Search This Blog

Friday, December 16, 2016

IIS security

If you have an account like contoso\sharepoint-farm  in your IIS be aware that you can run locally appcmd command and obtain the password in clear text.  Message: never use powerfull accounts in IIS. There are some people that use Domain Admin accounts there.


Wednesday, November 16, 2016

Ncat: Could not resolve hostname "ûs": No such host is known. . QUITTING.

If you have this message running ncat, probably you copy-pasted a command line from internet and some symbols are Unicode, retype command by hand. check symbol "-"

Tuesday, November 15, 2016

Generic failure querying the localized name for channel: DFS Replication

if you have issues refreshing Server Manager and a follwing error appears Log Name: Microsoft-Windows-ServerManager-MgmtProvider/Operational Source: Microsoft-Windows-ServerManager-ManagementProvider Date: 11/15/2016 3:00:24 PM Event ID: 46 Task Category: Get server inventory task Level: Warning Keywords: User: Computer: Description: Generic failure querying the localized name for channel: DFS Replication [hResult = Function failed during execution., hLastResult = The system cannot find the file specified.]. The solution is to run powershell Remove-EventLog -LogName "DFS Replication"

Thursday, November 10, 2016

Windows Updates setting change log

When you change Windows updates to install automatically the follwing is logged in WindowsUpdate.log 2016-11-10 10:49:50:216 864 18a4 AU ########### AU: Setting new AU options ########### 2016-11-10 10:49:50:216 864 18a4 AU Setting AU Approval Type to 4 2016-11-10 10:49:50:216 864 18a4 AU Setting Install Schedule Day to 0 2016-11-10 10:49:50:216 864 18a4 AU Setting Install Schedule Time to 3 2016-11-10 10:49:50:216 864 18a4 AU Successfully wrote event for AU health state:0 2016-11-10 10:49:50:216 864 18a4 AU # Policy changed, AU refresh required = No 2016-11-10 10:49:50:216 864 18a4 AU # Approval type: Scheduled (User preference) 2016-11-10 10:49:50:216 864 18a4 AU # Scheduled install day/time: Every day at 3:00 2016-11-10 10:49:50:216 864 18a4 AU # Auto-install minor updates: Yes (User preference) 2016-11-10 10:49:50:216 864 18a4 AU # Will display featured software notifications (User preference) 2016-11-10 10:49:50:216 864 18a4 AU AU settings changed through User Preference. 2016-11-10 10:49:50:216 864 18a4 AU Setting AU scheduled install time to 2016-11-11 02:00:00 2016-11-10 10:49:50:216 864 18a4 AU Successfully wrote event for AU health state:0 2016-11-10 10:49:50:216 864 18a4 AU Successfully wrote event for AU health state:0 2016-11-10 10:49:50:325 864 18a4 AU Getting featured update notifications. fIncludeDismissed = true 2016-11-10 10:49:50:325 864 18a4 AU No featured updates available. if you change it to Check for Updates and let me choose when to install: 2016-11-10 10:50:11:245 864 18a4 AU ########### AU: Setting new AU options ########### 2016-11-10 10:50:11:245 864 18a4 AU Setting AU Approval Type to 2 2016-11-10 10:50:11:245 864 18a4 AU Successfully wrote event for AU health state:0 2016-11-10 10:50:11:245 864 18a4 AU # Policy changed, AU refresh required = No 2016-11-10 10:50:11:245 864 18a4 AU # Approval type: Pre-download notify (User preference) 2016-11-10 10:50:11:245 864 18a4 AU # Will display featured software notifications (User preference) 2016-11-10 10:50:11:245 864 18a4 AU AU settings changed through User Preference. 2016-11-10 10:50:11:245 864 18a4 AU Successfully wrote event for AU health state:0 2016-11-10 10:50:11:245 864 18a4 AU Successfully wrote event for AU health state:0 2016-11-10 10:50:11:354 864 18a4 AU Getting featured update notifications. fIncludeDismissed = true 2016-11-10 10:50:11:354 864 18a4 AU No featured updates available.

Monday, November 7, 2016

Lync Phone Edition LPE test device is not updating

https://social.technet.microsoft.com/Forums/lync/en-US/4130ea54-d9b3-4ed0-95e5-9353a964b252/lync-test-device-not-updating?forum=ocsclients

How to add custom CSS to SP2010 site?

