------------------------------------------------------------------------------------------------------
REM  Installed Correct Custom Invite X86 Version
REM --------------------------------------------------------------------------------------------------------------------
echo %date% %time% - GOOD - CustomInvite %_CustomInviteVersion% X86 Installed on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto end

REM --------------------------------------------------------------------------------------------------------------------
REM  Installed Correct Custom Invite X64 Version
REM --------------------------------------------------------------------------------------------------------------------
echo %date% %time% - GOOD - CustomInvite %_CustomInviteVersion% X64 Installed on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto end

REM --------------------------------------------------------------------------------------------------------------------
REM  Outlook not found
REM --------------------------------------------------------------------------------------------------------------------
echo %date% %time% - FAIL - Outlook not found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto end

REM --------------------------------------------------------------------------------------------------------------------
REM  Finish
REM --------------------------------------------------------------------------------------------------------------------


NOTE: Even thought the script says "SHOULDN'T NEED TO AMEND ANYTHING PAST THIS LINE" you'll need to change "DOMAINNAME" to your domain name and "SERVERNAME" to the server name where the log file is going to be written too.

In essence the script does the following:

  1. Sets some variables for the version of CustomInvite we are installing
  2. Checks to see if that version is installed (first 32 then 64 bit) - if found > LOG > END
  3. Checks the bitness of the installed version of Outlook > LOG (if not found LOG > END)
  4. Installs (or updates) the correct bitness of CustomInvite and tests if installed > LOG (if install fails LOG > END)

In future when a new version of CustomInvite is released you can simply update this one script file or copy the GPO and create a new version for each install (that's the "Variables" bit in the script!)

A copy of the script file is hosted here too.

Once you have amended the file to fit your environment and downloaded the files you should end up with a Group Policy Object folder that looks like the following:

You'll also need a network share that has READ/WRITE access for the log file to be written too:

Hopefully this is enough to help you get up and running with CustomInvite. If you would like some adhoc support on this process please comment and I'll do my best to reply :-)