utility and method still works in 2012R2
https://blogs.technet.microsoft.com/kevinholman/2010/01/05/understanding-and-modifying-data-warehouse-retention-and-grooming/
Search This Blog
Tuesday, December 20, 2016
Friday, December 16, 2016
IIS security
If you have an account like contoso\sharepoint-farm in your IIS be aware that you can run locally appcmd command and obtain the password in clear text. Message: never use powerfull accounts in IIS. There are some people that use Domain Admin accounts there.
Thursday, November 24, 2016
Wednesday, November 16, 2016
Ncat: Could not resolve hostname "ûs": No such host is known. . QUITTING.
If you have this message running ncat, probably you copy-pasted a command line from internet and some symbols are Unicode, retype command by hand. check symbol "-"
Tuesday, November 15, 2016
Generic failure querying the localized name for channel: DFS Replication
if you have issues refreshing Server Manager and a follwing error appears
Log Name: Microsoft-Windows-ServerManager-MgmtProvider/Operational
Source: Microsoft-Windows-ServerManager-ManagementProvider
Date: 11/15/2016 3:00:24 PM
Event ID: 46
Task Category: Get server inventory task
Level: Warning
Keywords:
User:
Computer:
Description:
Generic failure querying the localized name for channel: DFS Replication [hResult = Function failed during execution., hLastResult = The system cannot find the file specified.].
The solution is to run powershell
Remove-EventLog -LogName "DFS Replication"
Thursday, November 10, 2016
Windows Updates setting change log
When you change Windows updates to install automatically the follwing is logged in WindowsUpdate.log
2016-11-10 10:49:50:216 864 18a4 AU ########### AU: Setting new AU options ###########
2016-11-10 10:49:50:216 864 18a4 AU Setting AU Approval Type to 4
2016-11-10 10:49:50:216 864 18a4 AU Setting Install Schedule Day to 0
2016-11-10 10:49:50:216 864 18a4 AU Setting Install Schedule Time to 3
2016-11-10 10:49:50:216 864 18a4 AU Successfully wrote event for AU health state:0
2016-11-10 10:49:50:216 864 18a4 AU # Policy changed, AU refresh required = No
2016-11-10 10:49:50:216 864 18a4 AU # Approval type: Scheduled (User preference)
2016-11-10 10:49:50:216 864 18a4 AU # Scheduled install day/time: Every day at 3:00
2016-11-10 10:49:50:216 864 18a4 AU # Auto-install minor updates: Yes (User preference)
2016-11-10 10:49:50:216 864 18a4 AU # Will display featured software notifications (User preference)
2016-11-10 10:49:50:216 864 18a4 AU AU settings changed through User Preference.
2016-11-10 10:49:50:216 864 18a4 AU Setting AU scheduled install time to 2016-11-11 02:00:00
2016-11-10 10:49:50:216 864 18a4 AU Successfully wrote event for AU health state:0
2016-11-10 10:49:50:216 864 18a4 AU Successfully wrote event for AU health state:0
2016-11-10 10:49:50:325 864 18a4 AU Getting featured update notifications. fIncludeDismissed = true
2016-11-10 10:49:50:325 864 18a4 AU No featured updates available.
if you change it to Check for Updates and let me choose when to install:
2016-11-10 10:50:11:245 864 18a4 AU ########### AU: Setting new AU options ###########
2016-11-10 10:50:11:245 864 18a4 AU Setting AU Approval Type to 2
2016-11-10 10:50:11:245 864 18a4 AU Successfully wrote event for AU health state:0
2016-11-10 10:50:11:245 864 18a4 AU # Policy changed, AU refresh required = No
2016-11-10 10:50:11:245 864 18a4 AU # Approval type: Pre-download notify (User preference)
2016-11-10 10:50:11:245 864 18a4 AU # Will display featured software notifications (User preference)
2016-11-10 10:50:11:245 864 18a4 AU AU settings changed through User Preference.
2016-11-10 10:50:11:245 864 18a4 AU Successfully wrote event for AU health state:0
2016-11-10 10:50:11:245 864 18a4 AU Successfully wrote event for AU health state:0
2016-11-10 10:50:11:354 864 18a4 AU Getting featured update notifications. fIncludeDismissed = true
2016-11-10 10:50:11:354 864 18a4 AU No featured updates available.
Monday, November 7, 2016
Lync Phone Edition LPE test device is not updating
How to add custom CSS to SP2010 site?
FYI, to avoid an issue with Ribbon loosing the focus aftert adding Webpart to a standard list view page - AllItems.aspx as example, use the following method instead of adding CEWP CSS code.
http://fitandfinish.ironworks.com/2010/01/the-best-way-to-add-custom-css-to-sharepoint.html
As example I wanted to avoid file name wrapping (if it contains spaces) and I added stype definition in CEWP
,
but then user will have to select list webpart in order to see tabs Documents and Library. So we would add it into header instead.
http://fitandfinish.ironworks.com/2010/01/the-best-way-to-add-custom-css-to-sharepoint.html
As example I wanted to avoid file name wrapping (if it contains spaces) and I added stype definition in CEWP
,
but then user will have to select list webpart in order to see tabs Documents and Library. So we would add it into header instead.
Thursday, November 3, 2016
Monday, October 31, 2016
P2V Windows Hyper-v Guest - BSOD after Integrated Services updated
If you have BSOD 0x000000CA - check if your Physical server has HyperV service installed. Deinstall it either before p2v or before integration tool install.
Tuesday, October 25, 2016
SFB MPP
https://gallery.technet.microsoft.com/lync/Sample-Skype-for-Business-42fa3b0d
Windows 2016 HyperV role requires SLAT feature (only I3, I5, I7 etc...)
search Google for SLAT (Intel call it EPT).
If you have old CPU, use W2012R2 HyperV instead.
If you have old CPU, use W2012R2 HyperV instead.
SCOM console crash after October 2016 updates
https://blogs.technet.microsoft.com/germanageability/2016/10/17/october-2016-windows-patch-kb3192392-might-cause-scom-2012r2-console-to-crash/
Unistall both October patches for W2012R2 and W2008R2 to make it work.
Unistall both October patches for W2012R2 and W2008R2 to make it work.
Thursday, October 13, 2016
SHA-1
Effective February 14, 2017, Windows will no longer trust certificates signed with SHA-1 after 2/14/2017.
https://aka.ms/sha1
Tuesday, October 11, 2016
Skype for Business Edge and Windows Fabric
Running get-cswindowsservice on Edge gives:
Status Name ActivityLevel
------ ---- -------------
Running REPLICA
Running RTCCLSAGT
Stopped FabricHostSvc
Running RTCSRV Incoming Requests per Second=0,Messages in Server=0...
Running RTCDATAPROXY Server Connections Currently Active=24
Running RTCMRAUTH Current Requests=0
Running RTCMEDIARELAY Active Sessions=0
Running RTCXMPPTGWPX
Status Name ActivityLevel
------ ---- -------------
Running REPLICA
Running RTCCLSAGT
Stopped FabricHostSvc
Running RTCSRV Incoming Requests per Second=0,Messages in Server=0...