FYI, to avoid an issue with Ribbon loosing the focus aftert adding Webpart to a standard list view page - AllItems.aspx as example, use the following method instead of adding CEWP CSS code.

http://fitandfinish.ironworks.com/2010/01/the-best-way-to-add-custom-css-to-sharepoint.html 


As example I wanted to avoid file name wrapping (if it contains spaces) and I added stype definition in CEWP


,
but then user will have to select list webpart in order to see tabs Documents and Library. So we would add it into header instead.



Monday, October 31, 2016

P2V Windows Hyper-v Guest - BSOD after Integrated Services updated

If you have BSOD 0x000000CA - check if your Physical server has HyperV service installed.  Deinstall it either before p2v or before integration tool install.




Thursday, October 13, 2016

SHA-1




Effective February 14, 2017, Windows will no longer trust certificates signed with SHA-1 after 2/14/2017.


https://aka.ms/sha1

Tuesday, October 11, 2016

Skype for Business Edge and Windows Fabric

Running get-cswindowsservice on Edge gives:


Status   Name            ActivityLevel
------   ----            -------------
Running  REPLICA
Running  RTCCLSAGT
Stopped  FabricHostSvc
Running  RTCSRV          Incoming Requests per Second=0,Messages in Server=0...
Running  RTCDATAPROXY    Server Connections Currently Active=24
Running  RTCMRAUTH       Current Requests=0
Running  RTCMEDIARELAY   Active Sessions=0
Running  RTCXMPPTGWPX


I hope we should not be worried about FabricHostSvc being stopped, at least there is nothing visibly wrong with Edge functions. Here is a reference: https://greiginsydney.com/flip-your-lync-2013-edge-to-sfb/ 

Saturday, October 8, 2016

Powershell for skype

Your Skype Powershell Cheat Sheet: Useful Powershell commands you can run in Skype for Business 2015... http://flip.it/tN57oA

Wireshark a must for Skype? Absolutely!

Automatically Installing and Configuring WireShark for Skype for Business - Ehlo World! http://www.ehloworld.com/3156

Tuesday, October 4, 2016

SharePoint does not search custom column

There was a small issue with SharePoint 2010 that in advanced search could not find documents with specific string in custom column.  We have a custom column Prof

../_layouts/OSSSearchResults.aspx?k=(scope:"Documents")  Prof=QA

In the list we can see that this field has that value and we can even filter on it.

So somthing is wrong with search?

Indeed if we search as ../_layouts/OSSSearchResults.aspx?k=(scope:"Documents")  owsProf=QA

it finds ok the item. S the problem is ac tually in managed property. It is either does not exisit or not mapped correctly to crawled property. To fix that goto Central Admin, SEarch service administration - Metadata Property Mappings and add missing property - Prof - then map to crawled property  ows_Prof(text)




SharePoint get and set columns with powershell

http://social.technet.microsoft.com/wiki/contents/articles/20831.sharepoint-a-complete-guide-to-getting-and-setting-fields-using-powershell.aspx#Set_and_Get_a_Text_Field

Monday, October 3, 2016

Microsoft ATA 1.7 upgrade fails

https://social.technet.microsoft.com/Forums/en-US/c0af68af-15c4-497c-8366-0628fe9105be/17-upgrade-fails-error-code-0x80070643?forum=mata

Solution (System.Security.Cryptography.CryptographicException:   Bad Length)

1. From the C:\Program Files\Microsoft Advanced Threat Analytics\Center\MongoDB\bin directory execute:
Mongo ATA
2. Paste the above “Mongo Script” that relevant to the error, for example:

CenterThumbprint=
db.SystemProfile.find({_t:"CenterSystemProfile"}).toArray()[0]
.Configuration.SecretManagerConfiguration.CertificateThumbprint;
db.SystemProfile.update({_t:"CenterSystemProfile"},
{$set:{"Configuration.ManagementClientConfiguration.ServerCertificateThumbprint":
CenterThumbprint}})


rerun upgrade

Thursday, September 15, 2016

Avaya and Exchange UM integration - something you need to know about Exchange



https://johanveldhuis.nl/exchange-um-accepteerd-geen-oproepen-meer-na-de-upgrade-naar-sp1/

https://social.technet.microsoft.com/Forums/exchange/en-US/a156daf9-7793-43b6-bbb6-3bd282d5cf7a/um-2013-does-not-answer-calls?forum=exchangesvrunifiedmessaging

