Search This Blog
Tuesday, September 19, 2017
Skype for Business debuging tools crashing
Latest debugging tools for SFB have a bug, dowload previous version:
Friday, September 15, 2017
ADFS trics for MFA
ADFS access control rules to disable MFA for Office 365 application if usrs are connecting from intranet, Lync clients and enforce MFA for member of AD group:
$rp = Get-AdfsRelyingPartyTrust –Name "Microsoft Office 365
Identity Platform"
$groupMfaClaimTriggerRule = 'NOT EXISTS([Type ==
"http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent",
Value =~ "(?i)skype"]) && NOT
EXISTS([Type=="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent",
Value =~ "(?i)ACOMO"]) && NOT
EXISTS([Type=="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent",
Value =~ "(?i)lync"]) => add(type =
"http://schemas.company.com/not_lync", value = "true" );
c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid",
Value == "S-1-5-21-796845957-688789844-854245398-6148"] && c2:[Type
=="http://schemas.company.com/not_lync", Value== "true"]
&& c3:[Type
=="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork",
Value== "false"]=> issue(Type =
"http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod",
Value = "http://schemas.microsoft.com/claims/multipleauthn");'
Set-AdfsRelyingPartyTrust –TargetRelyingParty $rp
–AdditionalAuthenticationRules $groupMfaClaimTriggerRule
We use this rule to let Lync on Premises users to use Exchange online
Thursday, September 14, 2017
Thursday, August 31, 2017
Powershell module for DNS of Windows 2008R2
Here is a module that you can use on legacy servers http://dnsshell.codeplex.com/, once instaled you can run as example get-dnsrecord
But if you have Windows 2012 R2 you do not need external module anymore, use build-in Get-DnsServerResourceRecord and enjoy.
But if you have Windows 2012 R2 you do not need external module anymore, use build-in Get-DnsServerResourceRecord and enjoy.
Tuesday, August 22, 2017
Monday, August 21, 2017
Thursday, August 17, 2017
PSTN gateway not recognised by Lync 2013 mediation
Getting an error with SIP trunk TLS after deployment of new SBC:
Log Name: Lync Server
Source: LS Mediation Server
Date: 8/16/2017 12:36:43 PM
Event ID: 25075
Task Category: (1030)
Level: Warning
Keywords: Classic
User: N/A
Computer: xx
Description:
Mediation Server encountered an invalid setting that has been ignored.
Setting: PSTNGatewayService Fqdn: xx;trunk=yy
Reason: [Config] A Gateway Peer's (xx) internal settings are not configured correctly: NextHopPort = 5067, TransportType = TLS, NextHopIpAddress = N/A
Cause: Settings configured incorrectly.
Resolution:
Reconfigure the specified setting.
Double checking certificates, DNS, topology did not reveal any discrepancy, all looks correct. Do I need restart server?
The solution was to re-publish same topology second time, this time Mediation refreshed it's internal tables correctly and let SIP trunk to get up.
Log Name: Lync Server
Source: LS Mediation Server
Date: 8/16/2017 12:36:43 PM
Event ID: 25075
Task Category: (1030)
Level: Warning
Keywords: Classic
User: N/A
Computer: xx
Description:
Mediation Server encountered an invalid setting that has been ignored.
Setting: PSTNGatewayService Fqdn: xx;trunk=yy
Reason: [Config] A Gateway Peer's (xx) internal settings are not configured correctly: NextHopPort = 5067, TransportType = TLS, NextHopIpAddress = N/A
Cause: Settings configured incorrectly.
Resolution:
Reconfigure the specified setting.
Double checking certificates, DNS, topology did not reveal any discrepancy, all looks correct. Do I need restart server?
The solution was to re-publish same topology second time, this time Mediation refreshed it's internal tables correctly and let SIP trunk to get up.
Subscribe to:
Posts (Atom)