Running RTCDATAPROXY Server Connections Currently Active=24
Running RTCMRAUTH Current Requests=0
Running RTCMEDIARELAY Active Sessions=0
Running RTCXMPPTGWPX
I hope we should not be worried about FabricHostSvc being stopped, at least there is nothing visibly wrong with Edge functions. Here is a reference: https://greiginsydney.com/flip-your-lync-2013-edge-to-sfb/
Saturday, October 8, 2016
Powershell for skype
Your Skype Powershell Cheat Sheet: Useful Powershell commands you can run in Skype for Business 2015...
http://flip.it/tN57oA
Wireshark a must for Skype? Absolutely!
Automatically Installing and Configuring WireShark for Skype for Business - Ehlo World!
http://www.ehloworld.com/3156
Tuesday, October 4, 2016
SharePoint does not search custom column
There was a small issue with SharePoint 2010 that in advanced search could not find documents with specific string in custom column. We have a custom column Prof
../_layouts/OSSSearchResults.aspx?k=(scope:"Documents") Prof=QA
In the list we can see that this field has that value and we can even filter on it.
So somthing is wrong with search?
Indeed if we search as ../_layouts/OSSSearchResults.aspx?k=(scope:"Documents") owsProf=QA
it finds ok the item. S the problem is ac tually in managed property. It is either does not exisit or not mapped correctly to crawled property. To fix that goto Central Admin, SEarch service administration - Metadata Property Mappings and add missing property - Prof - then map to crawled property ows_Prof(text)
../_layouts/OSSSearchResults.aspx?k=(scope:"Documents") Prof=QA
In the list we can see that this field has that value and we can even filter on it.
So somthing is wrong with search?
Indeed if we search as ../_layouts/OSSSearchResults.aspx?k=(scope:"Documents") owsProf=QA
it finds ok the item. S the problem is ac tually in managed property. It is either does not exisit or not mapped correctly to crawled property. To fix that goto Central Admin, SEarch service administration - Metadata Property Mappings and add missing property - Prof - then map to crawled property ows_Prof(text)
SharePoint get and set columns with powershell
Monday, October 3, 2016
Microsoft ATA 1.7 upgrade fails
https://social.technet.microsoft.com/Forums/en-US/c0af68af-15c4-497c-8366-0628fe9105be/17-upgrade-fails-error-code-0x80070643?forum=mata
Solution (System.Security.Cryptography.CryptographicException: Bad Length)
1. From the C:\Program Files\Microsoft Advanced Threat Analytics\Center\MongoDB\bin directory execute:
Mongo ATA
2. Paste the above “Mongo Script” that relevant to the error, for example:
Solution (System.Security.Cryptography.CryptographicException: Bad Length)
1. From the C:\Program Files\Microsoft Advanced Threat Analytics\Center\MongoDB\bin directory execute:
Mongo ATA
2. Paste the above “Mongo Script” that relevant to the error, for example:
CenterThumbprint=
db.SystemProfile.find({_t:"CenterSystemProfile"}).toArray()[0]
.Configuration.SecretManagerConfiguration.CertificateThumbprint; db.SystemProfile.update({_t:"CenterSystemProfile"},
{$set:{"Configuration.ManagementClientConfiguration.ServerCertificateThumbprint":
CenterThumbprint}})
rerun upgrade
Thursday, September 22, 2016
Thursday, September 15, 2016
Avaya and Exchange UM integration - something you need to know about Exchange
https://johanveldhuis.nl/exchange-um-accepteerd-geen-oproepen-meer-na-de-upgrade-naar-sp1/
https://social.technet.microsoft.com/Forums/exchange/en-US/a156daf9-7793-43b6-bbb6-3bd282d5cf7a/um-2013-does-not-answer-calls?forum=exchangesvrunifiedmessaging
Exchange
Server runs two unified messaging services, umservice.exe (on Exchange 2010 and
Exchange Server 2013 Mailbox Servers) or Microsoft.Exchange.UM.CallRouter.exe
(on Exchange Server 2013 Client Access Servers) that listens on TCP 5060 and
UMWorkerProcess.exe (both versions of Exchange Server) that listens on TCP 5065
or TCP 5067. The correct process for connecting to Exchange Server unified
messaging is to connect to TCP port 5060 and get back a SIP Redirect to either
port TCP 5065 or TCP 5067. The reason for the redirect is that Exchange Server
starts listening on 5065 and after a week starts a second process listening on
5067 and once the process on 5065 has finished all its call handling it will
stop the process listening on 5065. This way Exchange Server manages the
process, memory management, etc. without needing to restart the process if it
goes bad – it just starts a process on the other port from the current process and
directs all new calls at the new process.
Thursday, September 8, 2016
Wednesday, August 24, 2016
Skype for Business AutoAnswer call
http://shanselman.github.io/LyncAutoAnswer/
works ok with my SfB 64bit client
works ok with my SfB 64bit client
Friday, August 5, 2016
Two words about Lync Reverse Proxy requirements
Reverse proxy can provide
SSL pass-through - RP just passes HTTPS traffic without really changing it
SSL offload - HTTPS traffic is terminated at RP and then passed to internal host in HTTP.
SSL bridging - HTTPS is terminated at RP, proxy have a chance to read unecrypted traffic, then it would opn new HTTPS stream to internal server.
First and third methods are supported by Lync, but not SSL offload.
The prefered and less painful method is SSL Bridging. You should use a public certificate on RP and a private one in Lync.
SSL pass-through - RP just passes HTTPS traffic without really changing it
SSL offload - HTTPS traffic is terminated at RP and then passed to internal host in HTTP.
SSL bridging - HTTPS is terminated at RP, proxy have a chance to read unecrypted traffic, then it would opn new HTTPS stream to internal server.
First and third methods are supported by Lync, but not SSL offload.
The prefered and less painful method is SSL Bridging. You should use a public certificate on RP and a private one in Lync.
Tuesday, August 2, 2016
Upgrade Microsoft ATA 1.5 to 1.6
https://docs.microsoft.com/en-us/advanced-threat-analytics/understand-explore/ata-update-1.6-migration-guide
1. Check if you have at least 10GB free space
2. Stop ATA and expand disk to get 10 GB free
3. Take checkpoint
4. Run ATA_1.6_Update
5. Accept and it will update .NET to 4.6.1 and ask to reboot, go for it.
6. After reboot update will continue.
7. At the end update will propose to launch ATA https://url/configuration
8. Download gateway package, copy ZIP to all gateways
9. Run setup and it will update .NET first
10. As in case of main server after restart setup will continue and will update gateway.
1. Check if you have at least 10GB free space
2. Stop ATA and expand disk to get 10 GB free
3. Take checkpoint
4. Run ATA_1.6_Update
5. Accept and it will update .NET to 4.6.1 and ask to reboot, go for it.
6. After reboot update will continue.
7. At the end update will propose to launch ATA https://url/configuration
8. Download gateway package, copy ZIP to all gateways
9. Run setup and it will update .NET first
10. As in case of main server after restart setup will continue and will update gateway.
Recertification to MCSE Communication 70-384 - plan
https://www.microsoft.com/en-us/learning/exam-70-384.aspx
Good news - no Exchange integration, No Skype for Business, no Lync online, no migration at least in the plan.