Exchange Server runs two unified messaging services, umservice.exe (on Exchange 2010 and Exchange Server 2013 Mailbox Servers) or Microsoft.Exchange.UM.CallRouter.exe (on Exchange Server 2013 Client Access Servers) that listens on TCP 5060 and UMWorkerProcess.exe (both versions of Exchange Server) that listens on TCP 5065 or TCP 5067. The correct process for connecting to Exchange Server unified messaging is to connect to TCP port 5060 and get back a SIP Redirect to either port TCP 5065 or TCP 5067. The reason for the redirect is that Exchange Server starts listening on 5065 and after a week starts a second process listening on 5067 and once the process on 5065 has finished all its call handling it will stop the process listening on 5065. This way Exchange Server manages the process, memory management, etc. without needing to restart the process if it goes bad – it just starts a process on the other port from the current process and directs all new calls at the new process.

  

Friday, August 5, 2016

Two words about Lync Reverse Proxy requirements

Reverse proxy can provide

SSL pass-through - RP just passes HTTPS traffic without really changing it

SSL offload - HTTPS traffic is terminated at RP and then passed to internal host in HTTP.

SSL bridging - HTTPS is terminated at RP, proxy have a chance to read unecrypted traffic, then it would opn new HTTPS stream to internal server.

First and third methods are supported by Lync, but not SSL offload.

The prefered and less painful method is  SSL Bridging. You should use a public certificate on RP and a private one in Lync.

Tuesday, August 2, 2016

Upgrade Microsoft ATA 1.5 to 1.6

https://docs.microsoft.com/en-us/advanced-threat-analytics/understand-explore/ata-update-1.6-migration-guide

1. Check if you have at least 10GB free space
2. Stop ATA and expand disk to get 10 GB free
3. Take checkpoint
4. Run ATA_1.6_Update
5. Accept and it will update .NET to 4.6.1 and ask to reboot, go for it.
6. After reboot update will continue.
7. At the end update will propose to launch ATA https://url/configuration
8. Download gateway package, copy ZIP to all gateways
9. Run setup and it will update .NET first
10. As in case of main server after restart setup will continue and will update gateway.










Recertification to MCSE Communication 70-384 - plan

https://www.microsoft.com/en-us/learning/exam-70-384.aspx

Good news - no Exchange integration, No Skype for Business, no Lync online, no migration at least in the plan.

Bad news - two exams combined -  core and voice. Too much of a persistent chat, heavy DRP/HA,

SharePoint 2010 The search service stopped the filter daemon because it was consuming too many resources


Problem:

Log Name:      Application
Source:        Microsoft-SharePoint Products-SharePoint Server Search
Date:          02.08.2016 10:56:52
Event ID:      30
Task Category: Gatherer
Level:         Warning
Keywords:    
User:          x
Computer:   x  
Description:
The search service stopped the filter daemon because it was consuming too many resources. A new daemon will automatically be started, and no user action is required.

Potential solution:

http://blogs.developpeur.org/fabrice69/archive/2012/12/28/sharepoint-d-tails-de-la-configuration-du-moteur-de-recherche-pour-les-documents-pdf.aspx


https://gallery.technet.microsoft.com/office/Improve-SharePoint-Search-9b964682

Wednesday, July 27, 2016

CRM NAV connector - do we need a CRM license for the connector?

The answer is yes, but only to create the account, then the license can be removed. Check out this to get more details:

https://technet.microsoft.com/en-us/library/jj191623.aspx

  1. Create a user account in the Office 365 admin center.
    Be sure to assign a CRM Online license to the account.
  2. Go to CRM Online.
  3. Go to Settings > Security.
  4. Choose Users > Enabled Users, and then click or tap a user’s full name.
  5. In the user form, scroll down to the Client Access License (CAL) Information section and select Non-interactive for Access Mode.
    You then need to remove the CRM Online license from the account.
  6. Go to the Office 365 admin center.
  7. Click Users > Active Users.
  8. Choose the non-interactive user account and in the right-side menu under Product licenses, click Edit.
  9. Turn off the CRM Online license and click Save.
  10. Go back to CRM Online and confirm that the non-interactive user account Access Mode is still set for Non-interactive.

Monday, July 25, 2016

Saturday, July 23, 2016

SharePoint 2013 install issues

https://www.devfacto.com/insights/resolved-error-1603-installing-sharepoint

as well as copy ServerManager.exe to ServerManagerCMD.exe

Am I using the lastest binaries?  Never had these issues before.

Thursday, July 21, 2016

Direct access watchdog

We have an instability when we use Direct Access NLB and ESX E1000 adapters. It stops working randomly.  As a temporary workaround we created a script that can monitor and reset failed adapters.
in long run we want to change to VMXNET3 adapters that are more stable.

