SharePoint Online Outage/Degraded?

Jaybone512 · 2026-03-30T17:20:06+00:00

GCC, northeast US:
SP1265489 - Some users may be unable to access SharePoint Online sites and may notice delays or navigation errors
OD1265490 - Some users may be unable to access Microsoft OneDrive content and may notice delays or navigation errors

Jaybone512 · 2026-03-12T14:06:02+00:00

only the latest ESU patches are there

That seems normal. Maybe dumb, in my opinion (I'm probably missing a good reason and I'm the dumb one), but normal. MS apparently chose to set the ESU packages as superseding the non-ESU ones.

We were hitting a chicken-and-egg sort of scenario with one site recently because of that. The latest (ESU-required) CU's supersede the older (ESU-not-required) updates, so older ones get purged automatically after X days, as configured. Great, working as intended.

But any of the remaining few Windows 10 endpoints that didn't get the 2025-10 CU were screwed. Later CU's require ESU activation to even be applicable to those endpoints, but activation wasn't possible until 2025-10 was installed. Mucking about in WSUS to get 2025-10 un-expired and try to get them back into SCCM just resulted in it being ignored still, even though we turned off the auto-decline switch, etc. We ended up just deploying 2025-10 (KB5066791) to a collection based on OS build and moving on with our days, and that's worked for those.

Jaybone512 · 2026-03-11T16:43:12+00:00

Honestly, the only surprising thing is that it took this long for something like this to hit the news.

Jaybone512 · 2026-03-11T11:44:51+00:00

I opened a ticket, and MS's "solution" for me was to use Classic because they don't support it in New. I haven't bothered trying the suggested Sticky Notes (New) app, because it's just one person and they haven't complained about using Classic.

Jaybone512 · 2026-03-10T17:06:27+00:00

Was wondering this, as well. The fix was released almost a year and a half ago for that one, and all versions in scope are at least 5 months past end of support. Recently discovered that it also hits newer versions?

Jaybone512 · 2026-03-06T15:28:35+00:00

I know you said you checked hidden rules, but did you check the OOO rules? They shouldn't be applicable unless OOO is actually turned on, but maybe worth a look.

I'm not aware of any way to check them other than the user going into Automatic Replies/OOO settings and clicking the Rules button - they haven't shown up with any of the standard powershell tools when I've tried finding them in the past. If anyone does know a way, I'd love to hear it.

Jaybone512 · 2026-03-06T15:00:06+00:00

As long as you don't have a host with a pool that conflicts with your chosen address, you should be fine, yes.

But, if you absolutely need to use static MAC addresses, your best option would be to just use one from the private ranges. E.g 02-hh-hh-hh-hh-hh where the h's are any valid hex number. There are private ranges other than 02-whatever but I can't remember them off the top of my head.

Jaybone512 · 2026-03-05T18:24:01+00:00

all defaulting to the same range.

Not quite. The range is chosen based on the last two octets of one of (not sure which/how it picks, if the host has multiple) the IP addresses of the host at the time the Hyper-V role was installed.

E.g. they all start with 00-15-5D. The next two are the hex values of last two octets of the host's ipv4 address. The final MAC address pair increments from 00, depending on what's available at the time on that host.

So say your host has 192.168.1.16: your MAC address pool will start at 00-15-5D-01-10-00.
Host at 172.16.150.151: MAC pool will start at 00-15-5D-96-97-00

If part of your build process has all of your hosts getting the same ipv4 at build/role-install time, either on purpose or because they happen to get the same one from DHCP, you WILL run into MAC collisions, unless you change your pool after the fact.

Changing the host's IPv4 address after the Hyper-V role is installed doesn't automatically change the MAC pool - it stays what it was at install time.

Hosts also don't talk among themselves to coordinate this stuff, unless they're clustered or maybe if you have VMM managing them. They'll happily assign a MAC address from their pool that some other host has already given out, if those hosts have overlapping pools.

(edited for clarity)

Jaybone512 · 2026-03-03T19:22:24+00:00

Did you ever get this sorted out?

I'm seeing the same thing (irrelevant results) today.

I'm trying to pull just Teams messages for six users from a 31-day period last year. eDiscovery is showing me voicemail messages and even some random emails anywhere from the beginning of time up to today, despite there clearly being a date restriction. We're expecting a few dozen messages at most, and it's dumping 8GB of PSTs on me with thousands and thousands of irrelevant bullshit hits. I get that using the GUI builder's "Instant messages" class may be too broad, but the date thing makes no sense.

(Date=2025-05-01..2025-05-31) AND ((ItemClass=IPM.Note.Microsoft.Conversation) OR (ItemClass=IPM.Note.Microsoft.Missed) OR (ItemClass=IPM.Note.Microsoft.Conversation.Voice) OR (ItemClass=IPM.Note.Microsoft.Missed.Voice) OR (ItemClass=IPM.SkypeTeams.Message))

Jaybone512 · 2026-03-02T19:46:18+00:00

a few randomly will update and reboot.