Bad news - two exams combined - core and voice. Too much of a persistent chat, heavy DRP/HA,
Good news - no Exchange integration, No Skype for Business, no Lync online, no migration at least in the plan.
Bad news - two exams combined - core and voice. Too much of a persistent chat, heavy DRP/HA,
SharePoint 2010 The search service stopped the filter daemon because it was consuming too many resources
Problem:
Log Name: Application
Source: Microsoft-SharePoint Products-SharePoint Server Search
Date: 02.08.2016 10:56:52
Event ID: 30
Task Category: Gatherer
Level: Warning
Keywords:
User: x
Computer: x
Description:
The search service stopped the filter daemon because it was consuming too many resources. A new daemon will automatically be started, and no user action is required.
Potential solution:
http://blogs.developpeur.org/fabrice69/archive/2012/12/28/sharepoint-d-tails-de-la-configuration-du-moteur-de-recherche-pour-les-documents-pdf.aspx
https://gallery.technet.microsoft.com/office/Improve-SharePoint-Search-9b964682
Thursday, July 28, 2016
Wednesday, July 27, 2016
CRM NAV connector - do we need a CRM license for the connector?
The answer is yes, but only to create the account, then the license can be removed. Check out this to get more details:
https://technet.microsoft.com/en-us/library/jj191623.aspx
https://technet.microsoft.com/en-us/library/jj191623.aspx
- Create a user account in the Office 365 admin center.
Be sure to assign a CRM Online license to the account. - Go to CRM Online.
- Go to Settings > Security.
- Choose Users > Enabled Users, and then click or tap a user’s full name.
- In the user form, scroll down to the Client Access License (CAL) Information section and select Non-interactive for Access Mode.
You then need to remove the CRM Online license from the account. - Go to the Office 365 admin center.
- Click Users > Active Users.
- Choose the non-interactive user account and in the right-side menu under Product licenses, click Edit.
- Turn off the CRM Online license and click Save.
- Go back to CRM Online and confirm that the non-interactive user account Access Mode is still set for Non-interactive.
Monday, July 25, 2016
SQLIO replacement - storage speed tests
https://gallery.technet.microsoft.com/DiskSpd-a-robust-storage-6cd2f223
Saturday, July 23, 2016
SharePoint 2013 install issues
https://www.devfacto.com/insights/resolved-error-1603-installing-sharepoint
as well as copy ServerManager.exe to ServerManagerCMD.exe
Am I using the lastest binaries? Never had these issues before.
as well as copy ServerManager.exe to ServerManagerCMD.exe
Am I using the lastest binaries? Never had these issues before.
Thursday, July 21, 2016
Direct access watchdog
We have an instability when we use Direct Access NLB and ESX E1000 adapters. It stops working randomly. As a temporary workaround we created a script that can monitor and reset failed adapters.
in long run we want to change to VMXNET3 adapters that are more stable.
@echo off
echo This is a DA watchdog, pls do not close. it will stop every day when hour is 00
eventcreate /ID 998 /L APPLICATION /T INFORMATION /SO DA /D "Direct Access network adapter watchdog is started"
:LOOPPING
set HH=%TIME: =0%
set HH=%HH:~0,2%
set MI=%TIME:~3,2%
echo %HH%
if "%HH%" == "00" goto Quit_here
ping -S vip-public -n 1 public-gw >nul
if errorlevel 1 goto NoServer_public
ping -S vip_private -n 1 private_gw >nul
if errorlevel 1 goto NoServer_private
timeout /t 60 >nul
goto LOOPPING
:NoServer_public
echo Check again
eventcreate /ID 997 /L APPLICATION /T WARNING /SO DA /D "Direct Access DMZ public gateway stopped responding, we will check again to be sure"
timeout /t 10 >nul
ping -S vip-public -n 1 public-gw >nul
if errorlevel 1 goto RESET_PUB
goto LOOPPING
:RESET_PUB
echo we have a problem - refer to eventlog event 999
eventcreate /ID 999 /L APPLICATION /T ERROR /SO DA /D "Direct Access DMZ public gateway stopped responding, we will reset adapter"
powershell -Command "& restart-netadapter 'Public DMZ'"
timeout /t 60 >nul
goto LOOPPING
:NoServer_private
echo Check again
eventcreate /ID 997 /L APPLICATION /T WARNING /SO DA /D "Direct Access DMZ private gateway stopped responding, we will check again to be sure"
timeout /t 10 >nul
ping -S vip_private -n 1 private_gw >nul
if errorlevel 1 goto RESET_PRIV
goto LOOPING
:RESET_PRIV
echo we have a problem - refer to eventlog event 999
eventcreate /ID 999 /L APPLICATION /T ERROR /SO DA /D "Direct Access DMZ private gateway stopped responding, we will reset adapter"
powershell -Command "& restart-netadapter 'Private DMZ'"
timeout /t 60 >nul
goto LOOPPING
:Quit_here
echo we finish script every day at 00:
in long run we want to change to VMXNET3 adapters that are more stable.