@echo off
echo This is a DA watchdog, pls do not close. it will stop every day when hour is 00
eventcreate /ID 998 /L APPLICATION /T INFORMATION /SO DA /D "Direct Access network adapter watchdog is started"

:LOOPPING


set HH=%TIME: =0%
set HH=%HH:~0,2%
set MI=%TIME:~3,2%
echo %HH%

if "%HH%" == "00" goto Quit_here

ping -S vip-public -n 1 public-gw >nul
if errorlevel 1 goto NoServer_public

ping -S vip_private -n 1 private_gw >nul
if errorlevel 1 goto NoServer_private


timeout /t 60 >nul
goto LOOPPING

:NoServer_public
echo Check again

eventcreate /ID 997 /L APPLICATION /T WARNING  /SO DA /D "Direct Access DMZ public gateway stopped responding, we will check again to be sure"
timeout /t 10 >nul

ping -S vip-public -n 1 public-gw >nul
if errorlevel 1 goto RESET_PUB

goto LOOPPING
:RESET_PUB

echo we have a problem - refer to eventlog event 999
eventcreate /ID 999 /L APPLICATION /T ERROR  /SO DA /D "Direct Access DMZ public gateway stopped responding, we will reset adapter"
powershell -Command "& restart-netadapter 'Public DMZ'"
timeout /t 60 >nul
goto LOOPPING

:NoServer_private
echo Check again

eventcreate /ID 997 /L APPLICATION /T WARNING  /SO DA /D "Direct Access DMZ private gateway stopped responding, we will check again to be sure"
timeout /t 10 >nul

ping -S vip_private -n 1 private_gw >nul
if errorlevel 1 goto RESET_PRIV
goto LOOPING

:RESET_PRIV

echo we have a problem - refer to eventlog event 999
eventcreate /ID 999 /L APPLICATION /T ERROR  /SO DA /D "Direct Access DMZ private gateway stopped responding, we will reset adapter"
powershell -Command "& restart-netadapter 'Private DMZ'"
timeout /t 60 >nul
goto LOOPPING


:Quit_here
echo we finish script every day at 00:

Friday, July 15, 2016

We’re having a problem opening this location in File Explorer. Add this web site to your Trusted Sites list and try again

If you see this message when you try to uload file to SharePoint or open library in Windows Explorer, check if you are using Windows 2012 R2 server. If it is the case, then most probably your server does not have Desktop Experience feature installed. It make sense as it is not required on the server. Anyway you can add it using Service Manager, you will need to reboot this server after that.

Friday, July 8, 2016

Skype for Business SCOM watchernode is not doing all tests

For syntetic tests in watcher we want to see all tests, but in one co nfiguration we see only 2-3 first test in Eventlog and that's it.   All manual tests are passing ok.

To debug we will run MainSTExecuter.ps1  (that's main script for watcher - it gets regenerated by SCOM agent and can be found in temp folders of monitoring agent on watcher). When we run the script (run as admin) we can see that it takes a lot of time to run each test due to error in autodiscovers HTTP. This port is closed, in favour of HTTPS. But for tests it is a big problem as timeouits gets accumulated and not enough time to run whole script inside 15 minutes.

We will disable this check

Set-CsWatcherNodeConfiguration -Identity "poo.fqdn" -UseAutoDiscovery $false

and now all tests are passing ok with no delays.

Thursday, June 30, 2016

Direct access NLB does not work

I had a problem with HA DA, it was working on one server but not on the other one in NLB.

I checked few things until I discovered that "route print" on the client does not have a route to fd40:....   network - DNS64 subnet for internal network.


Then I discovered that in fact the same route was missing on the second server.

added a route in netsh interface ipv6 add route  IPv6 subnet and made it publish=yes.





Friday, June 24, 2016

SCVMM 2012 R2 - Unsupported VM configuration Error (13932)

If SCVMM claiming that status of VM is unsupported, check if you have DVD mapped from a UNC file share. Remove that DVD mapping  - set to none and refresh


Error (13932)
The file \\zzzz\sources\xxx.ISO is in a share which is not registered to the cluster yyy.


Recommended Action
Register the share to the cluster, and then try the operation again.


