UPDATE (11:30):

Following a meeting of the Critical Incident Team at 11:00 the incident has been closed. This is due to the lack of open and ongoing problems. We are continuing to proactively monitor the situation and if the status changes we will reopen the incident.

Thank you for your patience on this incident.


INITIAL (10:00):

Around 9 am this morning (25th May 2017) a critical incident affected a component of the network services provided to University of Reading Staff and Students. This component (DHCP – Dynamic Host Configuration Protocol ) is related to the provision of internet addresses to the computer and without an address network access is lost.

For further information or advice regarding this issue then please contact the IT Service Desk via the Self Service Portal (https://uor.topdesk.net/) or phone 0118 378 (6262).


There have been a number of reports over the last few days of Scam phone calls targeting University of Reading staff. The caller purports to be from Microsoft saying that a PC is unsafe and asking for access. If access is given then they will most likely use this as a way of installing malware on your machine or as a way of asking for payment.

This is a scam and staff should terminate the phone call as soon as they determine it is not legitimate. You should then report this through the IT Portal.This will allow us to track numbers and ensure that we are able to respond to an increase in reports. No action will need to be taken following the call, unless you allowed the third party to install any software.

General advice to follow to prevent falling victim to these kind of scams:

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • US-CERT and Microsoft also provide advice on avoiding social engineering and phishing attacks.


The Information Technology department is currently working hard on mitigating the risks associated with the latest CyberSecurity incident: the WannaCry worm; the cyber-attack that affected a wide range of institutions last week.

What is it and what are the challenges affecting the University?

The worm affected computers that had not been properly patched, or that were running old operating systems. It follows a tradition of “worms” that have affected computers over a long period of time. The first worm was created in 1988 by mistake, but there have been many others that have affected the internet since and they continue to pose a threat today.

They all exploit vulnerabilities in operating systems: effectively where the code in a program has been poorly written and allows someone other than the intended user to access or control the program. When vulnerabilities are discovered, they can be “patched” – another piece of code is written to fix the code and remove the vulnerability. If the patch is not applied then the original program is left vulnerable to being attacked and the longer it is left the more likely it is that the vulnerability will be exploited and the software that is being used or the data that is being accessed will be compromised.

This is a particular challenge in environments where the management of computers is not well controlled – patching is disruptive (PCs often require a reboot) and time consuming – so machines and software are not always kept up to date. Also a University, like the NHS, will often have machines that are running expensive equipment (for example scanners, microscopes and other scientific equipment). These are often based on old operating system that cannot be easily upgraded and so the choice is to either buy a new piece of equipment or accept/mitigate the risks associated. This can be a very difficult decision to make.

What can you do to help?

There are a number of things that you can do to help:

  • Ensure that patches are applied. While the IT department will push patches out to machines, they often need to be rebooted to be applied. Make sure your machine is rebooted when prompted.
  • Use central file shares or OneDrive for Business to store information. The data is either backed up or previous versions are kept. In the event of a successful ransomware attack we can go back to an earlier version before the file was encrypted – if it is stored on a local drive it may not be backed up and will be lost.
  • Don’t fall for scam emails or websites. Be suspicious of anything you are not expecting and don’t open unexpected email attachments. If you are unsure then contact the sender, preferably by a different method (e.g. phone or text)
  • If you aren’t certain then contact the IT Service Desk they are there to help you with your questions and provide advice.


UPDATE 2: Following a configuration change around midday we have seen an improvement to the service stability. This has continued to be monitored throughout the afternoon and has provided a consistent level of performance. Close monitoring will continue again tomorrow.

Thanks for your patience whilst we have been troubleshooting

UPDATE: We are currently still working on a permanent fix for this problem but have identified a workaround for this. Instructions on the workaround below:

  1. Go to: Control Panel -> Mail (32-bit) -> Email Accounts
  2. Double click on your username
  3. Go to: More Settings -> Connection -> Exchange Proxy Settings
  4. Un-tick ‘on fast networks…’
  5. Ensure ‘on slow networks..’ is ticked

Users are reporting that this workaround is correcting the problem. We are working on a more permanent solution.

We have had a recurrence of last weeks interruption to staff email. We are investigating the problem and working on a fix.



Remedial work on the affected infrastructure has been successful and most services are now restored. There are a few exceptions that are being investigated as a matter of priority: Timetabling, MyID and Comino. If there are other systems that are affected please let us know.

