Search This Blog

Thursday, October 5, 2017

SQL to list Users logged to Lync and their device

Select (cast (RE.ClientApp as varchar (100))) as ClientVersion,R.UserAtHost as UserName,HRD.LastNewRegisterTime as LastRegisterTime, EP.ExpiresAt
        FROM rtcdyn.dbo.RegistrarEndpoint RE
       Inner Join rtc.dbo.Resource R on R.ResourceId = RE.OwnerId
       Inner Join rtcdyn.dbo.Endpoint EP on EP.EndpointId = RE.EndpointId
       INNER JOIN rtcdyn.dbo.HomedResourceDynamic HRD on HRD.OwnerId = R.ResourceId
        Order By UserName ,ClientVersion


Tuesday, October 3, 2017

Polycom VVX debug

I had a case when VVX did not work for hybrid Exchange with Lync onPremises, I spent a lot of time to understand why it is not working until I enabled logging for CURL as DEBIG :)

As always the problem was in SSL Certificates.

Saturday, September 23, 2017

Polycom VVX for hybrid Exchange

Polycom FW version 5.5.3 and Exchange hybrid.

From the logs we see that Polycom tries to perform autodiscover, but finally fails and leave EWS not deployed for online users.  I will continue debuging that, but I found a workaround:

login with sip and UPN  as username@domain.com but leaving domain field empty.
Then in settings-applications-exchange server URL you can hardcode:

https://outlook.office365.com/EWS/Exchange.asmx/WSSecurity

and leave autodiscover disabled.

Update: with CURL DEBUG we can see that problem was in SSL certificates of Digicert not being trusted due to limits we left from other tests in Network - TLS - Application profile 6 (select certificates from platform or imported, but we had only one certificte selected). I also imported Digicert root, as for unknown reasons outlook is based on that while rest of MS is Baltimore.


Inside exchutil.ps1

https://flinchbot.com/2013/09/09/exchucutil/

Friday, September 15, 2017

ADFS trics for MFA

ADFS access control rules to disable MFA for Office 365 application if usrs are connecting from intranet, Lync clients and enforce MFA for member of AD group:

$rp = Get-AdfsRelyingPartyTrust –Name "Microsoft Office 365 Identity Platform"
$groupMfaClaimTriggerRule = 'NOT EXISTS([Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)skype"]) && NOT EXISTS([Type=="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)ACOMO"]) && NOT EXISTS([Type=="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)lync"]) => add(type = "http://schemas.company.com/not_lync", value = "true" );
c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-21-796845957-688789844-854245398-6148"]  && c2:[Type =="http://schemas.company.com/not_lync", Value== "true"] && c3:[Type =="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", Value== "false"]=> issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "http://schemas.microsoft.com/claims/multipleauthn");'

Set-AdfsRelyingPartyTrust –TargetRelyingParty $rp –AdditionalAuthenticationRules $groupMfaClaimTriggerRule


We use this rule to let Lync on Premises users to use Exchange online

Thursday, August 31, 2017

Powershell module for DNS of Windows 2008R2

Here is a module that you can use on legacy servers http://dnsshell.codeplex.com/, once instaled you can run as example get-dnsrecord

But if you have Windows 2012 R2 you do not need external module anymore, use build-in Get-DnsServerResourceRecord and enjoy.



Thursday, August 17, 2017

PSTN gateway not recognised by Lync 2013 mediation

Getting an error with SIP trunk TLS after deployment of new SBC:

Log Name:      Lync Server
Source:        LS Mediation Server
Date:          8/16/2017 12:36:43 PM
Event ID:      25075
Task Category: (1030)
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      xx
Description:
Mediation Server encountered an invalid setting that has been ignored.

Setting: PSTNGatewayService Fqdn: xx;trunk=yy
Reason: [Config] A Gateway Peer's (xx) internal settings are not configured correctly: NextHopPort = 5067, TransportType = TLS, NextHopIpAddress = N/A

Cause: Settings configured incorrectly.
Resolution:
Reconfigure the specified setting.