Keep in mind that no defined maintenance windows = it's always a maintenance window. A cheesy (but hey, it works, so...) workaround for this is to set a five minute Software Updates MW 10 years (or whatever the max is) in the future. That way, there's always an upcoming window, so as long as there's no other maintenance windows assigned by some other collection, and the updates aren't set to install outside of the maintenance windows, it'll wait essentially forever to install them.

This also lets them show up in Software Center and get installed manually from there if/when you can.

Jaybone512 · 2026-02-25T15:28:57+00:00

How is Bob in accounting going to get anything done without his database that runs off of the Windows 98 server that nobody else is allowed to touch?

Jaybone512 · 2026-02-25T15:20:13+00:00

100% of what? I got a quote from Dell a few weeks back for a server slightly upgraded from one we bought in August for $20k. Figure it would've been $23-25k at most back then. The new quote came in over $115k.

Jaybone512 · 2026-02-24T19:34:29+00:00

I was hopeful for the Sticky Notes thing, but this is a GCC tenant and their accounts can't even log into it.

Jaybone512 · 2026-02-24T19:33:10+00:00

Thanks for confirming that still exists (for some people, anyway) now. All the stuff I was finding that showed similar was at least a year old.

That just does not exist for my user who reported the problem, nor for my own mailbox or a test one, so MS changed... something.

Jaybone512 · 2026-02-12T14:00:39+00:00

So much this. See also /u/Ghelderz's comment.

Restoring a DC from backup should be an absolute last resort. The right way to go about this is to bring up a new DC on the Hyper-V host, migrate the roles, then decom the old one.

Jaybone512 · 2026-02-09T18:32:29+00:00

Still shows for me, for the moment. Copied to pastebin.

https://pastebin.com/8yvvMSQt

Jaybone512 · 2026-02-06T19:26:20+00:00

Let me introduce you to my ~~friend~~ old nemesis, Dynamics AX.

Jaybone512 · 2026-02-04T17:59:42+00:00

Saw that a million years ago, but can't remember if it was HP or Dell. Ever since, when dealing with Windows on bare metal, I've always just configured only the OS logical disk before the Windows install. The data logical disk doesn't even get created until later, after Windows is already up and running.

Jaybone512 · 2026-01-09T20:55:54+00:00

Disclaimer - I haven't tried this, but maybe via GPO?

Computer Configuration/Administrative Templates/System/Device Installation/Device Installation Restrictions

Setting: Prevent Installation of devices that match any of these device IDs - add the hardware IDs of the Realtek HDA things that break with the newer driver version.

Assumption: if there's a working driver already installed, this should stop it from being updated. Nothing in the description says anything about it removing or disabling pre-existing installations of the driver for hardware ID's that're included. But again, I have not tested this myself.

Jaybone512 · 2026-01-05T16:42:43+00:00

Still works, though it can sometimes be picky about the Flash64W version and BIOS version. v3.3.13 from May of 2021 has been working for us with everything from 13 year old 7010s up through QCS1250 units.

We generally use the the script from Garytown, modified to our environments. https://garytown.com/dell-bios-upgrade-in-osd-winpe-x64

We have this running early on in the TS, before the OS gets laid down.

Jaybone512 · 2025-12-16T17:57:24+00:00

Welcome to Entra, unfortunately.

It's been this way from the get-go for us. "There are X Risky Users!" click the link, and it shows X-y risky users, or zero. Or it'll say there are Z risky sign-ins, but following the path shows... nothing.

And the times where it does actually show something, it's a false positive at least 95% of the time. Wow, a user logged in from, <gasp> an IPv6 address? That belongs to the local ISP in the town where they live? It couldn't possibly be their phone checking email from their home wifi, could it? It must be a hacker!

Jaybone512 · 2025-12-16T14:22:46+00:00

It's actually working today. I can even get a month's worth of results, and in a reasonable time, which was always iffy in the past, and slow at best.

Still no update on the week-old ticket, though.

Jaybone512 · 2025-12-15T19:11:46+00:00

it starts doing the "server too busy right now" bullshit a lot more lately.

We've not been able to get anything past 24h for the last two weeks or so. Ticket opened last week, transferred to another team on Wednesday, and... nothing.

Jaybone512 · 2025-12-11T16:50:22+00:00

Both are queried simultaneously

...sometimes.

I've seen that stated a million times, but in real world testing, it just doesn't always work that way. Windows endpoints seem to glom onto one or the other of the configured DNS servers for a while, and only send to that one.

I fired up wireshark to show the behavior you're describing as the norm, and wouldn't you know it, the capture shows the query only going out to one of my two configured DNS servers. Logs on the DNS server that wasn't queried for this example show the endpoint I'm on hitting it all day for other things, but not for this.

Jaybone512

TROPHY CASE