@echo off
echo This is a DA watchdog, pls do not close. it will stop every day when hour is 00
eventcreate /ID 998 /L APPLICATION /T INFORMATION /SO DA /D "Direct Access network adapter watchdog is started"
:LOOPPING
set HH=%TIME: =0%
set HH=%HH:~0,2%
set MI=%TIME:~3,2%
echo %HH%
if "%HH%" == "00" goto Quit_here
ping -S vip-public -n 1 public-gw >nul
if errorlevel 1 goto NoServer_public
ping -S vip_private -n 1 private_gw >nul
if errorlevel 1 goto NoServer_private
timeout /t 60 >nul
goto LOOPPING
:NoServer_public
echo Check again
eventcreate /ID 997 /L APPLICATION /T WARNING /SO DA /D "Direct Access DMZ public gateway stopped responding, we will check again to be sure"
timeout /t 10 >nul
ping -S vip-public -n 1 public-gw >nul
if errorlevel 1 goto RESET_PUB
goto LOOPPING
:RESET_PUB
echo we have a problem - refer to eventlog event 999
eventcreate /ID 999 /L APPLICATION /T ERROR /SO DA /D "Direct Access DMZ public gateway stopped responding, we will reset adapter"
powershell -Command "& restart-netadapter 'Public DMZ'"
timeout /t 60 >nul
goto LOOPPING
:NoServer_private
echo Check again
eventcreate /ID 997 /L APPLICATION /T WARNING /SO DA /D "Direct Access DMZ private gateway stopped responding, we will check again to be sure"
timeout /t 10 >nul
ping -S vip_private -n 1 private_gw >nul
if errorlevel 1 goto RESET_PRIV
goto LOOPING
:RESET_PRIV
echo we have a problem - refer to eventlog event 999
eventcreate /ID 999 /L APPLICATION /T ERROR /SO DA /D "Direct Access DMZ private gateway stopped responding, we will reset adapter"
powershell -Command "& restart-netadapter 'Private DMZ'"
timeout /t 60 >nul
goto LOOPPING
:Quit_here
echo we finish script every day at 00:
Tuesday, July 19, 2016
Adding people to SharePoint scope Everything
http://stevemannspath.blogspot.ch/2013/03/sharepoint-2013-adding-people-to.html
also we can change default scope to Everything
http://sharepoint.stackexchange.com/questions/121802/how-to-set-everything-as-default-for-search-scope
also we can change default scope to Everything
http://sharepoint.stackexchange.com/questions/121802/how-to-set-everything-as-default-for-search-scope
Friday, July 15, 2016
We’re having a problem opening this location in File Explorer. Add this web site to your Trusted Sites list and try again
If you see this message when you try to uload file to SharePoint or open library in Windows Explorer, check if you are using Windows 2012 R2 server. If it is the case, then most probably your server does not have Desktop Experience feature installed. It make sense as it is not required on the server. Anyway you can add it using Service Manager, you will need to reboot this server after that.
Friday, July 8, 2016
Skype for Business SCOM watchernode is not doing all tests
For syntetic tests in watcher we want to see all tests, but in one co nfiguration we see only 2-3 first test in Eventlog and that's it. All manual tests are passing ok.
To debug we will run MainSTExecuter.ps1 (that's main script for watcher - it gets regenerated by SCOM agent and can be found in temp folders of monitoring agent on watcher). When we run the script (run as admin) we can see that it takes a lot of time to run each test due to error in autodiscovers HTTP. This port is closed, in favour of HTTPS. But for tests it is a big problem as timeouits gets accumulated and not enough time to run whole script inside 15 minutes.
We will disable this check
Set-CsWatcherNodeConfiguration -Identity "poo.fqdn" -UseAutoDiscovery $false
and now all tests are passing ok with no delays.
To debug we will run MainSTExecuter.ps1 (that's main script for watcher - it gets regenerated by SCOM agent and can be found in temp folders of monitoring agent on watcher). When we run the script (run as admin) we can see that it takes a lot of time to run each test due to error in autodiscovers HTTP. This port is closed, in favour of HTTPS. But for tests it is a big problem as timeouits gets accumulated and not enough time to run whole script inside 15 minutes.
We will disable this check
Set-CsWatcherNodeConfiguration -Identity "poo.fqdn" -UseAutoDiscovery $false
and now all tests are passing ok with no delays.
Thursday, June 30, 2016
Direct access NLB does not work
I had a problem with HA DA, it was working on one server but not on the other one in NLB.
I checked few things until I discovered that "route print" on the client does not have a route to fd40:.... network - DNS64 subnet for internal network.
Then I discovered that in fact the same route was missing on the second server.
added a route in netsh interface ipv6 add route IPv6 subnet and made it publish=yes.
I checked few things until I discovered that "route print" on the client does not have a route to fd40:.... network - DNS64 subnet for internal network.
Then I discovered that in fact the same route was missing on the second server.
added a route in netsh interface ipv6 add route IPv6 subnet and made it publish=yes.
Friday, June 24, 2016
SCVMM 2012 R2 - Unsupported VM configuration Error (13932)
If SCVMM claiming that status of VM is unsupported, check if you have DVD mapped from a UNC file share. Remove that DVD mapping - set to none and refresh
Error (13932)
The file \\zzzz\sources\xxx.ISO is in a share which is not registered to the cluster yyy.
Recommended Action
Register the share to the cluster, and then try the operation again.
Error (13932)
The file \\zzzz\sources\xxx.ISO is in a share which is not registered to the cluster yyy.
Recommended Action
Register the share to the cluster, and then try the operation again.
Thursday, June 23, 2016
Users getting message Lync 2013 limited external calling
Check if you have opened firewall to let users to connect to internal edge interface
SCOM 2012 R2 agent state from Health Service Watcher grey
If you have icons of agents State from Health Service Watcher greyed out in the view Monitoring-Operations Manager - Agent Details - Agent Health state you probably need to reset cache of Health service on the server - read this article first:
https://blogs.technet.microsoft.com/kevinholman/2009/10/01/fixing-troubled-agents/
then stop
System Center Data Access Service
System Center Management Configuration
Microsoft Monitoring agent
in out environnement also Veeam services
then delete everythig in C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\Health Service State
restart services - check that folder gets re-populated. Wait a bit and then check SCOM console again if icons became colourful.
https://blogs.technet.microsoft.com/kevinholman/2009/10/01/fixing-troubled-agents/
then stop
System Center Data Access Service
System Center Management Configuration
Microsoft Monitoring agent
in out environnement also Veeam services
then delete everythig in C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\Health Service State
restart services - check that folder gets re-populated. Wait a bit and then check SCOM console again if icons became colourful.
Sunday, June 12, 2016
Thursday, June 9, 2016
ServiceNow and Skype for Business integration
ServiceNow can shows the S4B presence (in full mode). But S4B must be allowed to respond to ServiceNow requests. We need to
allow a specific domain. In S4B powershell run:
$x =
New-CsWebOrigin -Url https://serviceportal.xxx.yyy
Set-CsWebServiceConfiguration
-CrossDomainAuthorizationList @{Add=$x}
if not you
may see an error
X-Ms-diagnostics: 28070;source="xxx";reason="Service
does not allow a cross domain request from this origin."
Wednesday, June 1, 2016
Enable ping ICMP for Windows 2012 R2 command line
Windows 2012 R2 by default does not allow ICMP.
Run in CMD admin
netsh advfirewall firewall add rule name="allow ping" dir=in action=allow enable=yes profile=any protocol=icmpv4 interfacetype=any
Run in CMD admin
netsh advfirewall firewall add rule name="allow ping" dir=in action=allow enable=yes profile=any protocol=icmpv4 interfacetype=any
Tuesday, May 31, 2016
Direct Access KDS issue
On the Direct Access server I could not start KDS proxy server.
Errors:
Log Name: System
Source: Service Control Manager
Date: 31.05.2016 20:23:53
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
The KDC Proxy Server service (KPS) service terminated with the following error:
Access is denied.
Log Name: Microsoft-Windows-Kerberos-KdcProxy/Operational
Source: Microsoft-Windows-Kerberos-KdcProxy
Date: 31.05.2016 20:23:53
Event ID: 5
Task Category: (1)
Level: Critical
Keywords:
User: NETWORK SERVICE
Computer:
Description:
Service failed to register UrlPrefix https://+:443/KdcProxy: error code 0x5. Contact your administrator to make sure https://+:443/KdcProxy is properly reserved.