Thursday, June 23, 2016

Users getting message Lync 2013 limited external calling


Check if you have opened firewall to let users to connect to internal edge interface

SCOM 2012 R2 agent state from Health Service Watcher grey

If you have icons of agents State from Health Service Watcher greyed out in the view Monitoring-Operations Manager  - Agent Details - Agent Health state  you probably need to reset cache of Health service on the server - read this article first:


https://blogs.technet.microsoft.com/kevinholman/2009/10/01/fixing-troubled-agents/


then stop 
System Center Data Access Service
System Center Management Configuration
Microsoft Monitoring agent

in out environnement also Veeam services 

then delete everythig in C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\Health Service State

restart services - check that folder gets re-populated. Wait a bit and then check SCOM console again if icons became colourful. 

Thursday, June 9, 2016

ServiceNow and Skype for Business integration

ServiceNow can shows the S4B presence (in full mode). But S4B must be allowed to respond to ServiceNow requests. We need to allow a specific domain. In S4B powershell run:

 

$x = New-CsWebOrigin -Url https://serviceportal.xxx.yyy

Set-CsWebServiceConfiguration -CrossDomainAuthorizationList @{Add=$x}

 

if not you may see an error

 

X-Ms-diagnostics: 28070;source="xxx";reason="Service does not allow a cross domain request from this origin."

 

Wednesday, June 1, 2016

Enable ping ICMP for Windows 2012 R2 command line

Windows 2012 R2 by default does not allow ICMP.


Run in CMD admin

netsh advfirewall firewall add rule name="allow ping" dir=in action=allow enable=yes profile=any protocol=icmpv4 interfacetype=any


Tuesday, May 31, 2016

Direct Access KDS issue

On the Direct Access server I could not start KDS proxy server.

Errors:

Log Name:      System
Source:        Service Control Manager
Date:          31.05.2016 20:23:53
Event ID:      7023
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:    
Description:
The KDC Proxy Server service (KPS) service terminated with the following error:
Access is denied.



Log Name:      Microsoft-Windows-Kerberos-KdcProxy/Operational
Source:        Microsoft-Windows-Kerberos-KdcProxy
Date:          31.05.2016 20:23:53
Event ID:      5
Task Category: (1)
Level:         Critical
Keywords:    
User:          NETWORK SERVICE
Computer:    
Description:
Service failed to register UrlPrefix https://+:443/KdcProxy: error code 0x5. Contact your administrator to make sure https://+:443/KdcProxy is properly reserved.



Solution to run:

netsh http add urlacl url=https://+:443/KdcProxy user="NT AUTHORITY\NETWORKSERVICE"

Friday, May 13, 2016

Skype for Business Skill search does not work

If you have activated Skill search in Skype for Business or Lync 2013 and you get instead an error ""An error occured during search.Please try again, and contact your support team if the problem continues" .

Using IIS log on Sharepoint  you may see that there is en error 500

2016-05-13 15:05:24 192.168.254.12 POST /_vti_bin/search.asmx - 443 - 192.168.254.182 OC/15.0.4809.1000+(Skype+for+Business) 500 0 0 78

From the client side you may see this issue in Fiddler.

Try to check if Anonymous Authentication is activated for _vti_bin folder. Open IIS, sites - SharePoint -80  or whatever you have there, find _vti_bin and disable Anonymous Authentication.

SfB will use Windows Authentification to get there. Checkout for side effects if some applications or hackers prefer to use anonymous authentification - that will not work anymore.


Another thing here is that if you have enabled Kerberor authentification might work ok without any change.



Not that _vti_bin is deprecated method - plan to stop using it in the future.

https://technet.microsoft.com/en-us/library/ff607742.aspx

Most probably this will be changed in SfB client rather soon.

Monday, April 25, 2016

FIM valueviolatesuniqueness error

http://social.technet.microsoft.com/wiki/contents/articles/17242.fim-troubleshooting-failed-creation-via-web-services-invalidrepresentationexception-valueviolatesuniqueness.aspx

Thursday, April 14, 2016

SCVMM host refresh does not work

Error (20552)
VMM does not have appropriate permissions to access the resource C:\Windows\system32\qmgr.dll on the xxx server.


Recommended Action
Ensure that Virtual Machine Manager has the appropriate rights to perform this action.

Also, verify that CredSSP authentication is currently enabled on the service configuration of the target computer xxx. To enable the CredSSP on the service configuration of the target computer, run the following command from an elevated command line: winrm set winrm/config/service/auth @{CredSSP="true"}


Warning (13926)
Host cluster xxx was not fully refreshed because not all of the nodes could be contacted. Highly available storage and virtual switch information reported for this cluster might be inaccurate.

