oneliner to dump all synopsis of Lynv cmdlets to text file
gcm -mo *Lync* | % {get-help $_.name}| fl Name, Synopsis >c:\source\lync.txt
Search This Blog
Friday, December 27, 2013
Monday, December 23, 2013
Thursday, December 19, 2013
Interop SIP UDP with Lync
Lync does not support SIP on UDP (port 5060), it only supports TCP or TLS (again TLS over TCP).
If you have a PBX or something that can work only on UDP, you would need a gateway like SBC or else that does support UDP.
Microsoft defend it's UDP rejection here http://blogs.technet.com/b/nexthop/archive/2008/05/23/to-udp-or-not-to-udp-that-is-the-question.aspx
If you have a PBX or something that can work only on UDP, you would need a gateway like SBC or else that does support UDP.
Microsoft defend it's UDP rejection here http://blogs.technet.com/b/nexthop/archive/2008/05/23/to-udp-or-not-to-udp-that-is-the-question.aspx
Wednesday, December 18, 2013
Tuesday, December 17, 2013
Monday, December 16, 2013
Force to add Lync contact in Skype
if Skype users can not find Lync used by sip, it may be that federation is not yet established or have some other issue.
To force skype client to add a lync contact even if it's is not discoverable by seach, in IE type
skype:2:sip@address.of.contact.com?add
To force skype client to add a lync contact even if it's is not discoverable by seach, in IE type
skype:2:sip@address.of.contact.com?add
No connectivity with any of Web Conferencing Edge Servers. External Lync clients cannot use Web Conferencing modality.
if you see below error on Lync 2013 frontend, try to disable IP6 on the NIC interface, disable in registry refer to http://support.microsoft.com/kb/929852 and reboot FE server. If not used the same procedure on Edge.
On FE you can change IIS Web sites bindings to IPv4 IP address instead of all unassigned.
Ensure that there are no deep packet application inspection or antivirus scan on the Firewall in between these servers.
Verify if you have session timeout in your firewall. In case of Palo Alto firewall you needs to set timeout to 4800 seconds, because PA will consider WebConf MTLS as ssl and due to offloading of ssl traffic only every 16th packet will be counted for session time to live. Refer to https://live.paloaltonetworks.com/docs/DOC-3950.
WebConf will send keepalives every 300 seconds (5 minutes), 16x300 will be you a timeout setiing required for Palo Alto.
Log Name: Lync Server
Source: LS Data MCU
Date: 12/16/2013 5:20:16 PM
Event ID: 41026
Task Category: (1018)
Level: Error
Keywords: Classic
User: N/A
Computer: xxx
Description:
No connectivity with any of Web Conferencing Edge Servers. External Lync clients cannot use Web Conferencing modality.
Cause: Service may be unavailable or Network connectivity may have been compromised.
Resolution:
Verify all Web Conferencing Edge Services in the topology are running, and network connectivity is available.
Errors on the FrontEnd 41024 41025 41026 every 20-30 minutes
UPDATE: http://daniyar-tech.blogspot.ch/2014/01/lync-2013-webconf-instability-events.html
On FE you can change IIS Web sites bindings to IPv4 IP address instead of all unassigned.
Ensure that there are no deep packet application inspection or antivirus scan on the Firewall in between these servers.
Verify if you have session timeout in your firewall. In case of Palo Alto firewall you needs to set timeout to 4800 seconds, because PA will consider WebConf MTLS as ssl and due to offloading of ssl traffic only every 16th packet will be counted for session time to live. Refer to https://live.paloaltonetworks.com/docs/DOC-3950.
WebConf will send keepalives every 300 seconds (5 minutes), 16x300 will be you a timeout setiing required for Palo Alto.
Log Name: Lync Server
Source: LS Data MCU
Date: 12/16/2013 5:20:16 PM
Event ID: 41026
Task Category: (1018)
Level: Error
Keywords: Classic
User: N/A
Computer: xxx
Description:
No connectivity with any of Web Conferencing Edge Servers. External Lync clients cannot use Web Conferencing modality.
Cause: Service may be unavailable or Network connectivity may have been compromised.
Resolution:
Verify all Web Conferencing Edge Services in the topology are running, and network connectivity is available.