Solution to run:
netsh http add urlacl url=https://+:443/KdcProxy user="NT AUTHORITY\NETWORKSERVICE"
Errors:
Log Name: System
Source: Service Control Manager
Date: 31.05.2016 20:23:53
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
The KDC Proxy Server service (KPS) service terminated with the following error:
Access is denied.
Log Name: Microsoft-Windows-Kerberos-KdcProxy/Operational
Source: Microsoft-Windows-Kerberos-KdcProxy
Date: 31.05.2016 20:23:53
Event ID: 5
Task Category: (1)
Level: Critical
Keywords:
User: NETWORK SERVICE
Computer:
Description:
Service failed to register UrlPrefix https://+:443/KdcProxy: error code 0x5. Contact your administrator to make sure https://+:443/KdcProxy is properly reserved.
Solution to run:
netsh http add urlacl url=https://+:443/KdcProxy user="NT AUTHORITY\NETWORKSERVICE"
Monday, May 30, 2016
How to estimate number of channels for PRI or SIP
Rule of thumb is 10:1 or 10% for moderate use.
https://www.dialogic.com/~/media/products/docs/whitepapers/11767-trunk-req-dmg-uc-wp.pdf
https://www.dialogic.com/~/media/products/docs/whitepapers/11767-trunk-req-dmg-uc-wp.pdf
Friday, May 13, 2016
Skype for Business Skill search does not work
If you have activated Skill search in Skype for Business or Lync 2013 and you get instead an error ""An error occured during search.Please try again, and contact your support team if the problem continues" .
Using IIS log on Sharepoint you may see that there is en error 500
2016-05-13 15:05:24 192.168.254.12 POST /_vti_bin/search.asmx - 443 - 192.168.254.182 OC/15.0.4809.1000+(Skype+for+Business) 500 0 0 78
From the client side you may see this issue in Fiddler.
Try to check if Anonymous Authentication is activated for _vti_bin folder. Open IIS, sites - SharePoint -80 or whatever you have there, find _vti_bin and disable Anonymous Authentication.
SfB will use Windows Authentification to get there. Checkout for side effects if some applications or hackers prefer to use anonymous authentification - that will not work anymore.
Another thing here is that if you have enabled Kerberor authentification might work ok without any change.
Not that _vti_bin is deprecated method - plan to stop using it in the future.
https://technet.microsoft.com/en-us/library/ff607742.aspx
Most probably this will be changed in SfB client rather soon.
Using IIS log on Sharepoint you may see that there is en error 500
2016-05-13 15:05:24 192.168.254.12 POST /_vti_bin/search.asmx - 443 - 192.168.254.182 OC/15.0.4809.1000+(Skype+for+Business) 500 0 0 78
From the client side you may see this issue in Fiddler.
Try to check if Anonymous Authentication is activated for _vti_bin folder. Open IIS, sites - SharePoint -80 or whatever you have there, find _vti_bin and disable Anonymous Authentication.
SfB will use Windows Authentification to get there. Checkout for side effects if some applications or hackers prefer to use anonymous authentification - that will not work anymore.
Another thing here is that if you have enabled Kerberor authentification might work ok without any change.
Not that _vti_bin is deprecated method - plan to stop using it in the future.
https://technet.microsoft.com/en-us/library/ff607742.aspx
Most probably this will be changed in SfB client rather soon.
Tuesday, May 10, 2016
Most popular SharePoint migration tools
Tuesday, May 3, 2016
Sonus SBA - obtain a list of extra software installed
Diagnostics-Debug facility-Choose: SBA Service, Run: getserverlist
Thursday, April 28, 2016
Monday, April 25, 2016
FIM valueviolatesuniqueness error
http://social.technet.microsoft.com/wiki/contents/articles/17242.fim-troubleshooting-failed-creation-via-web-services-invalidrepresentationexception-valueviolatesuniqueness.aspx
Thursday, April 14, 2016
SCVMM host refresh does not work
Error (20552)
VMM does not have appropriate permissions to access the resource C:\Windows\system32\qmgr.dll on the xxx server.
Recommended Action
Ensure that Virtual Machine Manager has the appropriate rights to perform this action.
Also, verify that CredSSP authentication is currently enabled on the service configuration of the target computer xxx. To enable the CredSSP on the service configuration of the target computer, run the following command from an elevated command line: winrm set winrm/config/service/auth @{CredSSP="true"}
Warning (13926)
Host cluster xxx was not fully refreshed because not all of the nodes could be contacted. Highly available storage and virtual switch information reported for this cluster might be inaccurate.
Recommended Action
Ensure that all the nodes are online and do not have Not Responding status in Virtual Machine Manager. Then refresh the host cluster again.
Solution:
https://support.microsoft.com/en-us/kb/971825
Verify that runas srvscvmm account is local admin on the server and member of group Virtual Machine Manager Servers
VMM does not have appropriate permissions to access the resource C:\Windows\system32\qmgr.dll on the xxx server.
Recommended Action
Ensure that Virtual Machine Manager has the appropriate rights to perform this action.
Also, verify that CredSSP authentication is currently enabled on the service configuration of the target computer xxx. To enable the CredSSP on the service configuration of the target computer, run the following command from an elevated command line: winrm set winrm/config/service/auth @{CredSSP="true"}
Warning (13926)
Host cluster xxx was not fully refreshed because not all of the nodes could be contacted. Highly available storage and virtual switch information reported for this cluster might be inaccurate.
Recommended Action
Ensure that all the nodes are online and do not have Not Responding status in Virtual Machine Manager. Then refresh the host cluster again.
Solution:
https://support.microsoft.com/en-us/kb/971825
Verify that runas srvscvmm account is local admin on the server and member of group Virtual Machine Manager Servers
Thursday, March 31, 2016
CRM IDF and accessing from Marketing add-on clouds
If you can not connect from extenal providers to your CRM IDF, try this
https://support.microsoft.com/en-us/kb/2912175
https://support.microsoft.com/en-us/kb/2912175
Tuesday, March 29, 2016
Windows CA CSP to KSP migration
https://ammarhasayen.com/2015/02/04/sha-2-support-migrate-your-ca-from-csp-to-ksp/
Note the difference betwen W2008 ans W2012
Note the difference betwen W2008 ans W2012
Saturday, March 19, 2016
SFB SCOM watchernode
http://skype4b.uk/2016/03/15/skype-for-businesswatchernode-gotchas/
Do not disable TLS 1.0 if you use WinCE devices
https://ucvnext.org/2016/03/lync-phone-edition-tls-limitations/
Friday, March 18, 2016
Kill remote RDP session
List sessions and get IDs
qwinsta /server:computer01
Kill session with ID 3
rwinsta /server:computer01 3
Polycom CX700 Exchange error
Some notifications of CX700 screen:
"Connection to Exchange is unavailable due to invalid network credentials."