Recommended Action
Ensure that all the nodes are online and do not have Not Responding status in Virtual Machine Manager. Then refresh the host cluster again.



Solution:

https://support.microsoft.com/en-us/kb/971825


Verify that runas srvscvmm account  is local admin on the server and member of group Virtual Machine Manager Servers

Saturday, March 19, 2016

Friday, March 18, 2016

Kill remote RDP session

List sessions and get IDs
 qwinsta /server:computer01
Kill session with ID 3
rwinsta /server:computer01 3

Polycom CX700 Exchange error

Some notifications of CX700 screen:

"Connection to Exchange is unavailable  due to invalid network credentials."

 in the Exchange log we see:

incorrect sequence:

2016-03-14 06:34:43 10.0.3.74 GET /autodiscover/autodiscover.xml - 443 - 10.0.3.14 OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) 401 0 0 0
2016-03-14 06:34:43 10.0.3.74 POST /autodiscover/autodiscover.svc - 443 - 10.0.3.14 OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) 401 0 0 0
2016-03-14 06:34:44 10.0.3.74 POST /autodiscover/autodiscover.svc - 443 - 10.0.3.14 OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) 401 1 2148074254 0
2016-03-14 06:34:46 10.0.3.74 POST /autodiscover/autodiscover.svc - 443 - 10.0.3.14 OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) 401 1 2148074254 0


correct sequence

2016-03-14 08:31:20 10.0.3.74 GET /autodiscover/autodiscover.xml - 443 - 10.0.3.14 OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) 401 0 0 46
2016-03-14 08:31:20 10.0.3.74 POST /autodiscover/autodiscover.svc - 443 - 10.0.3.14 OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) 401 1 2148074254 0

2016-03-14 08:31:20 10.0.3.74 POST /autodiscover/autodiscover.svc - 443 AD\user 10.0.3.14 OCPhone/4.0.7577.4066+(Microsoft+Lync+2010+Phone+Edition) 200 0 0 62


Seems to be password expire issue. As workaround we will reset user password or set password never expires.

here is a reference for other errors:

http://lyncuc.blogspot.ch/2013/01/lync-and-exchange-web-services-ews-and.html 

Microsoft ATA

https://technet.microsoft.com/en-us/library/dn707706.aspx

Wednesday, March 16, 2016

WAN Optimisation and Office 365

Some people from Riverbed should enjoy to see this:

https://support.microsoft.com/en-us/kb/2690045

SharePoint 2010 does not search in PDF

Suddenly SP2010 stopped searching inside PDF, the installation was done properly before, all registry key are there. The solution is to download most recent iFilter from Adobe and run Repair.

Tuesday, February 23, 2016

Skype for business FrontEnd and NetApps fileshare - error 32008

Log Name:      Lync Server
Source:        LS Storage Service
Date:          23/02/2016 10:33:34
Event ID:      32008
Task Category: (4006)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xxx
Description:
Unexpected exception.

Message=Error: Path \\yyy.domain.com\SFBSHARE\1-WebServices-12\StorageService failed to be read for flushed data. Error details: System.IO.IOException: Invalid Signature.

   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileSystemEnumerableIterator`1.CommonInit()
   at System.IO.FileSystemEnumerableIterator`1..ctor(String path, String originalUserPath, String searchPattern, SearchOption searchOption, SearchResultHandler`1 resultHandler, Boolean checkHost)
   at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
   at Microsoft.Rtc.Internal.Storage.Sql.LyssDal.CheckFilePathForFlushedFiles(StoreContext ctx, String parentFilePath, Boolean checkArchived, Boolean& errorOccurred, Int32& numDataFilesToReport)

Exception: Invalid Signature.

Stack Trace:    at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileSystemEnumerableIterator`1.CommonInit()
   at System.IO.FileSystemEnumerableIterator`1..ctor(String path, String originalUserPath, String searchPattern, SearchOption searchOption, SearchResultHandler`1 resultHandler, Boolean checkHost)
   at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
   at Microsoft.Rtc.Internal.Storage.Sql.LyssDal.CheckFilePathForFlushedFiles(StoreContext ctx, String parentFilePath, Boolean checkArchived, Boolean& errorOccurred, Int32& numDataFilesToReport)
Cause: Unexpected exception.
Resolution:
If problem persists, notify your organization's support team with the event detail.


Strangely enough this error appears only on one frontend out of three.  As if other frontends are configured differently.