Double checking certificates, DNS, topology did not reveal any discrepancy, all looks correct. Do I need restart server?

The solution was to re-publish same topology second time, this time Mediation refreshed it's internal tables correctly and let SIP trunk to get up.


Wednesday, August 16, 2017

Exchange 2016 UM telephone extension dial plan

If you integrate Avaya or Cisco to Exchange 2016 UM, you may be surpised that a Dial plan with Tel. extension can't be associated with a Exchange 2016 server. Error message "The dial plan can’t be associated with the Client Access server. Only SIP URI dial plans can be associated with Exchange 2013 Client Access servers".  Do not worry, server will still respond and use this dial plan:


https://social.technet.microsoft.com/wiki/contents/articles/23416.exchange-2013-unified-messaging-with-cisco-unified-communication-manager.aspx

https://technet.microsoft.com/en-us/library/bb125151(v=exchg.150).aspx

Monday, August 14, 2017

ADFS 3.0 from Windows 2012 R2 does not support TLS 1.2 out of box

Surprise!  Look for details here: https://support.microsoft.com/en-us/help/3194197/considerations-for-disabling-and-replacing-tls-1-0-in-adfs

The article will explain how to enable TLS 1.2 especially that we know that TLS 1.0 is obsolete and wil be dropped by Microsoft in 2018.

Thursday, July 27, 2017

1y free Office 365

FYI: you can get 1y free Office 365 DEV tenant – including software Office 2016 and  up to 25 x Office 365 Enterprise E3 Developer licenses (Exchange, Skype, Sharepoint…) if you join Office devprogram: https://dev.office.com/devprogram 
Goto the very end of the page and click on JOIN DEVELOPER PROGRAM

Sunday, July 16, 2017

Audiocodes and Lync, unanswered call dropped after 30 seconds

SBC and Lync SBA configured according  to the documentation, but calls are are getting dropped after 30 seconds.  RTCP setting seems to be Generate Always, but we do not see any RTP UDP streams being sent by SBC to Lync.

I will try to disable RTCPActiveCalls in Lync and see it that helps.

https://social.technet.microsoft.com/Forums/ie/en-US/5e9fe10b-c9f2-44a6-9b8e-debaeb28da79/help-with-audiocodes-mediant-1000-audio-and-call-disconnect-problems?forum=ocsvoice

Update: as expected disabling it from Lync side solved the problem. Audiocodes support strugling to understand what is going on....

Tuesday, July 4, 2017

Sharepoint show total items in list paging

http://www.sharepointblogs.be/blogs/timmy/archive/2011/10/25/javascript-show-the-total-items-in-a-library-or-list.aspx

Saturday, July 1, 2017

SharePoint ASCX file manual deployment gives "Could not load file or assembly '$SharePoint.Project.AssemblyFullName$' or one of its dependencies" error

If ypou deploy ASCX file manually (by coping file and it's dll to CAG then SharePoint will give an error. When you deply with VS it should change this tag to a rela assemply name. Workaround for manual deployment is to change the tag by hand.

https://babasharepoint.blogspot.ch/2015/05/could-not-load-file-or-assembly.html



Tuesday, May 16, 2017

Audiocodes Mediant SBA Lyss error

Bumped into an error:

Log Name:      Lync Server
Source:        LS Storage Service
Date:          5/16/2017 5:54:02 PM
Event ID:      32071
Task Category: (4006)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:     xxx
Description:
Storage Service had a failure while refreshing its calculation of DB space used.

DB Space Used Refresh Error. Object reference not set to an instance of an object.
Cause: The Timer task to refresh the DB space used value ran into an exception. This action will be retried and should auto recover.
Resolution:

Check event details. If problem persists, notify your organization's support team with the event details.


For the moment, not clear what causing it.

Option I consider for the moment are:

install latest Lync CU
install windows patches inside SBA (esp. .NET)
reset fabric
repair fabric
redeploy CS databases
repair SBA image and re-deploy from scratch

some relevant links I collected so far:




update: nothing really helped, we did completely redeploy from usb key. 