External lync user can not start audio with internal user
Recently I was troubleshooting a case where externally connected internal Lync user could not establish audio call with internal client. From client log we see
INVITE (message shows 5 candidates, we also see that hotspot firewall blocks UDP, so this client will have only limited choise of TCP to establish media flow. Number of IP4 candidates should be 6+ in ideal situation),
SIP Trying
SIP OK (we get SIP responce from another end and list of candidates from the other side), we can now exchange IM chats
SIP ACK and then suddenly SIP BYE. No audio call is esablished.
IN SIP BYE we observe an error:
ms-client-diagnostics: 23; reason="Call failed to establish due to a media connectivity failure when one endpoint is internal and the other is remote";CalleeMediaDebug="audio:ICEWarn=0x4000322,LocalSite=10.79.2.125:49172,LocalMR=xxx:50452,RemoteSite=10.72.3.29:52206,RemoteMR=yyy:50175,PortRange=49152:49191,LocalMRTCPPort=50452,RemoteMRTCPPort=50175,LocalLocation=1,RemoteLocation=2,FederationType=0,NetworkName=test,Interfaces=0x14,BaseInterface=0x4,BaseAddress=10.79.2.125:49158"
if we lookup ICEWarn=0x4000000 in the resource kit: http://www.microsoft.com/en-us/download/details.aspx?id=22644
we could see that problem is coming from egde firewall:
Then I have to check if 443 is open, but since I have no access to the Cisco ASA, I use telnet to test the port. The problem with windows telnet is that I can not change IP source address. On the edge if you run telnet www.google.com 443 you will use address of first IP address (Access). That was ok. But to test thirst IP (AV) i had to download ncat http://nmap.org/dist/nmap-6.40-win32.zip
and then run from edge cmd (http://manpages.ubuntu.com/manpages/natty/man1/ncat.1.html)
ncat -s IP_ADDR_AV_EDGE www.google.com 443
and it was immediately rejected meaning that this direction the port is closed.
When escalated incident was solved by ASA admin, audio calls started flowing.
For more detailed information on connection scenarios refer to http://www.shudnow.net/2010/12/06/lync-server-2010-port-ranges-and-audiomedia-negotiation/
UPDATE: it may happen that firewall is ok, but the VM was migrated to a ESX host that has different VLAN setup and this may prevent traffic also.
INVITE (message shows 5 candidates, we also see that hotspot firewall blocks UDP, so this client will have only limited choise of TCP to establish media flow. Number of IP4 candidates should be 6+ in ideal situation),
SIP Trying
SIP OK (we get SIP responce from another end and list of candidates from the other side), we can now exchange IM chats
SIP ACK and then suddenly SIP BYE. No audio call is esablished.
IN SIP BYE we observe an error:
ms-client-diagnostics: 23; reason="Call failed to establish due to a media connectivity failure when one endpoint is internal and the other is remote";CalleeMediaDebug="audio:ICEWarn=0x4000322,LocalSite=10.79.2.125:49172,LocalMR=xxx:50452,RemoteSite=10.72.3.29:52206,RemoteMR=yyy:50175,PortRange=49152:49191,LocalMRTCPPort=50452,RemoteMRTCPPort=50175,LocalLocation=1,RemoteLocation=2,FederationType=0,NetworkName=test,Interfaces=0x14,BaseInterface=0x4,BaseAddress=10.79.2.125:49158"
if we lookup ICEWarn=0x4000000 in the resource kit: http://www.microsoft.com/en-us/download/details.aspx?id=22644
we could see that problem is coming from egde firewall:
0x4000000
|
TCP-TCP connectivity checks failed over the
TURN Server.
|
This is indicating that TURN TCP-TCP connectivity
check was tried and it failed. The failure indicates that port 443 was not
opened on the firewall. If one of the TURN servers was 2007 A/V Edge Server. The
administrator needs to open ports from 50,000 through 59,999 TCP to all external
Audio/Video Edge services in the environment. This flag isn’t expected and
may result in an ICE protocol failure.
|
Then I have to check if 443 is open, but since I have no access to the Cisco ASA, I use telnet to test the port. The problem with windows telnet is that I can not change IP source address. On the edge if you run telnet www.google.com 443 you will use address of first IP address (Access). That was ok. But to test thirst IP (AV) i had to download ncat http://nmap.org/dist/nmap-6.40-win32.zip
and then run from edge cmd (http://manpages.ubuntu.com/manpages/natty/man1/ncat.1.html)
ncat -s IP_ADDR_AV_EDGE www.google.com 443
and it was immediately rejected meaning that this direction the port is closed.