in the Exchange log we see:
incorrect sequence:
correct sequence
"Connection to Exchange is unavailable due to invalid network credentials."
in the Exchange log we see:
incorrect sequence:
2016-03-14 06:34:43
10.0.3.74 GET /autodiscover/autodiscover.xml - 443 - 10.0.3.14 OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition)
401 0 0 0
2016-03-14 06:34:43
10.0.3.74 POST /autodiscover/autodiscover.svc - 443 - 10.0.3.14
OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) 401 0 0 0
2016-03-14 06:34:44
10.0.3.74 POST /autodiscover/autodiscover.svc - 443 - 10.0.3.14
OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) 401 1 2148074254 0
2016-03-14 06:34:46
10.0.3.74 POST /autodiscover/autodiscover.svc - 443 - 10.0.3.14
OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) 401 1 2148074254 0
2016-03-14 08:31:20
10.0.3.74 GET /autodiscover/autodiscover.xml - 443 - 10.0.3.14 OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition)
401 0 0 46
2016-03-14 08:31:20
10.0.3.74 POST /autodiscover/autodiscover.svc - 443 - 10.0.3.14
OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) 401 1 2148074254 0
2016-03-14 08:31:20
10.0.3.74 POST /autodiscover/autodiscover.svc - 443 AD\user 10.0.3.14
OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) 200 0 0 62
Seems to be password expire issue. As workaround we will reset user password or set password never expires.
here is a reference for other errors:
http://lyncuc.blogspot.ch/2013/01/lync-and-exchange-web-services-ews-and.html
here is a reference for other errors:
http://lyncuc.blogspot.ch/2013/01/lync-and-exchange-web-services-ews-and.html
Wednesday, March 16, 2016
SharePoint 2010 does not search in PDF
Suddenly SP2010 stopped searching inside PDF, the installation was done properly before, all registry key are there. The solution is to download most recent iFilter from Adobe and run Repair.
Friday, March 11, 2016
Friday, February 26, 2016
Tuesday, February 23, 2016
Skype for business FrontEnd and NetApps fileshare - error 32008
Log Name: Lync Server
Source: LS Storage Service
Date: 23/02/2016 10:33:34
Event ID: 32008
Task Category: (4006)
Level: Error
Keywords: Classic
User: N/A
Computer: xxx
Description:
Unexpected exception.
Message=Error: Path \\yyy.domain.com\SFBSHARE\1-WebServices-12\StorageService failed to be read for flushed data. Error details: System.IO.IOException: Invalid Signature.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileSystemEnumerableIterator`1.CommonInit()
at System.IO.FileSystemEnumerableIterator`1..ctor(String path, String originalUserPath, String searchPattern, SearchOption searchOption, SearchResultHandler`1 resultHandler, Boolean checkHost)
at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
at Microsoft.Rtc.Internal.Storage.Sql.LyssDal.CheckFilePathForFlushedFiles(StoreContext ctx, String parentFilePath, Boolean checkArchived, Boolean& errorOccurred, Int32& numDataFilesToReport)
Exception: Invalid Signature.
Stack Trace: at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileSystemEnumerableIterator`1.CommonInit()
at System.IO.FileSystemEnumerableIterator`1..ctor(String path, String originalUserPath, String searchPattern, SearchOption searchOption, SearchResultHandler`1 resultHandler, Boolean checkHost)
at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
at Microsoft.Rtc.Internal.Storage.Sql.LyssDal.CheckFilePathForFlushedFiles(StoreContext ctx, String parentFilePath, Boolean checkArchived, Boolean& errorOccurred, Int32& numDataFilesToReport)
Cause: Unexpected exception.
Resolution:
If problem persists, notify your organization's support team with the event detail.
Strangely enough this error appears only on one frontend out of three. As if other frontends are configured differently.
The only idea for the moment is to reboot server.
There are some resources in internet pointing to SMB issue with secure negotiations:
http://www.thomasmaurer.ch/2013/03/windows-8-or-windows-server-2012-cannot-access-netapp-smbcifs-share/
https://support.microsoft.com/en-us/kb/2686098
From this frontend we can do netbios dir
dir \\yyy\SfBShare but FQDN
dir \\yyy.domain.com\SfBShare gives
"Invalid Signature."
net use gives
"System error 2148073478 has occurred."
Indeed reboot solved the issue.
Source: LS Storage Service
Date: 23/02/2016 10:33:34
Event ID: 32008
Task Category: (4006)
Level: Error
Keywords: Classic
User: N/A
Computer: xxx
Description:
Unexpected exception.
Message=Error: Path \\yyy.domain.com\SFBSHARE\1-WebServices-12\StorageService failed to be read for flushed data. Error details: System.IO.IOException: Invalid Signature.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileSystemEnumerableIterator`1.CommonInit()
at System.IO.FileSystemEnumerableIterator`1..ctor(String path, String originalUserPath, String searchPattern, SearchOption searchOption, SearchResultHandler`1 resultHandler, Boolean checkHost)
at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
at Microsoft.Rtc.Internal.Storage.Sql.LyssDal.CheckFilePathForFlushedFiles(StoreContext ctx, String parentFilePath, Boolean checkArchived, Boolean& errorOccurred, Int32& numDataFilesToReport)
Exception: Invalid Signature.
Stack Trace: at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileSystemEnumerableIterator`1.CommonInit()
at System.IO.FileSystemEnumerableIterator`1..ctor(String path, String originalUserPath, String searchPattern, SearchOption searchOption, SearchResultHandler`1 resultHandler, Boolean checkHost)
at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
at Microsoft.Rtc.Internal.Storage.Sql.LyssDal.CheckFilePathForFlushedFiles(StoreContext ctx, String parentFilePath, Boolean checkArchived, Boolean& errorOccurred, Int32& numDataFilesToReport)
Cause: Unexpected exception.
Resolution:
If problem persists, notify your organization's support team with the event detail.
Strangely enough this error appears only on one frontend out of three. As if other frontends are configured differently.
The only idea for the moment is to reboot server.
There are some resources in internet pointing to SMB issue with secure negotiations:
http://www.thomasmaurer.ch/2013/03/windows-8-or-windows-server-2012-cannot-access-netapp-smbcifs-share/
https://support.microsoft.com/en-us/kb/2686098
From this frontend we can do netbios dir
dir \\yyy\SfBShare but FQDN
dir \\yyy.domain.com\SfBShare gives
"Invalid Signature."
net use gives
"System error 2148073478 has occurred."
Indeed reboot solved the issue.
Friday, February 19, 2016
Tuesday, February 16, 2016
Skype for Business Error 56407 Failed to execute a stored procedure on the back-end.
The error like this
Log Name: Lync Server
Source: LS Data Collection
Event ID: 56407
Task Category: (2271)
Level: Error
Description:
Failed to execute a
stored procedure on the back-end.