Work is ongoing and as such there may be the need for interruptions, but at the moment we do not anticipate the need for this. An incident review will be held over the next few days to investigate the cause, how we responded and how we can improve the processes for the future.


Services are now being restored, but should be considered at risk and in a degraded state.

This will be experienced as slowness or in some cases a loss of service. Some services such as Blackboard, email and the main University of Reading website are still available and unaffected.

As a result of planned maintenance on the physical infrastructure we have experienced an unexpected interruption to service affecting a number of central services.

We are working to resolve these issues as quickly as possible and will be bringing services back online over the course of the morning.

Further updates to follow here, Twitter and TOPDesk


UPDATE: A detailed article has been published on ‘Naked Security’, a popular informative website about online security. Check the article out for further information on this Phishing campaign.

We have had a few reports from people receiving the following email and other Universities have confirmed that they have also seen it.

If you receive this email do not open the attachment, it contains malware (a macro virus).

Please think carefully before clicking on links in emails or opening attachments.

If you receive one of these emails then you should delete it. If you have any concerns then you should contact IT on ex 6262 or at it@reading.ac.uk


The email looks something similar to this:

Hello, xxxx!

I am disturbing you for a very critical matter. Allhough we are not familiar, but I have large ammount of information concerning you. The thing is that, most probably mistakenly, the information of your account has been emailed to me.

For example, your address is:

Xxxxx xxxxxx xxxxxx

Xxxxxx xxxx


Postcode: xxxxx

I am a law-obedient citizen, so I decided to personal details may have been hacked. I attached the file – Harvey.dot that I received, that you could find out what info has become obtainable for scammers. Document password is – xxxx

I look forward to hearing from you,


We are aware of an issue with Meteorology user accounts being locked out. We are working on a solution to this problem. If you are affected by this please contact IT and we will unlock your account. You can keep track of the issue by following on the status page.

Contact the IT Service Desk, either via the Self Service Portal (https://uor.topdesk.net/) or phone 0118 378 (6262).


We have had reports of a new phishing email that attempts to disguise itself as an email from payroll.

It looks like this:

Do not open any links or attachments in this email as it could potentially harm your computer and put your personal information at risk.

To reduce the likelihood of being caught out:

  • Remain vigilant when looking at an email.  Do you recognise the sender? Should you be receiving an email around this subject? If no, then you should not open any attachments or links in this email.
  • If you receive one of these emails then you should delete it. If you have any concerns then you should contact IT on ex 6262 or at it@reading.ac.uk

If you receive an email you are unsure about then please do not hesitate to contact our Service Desk.


A project is currently being defined which aims to improve the UoR software delivery process and prepare for the end of life of Windows 7 by making Windows 10 (with Office 2016) our standard desktop platform.

A key objective will be to upgrade labs, library and teaching spaces to Windows 10 during the summer of 2017.

Mainstream Microsoft support for Windows 7 ended 2 years ago and ends for Windows 8.1 within a year. Extended support for Windows 7 ends at the beginning of 2020 but it will be increasingly difficult to install Windows 7 on new computers as manufacturers will not develop software drivers for new hardware.

Our software delivery process needs to be improved in response to previous issues deploying teaching software to the range of labs where it is needed and also from student requests to make curriculum applications more available generally both on and off-campus, especially on student-owned PCs.

Another objective is for Apps Anywhere to become the default delivery system for curriculum applications with effect from academic year 2017-18. With this system, applications will no longer need to be installed but can be streamed and run on any PC with the ‘Cloudpaging Player’ installed. Already, students can select from 30+ apps and use them in any lab, PC in the library or on their own PCs (when on campus).

We will be contacting school representatives to discuss requirements for this. If you have any specific requirements, please contact your IT Business Partner.


The University telephone exchange was installed 20 years ago,  we have now been given notice that manufacturer support is ceasing and  we need to plan for its replacement.

With the huge changes in communications technology that have been taking place we need to consider what the right solution is for the University to support us in the way we work, communicate and collaborate over the next 5-10 years.

To help inform the project team decision making we have designed a simple 5-minute requirements gathering form to enable you to express your views.  Please help us by completing this at http://it.rdg.ac/TelUCSurvey.



« Older entries § Newer entries »