When escalated incident was solved by ASA admin, audio calls started flowing.
For more detailed information on connection scenarios refer to http://www.shudnow.net/2010/12/06/lync-server-2010-port-ranges-and-audiomedia-negotiation/
UPDATE: it may happen that firewall is ok, but the VM was migrated to a ESX host that has different VLAN setup and this may prevent traffic also.
Tuesday, December 10, 2013
Wednesday, December 4, 2013
Bug in Microsoft Lync 2013 client?
Many users report the issue: http://social.technet.microsoft.com/Forums/lync/en-US/c5bf2775-d195-4f3a-944d-733d707ab698/multiple-ls-storage-service-32054-errors?forum=lyncdeploy
This is the error that appears in EventLog when using Lync 2013 mobile.
UPDATE: http://support.microsoft.com/kb/2912341
UPDATE2: KB is not available from MS.
This is the error that appears in EventLog when using Lync 2013 mobile.
Log
Name: Lync Server
Source: LS Storage Service
Date: 12/4/2013 10:18:02 AM
Event
ID: 32054
Task
Category: (4006)
Level: Error
Keywords: Classic
User: N/A
Computer: xxx
Description:
Storage
Service had an EWS Autodiscovery failure.
UnsupportedStoreException:
code=ErrorIncorrectExchangeServerVersion, reason=GetUserSettings failed, smtpAddress=xxx@xxxxx,
Autodiscover Uri=https://autodiscover.xxxx/autodiscover/autodiscover.svc,
Autodiscover WebProxy= --->
Microsoft.Exchange.WebServices.Data.ServiceRequestException: The request
failed. The remote server returned an error: (401) Unauthorized. --->
System.Net.WebException: The remote server returned an error: (401)
Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at
Microsoft.Exchange.WebServices.Data.EwsHttpWebRequest.Microsoft.Exchange.WebServices.Data.IEwsHttpWebRequest.GetResponse()
at
Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverRequest.InternalExecute()
--- End of inner exception stack trace ---
at
Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverRequest.InternalExecute()
at
Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.InternalGetUserSettings(List`1
smtpAddresses, List`1 settings, Nullable`1 requestedVersion, Uri&
autodiscoverUrl)
at
Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetSettings[TGetSettingsResponseCollection,TSettingName](List`1
identities, List`1 settings, Nullable`1 requestedVersion, GetSettingsMethod`2
getSettingsMethod, Func`1 getDomainMethod)
at
Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetUserSettings(List`1
smtpAddresses, List`1 settings)
at
Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.InternalGetSoapUserSettings(String
smtpAddress, List`1 requestedSettings)
at
Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetUserSettings(String
userSmtpAddress, UserSettingName[] userSettingNames)
at
Microsoft.Rtc.Internal.Storage.Exchange.ExchangeContext.SendGetUserSettingsRequest(StoreContext
ctx, String smtpAddress)
--- End of inner exception stack trace ---
at
Microsoft.Rtc.Internal.Storage.Exchange.ExchangeContext.SendGetUserSettingsRequest(StoreContext
ctx, String smtpAddress)
at
Microsoft.Rtc.Internal.Storage.Exchange.ExchangeContext.GetUserEwsSettings(StoreContext
ctx, String smtpAddress, CacheMode cacheMode)
Cause:
Autodiscovery Uri was not correctly configured or unreachable, that there is a
problem with the Proxy, or other errors.
Resolution:
Check event
details. Check autodiscovery Uri is
properly configured and reachable. Check that proxy setting is properly
configured and reachable. Validate Lync
to Exchange Autodiscovery configuration by following the trouble shooting
guide. If problem persists, notify your organization's support team with the
event details.
Lync edge media flow explained
http://blog.schertz.name/2012/10/lync-edge-stun-turn/
Note the link to TechNet session at the end of article.
Note the link to TechNet session at the end of article.
Subscribe to:
Posts (Atom)