Component: QoE Adaptor
Stored Procedure: QoeInsertSessionReport2
Error:
System.Data.SqlClient.SqlException (0x80131904): Trying to pass a table-valued
parameter with 109 column(s) where the corresponding user-defined table type
requires 101 column(s).
Is usually means you have not upodated the monitoring database after a cumulative update.
It can be fixed by running powershell like this:
Install-CsDatabase
-DatabaseType Monitoring -SqlServerFqdn sql.domain.local -SqlInstanceName
SFB2015
Wednesday, February 10, 2016
O365 voicemail fails for Lync SBA users
Getting O365 Voicemail call errors for Lync SBA hosted users:
Test-CsExUMConnectivity -UserSipAddress xxx -TargetFqdn yyy -UserCredential $credentials -Verbose
Target Fqdn : yyy
Result : Failure
Latency : 00:00:01.6121528
Error Message : 480, Temporarily Unavailable
Diagnosis : ErrorCode=15030,Source=yyy,Reason=Fail
ed to route to Exchange Server,appname=ExumRouting,dialplan=Hos
ted__exap.um.outlook.com__zzz.onmicrosoft.com,pstnrero
utingenabled=false
Microsoft.Rtc.Signaling.DiagnosticHeader
Test-CsExUMConnectivity -UserSipAddress xxx -TargetFqdn yyy -UserCredential $credentials -Verbose
Target Fqdn : yyy
Result : Failure
Latency : 00:00:01.6121528
Error Message : 480, Temporarily Unavailable
Diagnosis : ErrorCode=15030,Source=yyy,Reason=Fail
ed to route to Exchange Server,appname=ExumRouting,dialplan=Hos
ted__exap.um.outlook.com__zzz.onmicrosoft.com,pstnrero
utingenabled=false
Microsoft.Rtc.Signaling.DiagnosticHeader
At the same time onPremise UM voicemail is ok, as well if we move user to another pool it works.
The issue is related to egde who did not recognise newly deployed SBA:
event ID 14402:
Multiple incoming connections on internal edge from non-internal servers.
In the past 305 minutes the server received 30 incoming connections on internal edge from non-internal servers. The last one was from host xxx.
Cause: This can happen if an internal server is not present in the list of internal servers on the Access Edge Server.
Resolution:
If the server is a valid one, you need to add it to the list of internal servers on the Access Edge Server. If the server is invalid, you may be under an attack from that server.
Solution: reboot edge who will re-read server internal list from topology.
Tuesday, February 9, 2016
January 2016 CU for SharePoint 2013 sp1 - The installation of this package failed
Make sure you got all files from the download http://www.microsoft.com/en-us/download/details.aspx?id=50685 - not only exe, but also two cab files ubersrv_2 and ubersrv_1. Also refer to https://blogs.msdn.microsoft.com/kaevans/2013/06/11/sharepoint-2013-kb2726992-the-installation-of-this-package-failed/
Monday, February 8, 2016
Friday, February 5, 2016
Thursday, February 4, 2016
Sonus SBA issue Oauth certificate is missing
Log Name: Lync Server
Source: LS Replica Replicator Agent Service
Date: 2/4/2016 5:29:26 AM
Event ID: 3041
Task Category: (3003)
Level: Error
Keywords: Classic
User: N/A
Computer: sba.domain.com
Description:
The replication of certificates from the central management store to the local machine failed due to a problem with encryption key management. Microsoft Lync Server 2013, Replica Replicator Agent will continuously attempt to retry the replication. While this condition persists, the certificates on the local machine will not be updated.
Exception: Microsoft.Incubation.Crypto.GroupKeys.KeyException: Not able to read from the key object. ---> System.Runtime.InteropServices.COMException: The specified directory service attribute or value does not exist.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Microsoft.Incubation.Crypto.GroupKeys.ADRepository.ReadKey(Guid keyId)
--- End of inner exception stack trace ---
at Microsoft.Incubation.Crypto.GroupKeys.ADRepository.ReadKey(Guid keyId)
at Microsoft.Incubation.Crypto.GroupKeys.DKMBase.ReadKey(Guid guid)
at Microsoft.Incubation.Crypto.GroupKeys.DKMBase.Unprotect(MemoryStream cipherText, Boolean pinnedOutput)
at Microsoft.Rtc.Management.Internal.KeyManagement.GroupKeyWrapper.DecodeToArray(String cipherText)
at Microsoft.Rtc.Management.Deployment.Core.Certificate.ReplicateCMSCertificates(IScopeAnchor scope)
at Microsoft.Rtc.Internal.Tools.Bootstrapper.Bootstrapper.ReplicateCMSCertificates().
Cause: The encryption key database has been corrupted or local machine cannot access it.
Resolution:
Ensure that forest configuration is up to date. Run Enable-CSAdForest and/or Enable-CSComputer Power Shell commands to validate forest and local machine configuration.
The solution in my case was to set rights to SBA compouter account - RTCComponentUniversalServices, RTCHSUniversalServices, RTCSBAUniversalServices.
It is needed to access AD contaner fof Lync certificates - domain.local/Program Data/Microsoft/Distributed KeyMan/LyncCertificates. - Open with ADSI edit and check it's security.
Once it is done, wait until AD replicates everywhere. Then in SBA run enable-cscomputer and reboot.
Source: LS Replica Replicator Agent Service
Date: 2/4/2016 5:29:26 AM
Event ID: 3041
Task Category: (3003)
Level: Error
Keywords: Classic
User: N/A
Computer: sba.domain.com
Description:
The replication of certificates from the central management store to the local machine failed due to a problem with encryption key management. Microsoft Lync Server 2013, Replica Replicator Agent will continuously attempt to retry the replication. While this condition persists, the certificates on the local machine will not be updated.
Exception: Microsoft.Incubation.Crypto.GroupKeys.KeyException: Not able to read from the key object. ---> System.Runtime.InteropServices.COMException: The specified directory service attribute or value does not exist.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Microsoft.Incubation.Crypto.GroupKeys.ADRepository.ReadKey(Guid keyId)
--- End of inner exception stack trace ---
at Microsoft.Incubation.Crypto.GroupKeys.ADRepository.ReadKey(Guid keyId)
at Microsoft.Incubation.Crypto.GroupKeys.DKMBase.ReadKey(Guid guid)
at Microsoft.Incubation.Crypto.GroupKeys.DKMBase.Unprotect(MemoryStream cipherText, Boolean pinnedOutput)
at Microsoft.Rtc.Management.Internal.KeyManagement.GroupKeyWrapper.DecodeToArray(String cipherText)
at Microsoft.Rtc.Management.Deployment.Core.Certificate.ReplicateCMSCertificates(IScopeAnchor scope)
at Microsoft.Rtc.Internal.Tools.Bootstrapper.Bootstrapper.ReplicateCMSCertificates().
Cause: The encryption key database has been corrupted or local machine cannot access it.
