Search This Blog

Wednesday, July 16, 2014

Find number of Lync Plus licenses needed in powershell

(Get-CsUser -OnLyncServer -Filter {lineURI -ne $Null}).count

(Get-CsUser -OnLyncServer -Filter {EnterpriseVoiceEnabled -eq $true}).count

(Get-CsUser -OnLyncServer -Filter {lineURI -ne $Null -and RegistrarPool -eq "fe.contoso.com"}).count

Do not forget about this method:

http://technet.microsoft.com/en-us/library/jj204853.aspx


There also a beta powershell that counts using monitoring db

http://www.msxfaq.de/lync/betrieb/lynccalkontrolle.htm





Tuesday, July 15, 2014

Enable RDP for Windows 2012 server via powershell

get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections"



set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0


Friday, July 4, 2014

Windows and Lync TLS ciphers

In order to understand which ciphers Lync accepts (as example when we create Sonus SBC TLS profile) we will use a tool called SSLScan
https://code.google.com/p/sslscan-win/

we will run

sslscan --tls1 lyncfe13:5067

Testing SSL server lyncfe13 on port 5067

  Supported Server Cipher(s):
    Rejected  TLSv1  256 bits  ADH-AES256-SHA
    Rejected  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Rejected  TLSv1  256 bits  DHE-DSS-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Rejected  TLSv1  128 bits  ADH-AES128-SHA
    Rejected  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Rejected  TLSv1  128 bits  DHE-DSS-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Rejected  TLSv1  168 bits  ADH-DES-CBC3-SHA
    Rejected  TLSv1   56 bits  ADH-DES-CBC-SHA
    Rejected  TLSv1   40 bits  EXP-ADH-DES-CBC-SHA
    Rejected  TLSv1  128 bits  ADH-RC4-MD5
    Rejected  TLSv1   40 bits  EXP-ADH-RC4-MD5
    Rejected  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Rejected  TLSv1   56 bits  EDH-RSA-DES-CBC-SHA
    Rejected  TLSv1   40 bits  EXP-EDH-RSA-DES-CBC-SHA
    Rejected  TLSv1  168 bits  EDH-DSS-DES-CBC3-SHA
    Rejected  TLSv1   56 bits  EDH-DSS-DES-CBC-SHA
    Rejected  TLSv1   40 bits  EXP-EDH-DSS-DES-CBC-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Rejected  TLSv1   56 bits  DES-CBC-SHA
    Rejected  TLSv1   40 bits  EXP-DES-CBC-SHA
    Rejected  TLSv1  128 bits  IDEA-CBC-SHA
    Rejected  TLSv1   40 bits  EXP-RC2-CBC-MD5
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5
    Rejected  TLSv1   40 bits  EXP-RC4-MD5
    Rejected  TLSv1    0 bits  NULL-SHA
    Rejected  TLSv1    0 bits  NULL-MD5

  Prefered Server Cipher(s):
    TLSv1  128 bits  AES128-SHA


Sonus normally suggests to use
AES128-SHA and DES-CBC3-SHA

You can also use nmap for the same purpose, see details at https://www.owasp.org/index.php/Testing_for_Weak_SSL/TSL_Ciphers,_Insufficient_Transport_Layer_Protection_(OWASP-EN-002)

Update: if you want to check wether sslv2 is disabled or not, run

sslscan --no-failed sip.domain.com