The only idea for the moment is to reboot server.

There are some resources in internet pointing to SMB issue with secure negotiations:
http://www.thomasmaurer.ch/2013/03/windows-8-or-windows-server-2012-cannot-access-netapp-smbcifs-share/
https://support.microsoft.com/en-us/kb/2686098

From this frontend we can do netbios dir
dir \\yyy\SfBShare  but FQDN
dir \\yyy.domain.com\SfBShare gives
"Invalid Signature."

net use gives

"System error 2148073478 has occurred."


Indeed reboot solved the issue.

Tuesday, February 16, 2016

Skype for Business Error 56407 Failed to execute a stored procedure on the back-end.

The error like this

Log Name:      Lync Server
Source:        LS Data Collection
Event ID:      56407
Task Category: (2271)
Level:         Error

Description:
Failed to execute a stored procedure on the back-end.

Component: QoE Adaptor
Stored Procedure: QoeInsertSessionReport2

Error: System.Data.SqlClient.SqlException (0x80131904): Trying to pass a table-valued parameter with 109 column(s) where the corresponding user-defined table type requires 101 column(s).

Is usually means you have not upodated the monitoring database after a cumulative update.

It can be fixed by running powershell like this:

Install-CsDatabase -DatabaseType Monitoring -SqlServerFqdn sql.domain.local -SqlInstanceName SFB2015

Wednesday, February 10, 2016

O365 voicemail fails for Lync SBA users

Getting O365 Voicemail call errors for Lync SBA hosted users:

Test-CsExUMConnectivity -UserSipAddress xxx  -TargetFqdn yyy -UserCredential $credentials -Verbose

Target Fqdn   : yyy
Result        : Failure
Latency       : 00:00:01.6121528
Error Message : 480, Temporarily Unavailable

Diagnosis     : ErrorCode=15030,Source=yyy,Reason=Fail
                ed to route to Exchange Server,appname=ExumRouting,dialplan=Hos
                ted__exap.um.outlook.com__zzz.onmicrosoft.com,pstnrero
                utingenabled=false
                Microsoft.Rtc.Signaling.DiagnosticHeader


At the same time onPremise UM voicemail is ok, as well if we move user to another pool it works.
The issue is related to egde who did not recognise newly deployed SBA:


 event ID 14402:
Multiple incoming connections on internal edge from non-internal servers.

In the past 305 minutes the server received 30 incoming connections on internal edge from non-internal servers. The last one was from host xxx.
Cause: This can happen if an internal server is not present in the list of internal servers on the Access Edge Server.
Resolution:
If the server is a valid one, you need to add it to the list of internal servers on the Access Edge Server. If the server is invalid, you may be under an attack from that server. 


Solution: reboot edge who will re-read server internal list from topology.

Thursday, February 4, 2016

Lync 2013 does not support vMotion or LiveMigration

https://www.microsoft.com/en-us/download/details.aspx?id=41936

Sonus SBA issue Oauth certificate is missing

Log Name:      Lync Server
Source:        LS Replica Replicator Agent Service
Date:          2/4/2016 5:29:26 AM
Event ID:      3041
Task Category: (3003)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      sba.domain.com
Description:
The replication of certificates from the central management store to the local machine failed due to a problem with encryption key management. Microsoft Lync Server 2013, Replica Replicator Agent will continuously attempt to retry the replication. While this condition persists, the certificates on the local machine will not be updated.
Exception: Microsoft.Incubation.Crypto.GroupKeys.KeyException: Not able to read from the key object. ---> System.Runtime.InteropServices.COMException: The specified directory service attribute or value does not exist.
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindOne()
   at Microsoft.Incubation.Crypto.GroupKeys.ADRepository.ReadKey(Guid keyId)
   --- End of inner exception stack trace ---
   at Microsoft.Incubation.Crypto.GroupKeys.ADRepository.ReadKey(Guid keyId)
   at Microsoft.Incubation.Crypto.GroupKeys.DKMBase.ReadKey(Guid guid)
   at Microsoft.Incubation.Crypto.GroupKeys.DKMBase.Unprotect(MemoryStream cipherText, Boolean pinnedOutput)
   at Microsoft.Rtc.Management.Internal.KeyManagement.GroupKeyWrapper.DecodeToArray(String cipherText)
   at Microsoft.Rtc.Management.Deployment.Core.Certificate.ReplicateCMSCertificates(IScopeAnchor scope)
   at Microsoft.Rtc.Internal.Tools.Bootstrapper.Bootstrapper.ReplicateCMSCertificates().
Cause: The encryption key database has been corrupted or local machine cannot access it.
Resolution:
Ensure that forest configuration is up to date. Run Enable-CSAdForest and/or Enable-CSComputer Power Shell commands to validate forest and local machine configuration.