Resolution:
Ensure that forest configuration is up to date. Run Enable-CSAdForest and/or Enable-CSComputer Power Shell commands to validate forest and local machine configuration.
The solution in my case was to set rights to SBA compouter account - RTCComponentUniversalServices, RTCHSUniversalServices, RTCSBAUniversalServices.
It is needed to access AD contaner fof Lync certificates - domain.local/Program Data/Microsoft/Distributed KeyMan/LyncCertificates. - Open with ADSI edit and check it's security.
Once it is done, wait until AD replicates everywhere. Then in SBA run enable-cscomputer and reboot.
Wednesday, February 3, 2016
Sonus SBA Lync 2013 FrontEnd service does not start
Some issue while deploying SBA on Sonus
Log Name: Lync Server
Source: LS
AppDomain Host Process
Date:
2/3/2016 7:36:24 PM
Event ID: 50006
Task Category: (1029)
Level: Error
Keywords: Classic
User:
N/A
Computer: SBA.domain.com
Description:
An exception caused the process to stop.
Exception Details. System.ApplicationException: Failed to
start Fabric Pool Manager.
at
Microsoft.Rtc.AppDomainHost.Launcher.Initialize(String[] args)
at Microsoft.Rtc.AppDomainHost.Launcher.Main(String[]
args)
Cause: Check the eventlog description.
Resolution:
Examine
prior event log entries to find and resolve the problem. If the problem
persists contact product support.to solve the issue, log to SBA in RDP, uninstall windowsfabric using Control Panel, do not reboot and install windowsfabric.msi - take it from Lync 2013 server source DVD.
Tuesday, February 2, 2016
Monday, February 1, 2016
Once more about Lync (Skype for Business) RGS forwarding to PSTN
You need to assign Dialplan and voicepolicy to RGS workflow to let forward to PSTN.
Grant-CSDialPlan –Identity sip:workflow@domain.com -PolicyName "USA_DIAL_PLAN"
Grant-CSVoicePolicy –Identity sip:workflow@domain.com -PolicyName "US-International"
Grant-CSDialPlan –Identity sip:workflow@domain.com -PolicyName "USA_DIAL_PLAN"
Grant-CSVoicePolicy –Identity sip:workflow@domain.com -PolicyName "US-International"
Thursday, January 28, 2016
Everything you needs to know on Powershell Lync RGS
http://www.skypeadmin.com/2014/08/01/draft-lync-interactive-response-group-creation-and-modification-via-powershell/
As you know RGS IVR GUI is limited only to 4 Options and 2 levels , if you want to overcome you need to use powershell. Well you can pre-create a skeleton in GUI and then add Option in PS. Something like this:
$workflow = Get-CsRgsWorkflow -Identity service:ApplicationServer:fepool.contoso.com/ea0c81cc-50df-4b8d-a488-8737f2200ed1
$MainMenu = Get-CsRgsQueue -Identity service:ApplicationServer:fepool.contoso.com -Name "Main Number Menu - forward"
$ActionA8 = New-CsRgsCallAction -Action TransferToQueue -QueueID $MainMenu.Identity
$Answer8 = New-CsRgsAnswer -Action $ActionA8 -DtmfResponse 8
$workflow.DefaultAction.Question.AnswerList.Add($Answer8)
Set-CsRgsWorkflow $workflow
As you know RGS IVR GUI is limited only to 4 Options and 2 levels , if you want to overcome you need to use powershell. Well you can pre-create a skeleton in GUI and then add Option in PS. Something like this:
$workflow = Get-CsRgsWorkflow -Identity service:ApplicationServer:fepool.contoso.com/ea0c81cc-50df-4b8d-a488-8737f2200ed1
$MainMenu = Get-CsRgsQueue -Identity service:ApplicationServer:fepool.contoso.com -Name "Main Number Menu - forward"
$ActionA8 = New-CsRgsCallAction -Action TransferToQueue -QueueID $MainMenu.Identity
$Answer8 = New-CsRgsAnswer -Action $ActionA8 -DtmfResponse 8
$workflow.DefaultAction.Question.AnswerList.Add($Answer8)
Set-CsRgsWorkflow $workflow
Thursday, January 14, 2016
Migrate Microsoft CA to SHA-2
http://social.technet.microsoft.com/wiki/contents/articles/31296.implementing-sha-2-in-active-directory-certificate-services.aspx
why you want to do this is explained here: https://blogs.windows.com/msedgedev/2015/11/04/sha-1-deprecation-update/
why you want to do this is explained here: https://blogs.windows.com/msedgedev/2015/11/04/sha-1-deprecation-update/
Tuesday, January 12, 2016
Thursday, January 7, 2016
Install and use IIS Advanced logging
In case you want to debug IIS based application you can uise Advanced logging:
Download and install http://www.microsoft.com/en-us/download/details.aspx?id=7211
Enable it in IIS Manager - it is disabled by default.
Download and install http://www.microsoft.com/en-us/download/details.aspx?id=7211
Enable it in IIS Manager - it is disabled by default.
Common error in ADFS configuration and MSCRM IFD
According to PowerObjects there is a common error in CRM internet-facing deployment:
So you need to go to ADFS console and change Federation Service Properties - Federation Service Identifier to
https://adfs.domain.com/adfs/services/trust
Then iisreset on ADFS, then on CRM server re.run Claims configuration. Do not change anything, just re.run wizard, then iisreset, re.run IDF wizard, iisreset once more and then test.
You should see a following event in the evenlog:
Log Name: Application
Source: MSCRMPlatform
Date: 07.01.2016 18:01:44
Event ID: 17209
Task Category: None
Level: Information
Keywords: Classic,Audit Success
User: N/A
Computer: server
Description:
The initialization of the CRM authentication pipline has succeeded for: GetServiceConfiguration - Initialization:
Host:
Request Url:
LogFederationProviders - Federation Provider: - Name: https://adfs.domain.com/adfs/services/trust
AddAudienceUri - Audience Uri: https://crm.domain.com/
AddAudienceUri - Audience Uri: https://auth.domain.com/
So you need to go to ADFS console and change Federation Service Properties - Federation Service Identifier to
https://adfs.domain.com/adfs/services/trust
Then iisreset on ADFS, then on CRM server re.run Claims configuration. Do not change anything, just re.run wizard, then iisreset, re.run IDF wizard, iisreset once more and then test.
You should see a following event in the evenlog:
Log Name: Application
Source: MSCRMPlatform
Date: 07.01.2016 18:01:44
Event ID: 17209
Task Category: None
Level: Information
Keywords: Classic,Audit Success
User: N/A
Computer: server
Description:
The initialization of the CRM authentication pipline has succeeded for: GetServiceConfiguration - Initialization:
Host:
Request Url:
LogFederationProviders - Federation Provider: - Name: https://adfs.domain.com/adfs/services/trust
AddAudienceUri - Audience Uri: https://crm.domain.com/
AddAudienceUri - Audience Uri: https://auth.domain.com/
Subscribe to:
Posts (Atom)