The solution in my case was to set rights to SBA compouter account - RTCComponentUniversalServices, RTCHSUniversalServices, RTCSBAUniversalServices.

It is needed to access AD contaner fof Lync certificates -   domain.local/Program Data/Microsoft/Distributed KeyMan/LyncCertificates.  - Open with ADSI edit and check it's security.


Once it is done, wait until AD replicates everywhere. Then in SBA run enable-cscomputer and reboot.

Wednesday, February 3, 2016

Sonus SBA Lync 2013 FrontEnd service does not start

Some issue while deploying SBA on Sonus 

Log Name:      Lync Server
Source:        LS AppDomain Host Process
Date:          2/3/2016 7:36:24 PM
Event ID:      50006
Task Category: (1029)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SBA.domain.com
Description:
An exception caused the process to stop.

Exception Details. System.ApplicationException: Failed to start Fabric Pool Manager.
   at Microsoft.Rtc.AppDomainHost.Launcher.Initialize(String[] args)
   at Microsoft.Rtc.AppDomainHost.Launcher.Main(String[] args)
Cause: Check the eventlog description.
Resolution:
Examine prior event log entries to find and resolve the problem. If the problem persists contact product support.


to solve the issue, log to SBA in RDP, uninstall windowsfabric using Control Panel, do not reboot and install windowsfabric.msi - take it from Lync 2013 server source DVD.

Monday, February 1, 2016

Once more about Lync (Skype for Business) RGS forwarding to PSTN

You need to assign Dialplan and voicepolicy to RGS workflow to let forward to PSTN.

Grant-CSDialPlan –Identity sip:workflow@domain.com -PolicyName "USA_DIAL_PLAN"

Grant-CSVoicePolicy –Identity sip:workflow@domain.com -PolicyName "US-International"

Thursday, January 28, 2016

Everything you needs to know on Powershell Lync RGS

http://www.skypeadmin.com/2014/08/01/draft-lync-interactive-response-group-creation-and-modification-via-powershell/

As you know RGS IVR GUI is limited only to 4 Options and 2 levels , if you want to overcome you need to use powershell. Well you can pre-create a skeleton in GUI and then add Option in PS. Something like this:


$workflow = Get-CsRgsWorkflow -Identity service:ApplicationServer:fepool.contoso.com/ea0c81cc-50df-4b8d-a488-8737f2200ed1

$MainMenu = Get-CsRgsQueue -Identity service:ApplicationServer:fepool.contoso.com -Name "Main Number Menu - forward"
$ActionA8 = New-CsRgsCallAction -Action TransferToQueue -QueueID $MainMenu.Identity        
$Answer8 = New-CsRgsAnswer -Action $ActionA8 -DtmfResponse 8


$workflow.DefaultAction.Question.AnswerList.Add($Answer8)

Set-CsRgsWorkflow $workflow

Thursday, January 7, 2016

Install and use IIS Advanced logging

In case you want to debug IIS based application you can uise Advanced logging:

Download and install http://www.microsoft.com/en-us/download/details.aspx?id=7211

Enable it in IIS Manager - it is disabled by default.



Common error in ADFS configuration and MSCRM IFD

According to PowerObjects there is a common error in CRM internet-facing deployment:






So you need to go to ADFS console and change Federation Service Properties - Federation Service Identifier to

https://adfs.domain.com/adfs/services/trust


Then iisreset on ADFS, then on CRM server re.run Claims configuration. Do not change anything, just re.run wizard, then iisreset, re.run IDF wizard, iisreset once more and then test.

You should see a following event in the evenlog:


Log Name:      Application
Source:        MSCRMPlatform
Date:          07.01.2016 18:01:44
Event ID:      17209
Task Category: None
Level:         Information
Keywords:      Classic,Audit Success
User:          N/A
Computer:      server
Description:
The initialization of the CRM authentication pipline has succeeded for: GetServiceConfiguration - Initialization:
Host:
Request Url:
LogFederationProviders - Federation Provider:  - Name: https://adfs.domain.com/adfs/services/trust
AddAudienceUri - Audience Uri: https://crm.domain.com/
AddAudienceUri - Audience Uri: https://auth.domain.com/