Friday, May 5, 2017

Skype for Business/ Lync meeting expiration

Non-recurring meetings will expire in 2 weeks, if someone will opens it on 15th days  after meeting end date the URL will not work with error as below. I think 14 days is hardcoded, I’m not sure we can change it – refer to http://www.justin-morris.net/lync-conference-expiration-and-deactivation-explained/

To avoid the issue, create a recurring meeting, they will expire after farthest occurrence in the future.


About timestamp – note it is hardcoded to UTC time zone. 



Error:



Machine:xxJoin attempted at(UTC):05/05/2017 07:52:54CorrelationId:94320997User Agent:Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36Accept Header:text/htmlapplication/xhtml+xmlapplication/xml;q=0.9image/webp*/*;q=0.8Incoming URL:https://yyyTelemetryId:ffcc417b-9794-4445-8110-a530a3016ebdError:Invalid Conference organizer or Conference ID

Thursday, April 27, 2017

Call to Exchange UM subscriber fails

We have an SBA xxx  then gives an error 500 when we call to Exchange UM subscriber in hybrid Office 365/OnPrem deployment.


15000; reason="Unable to read the user properties publication for the user or contact object."; source="xxx"; appName="ExumRouting"

The solutuon/workaround is to re-create or move contact:

move-CsExUmContact -Identity sip:voicemailxxx@xxx -Target zzz

where ZZZ is hub frontend pool.

Thursday, April 13, 2017

Wireshark filter an IP out

To filter out undesirable IP do not use !=

but rather

! ( ip.addr == 10.43.54.65 )

Poylcom VVX UC software 5.5.1.15937 and lyncdiscoverinternal

Hello, small note for those who is trying to adapt lyncdiscoverinternal to point to external Reverse Proxy in order to find a good ballance for SFB mobile users.  Mobile phones do not have corporate CA root certificates installed by default.

Apparently Polycom VVX UC software 5.5.1.15937  require that lyncdiscoverinternal point to internal IP, if not it will product a very "descriptive" error:

SSL_get_error Error code=5,rc(0)

The workaround is to disable lync autodiscover and point directly to an internal host:

reg.1.server.1.address="sipinternal.domain.com"

reg.1.serverAutoDiscovery="0"

or in the phone advanced menu in sign-in dialog.

or change lyncdiscoverinternal to point back home.

It looks like this is a new situation, as it seems older versions worked ok.

Wednesday, April 5, 2017

Install CMS database in SQL cluster for Skype for Business or Lync - use

when you want to install SFB CMs database skeleton on SQL failover cluster add the parameter UseDefaultSQLpaths .  If not the cmdlet may wrigly guess the default location and will fail.



Install-CsDatabase -CentralManagementDatabase -SQLServerFQDN chglsqlvssfb15.IUCN.sys  -SQLInstanceName  SFB2015 -UseDefaultSQLpaths -Verbose

Friday, February 17, 2017

Sonus CCE admin guide

https://gallery.technet.microsoft.com/office/Cloud-Connector-Configurati-521b533f

-->

Wednesday, February 15, 2017

Quickly check user phone assignment in Lync or Skype for Business

Get-CsUser | where {$_.LineURI -eq "tel:+59625431255" -or $_.PrivateLine -eq "tel:+59625431255"} | format-table -property displayname,LineURI,privateline


Monday, February 6, 2017

DPM system state backup error


Type: Consistency check
Status: Failed
Description: DPM cannot create a backup because Windows Server Backup (WSB) on the protected computer encountered an error (WSB Event ID: 517, WSB Error Code:  0x98ED90). (ID 30229 Details: Internal error code: 0x80990ED0)
More information
End time: 06.02.2017 10:24:38
Start time: 06.02.2017 09:18:17
Time elapsed: 01:06:21
Data transferred: -
Cluster node -
Source details: Computer\System Protection
Protection group members: 1
Details
Protection group: Protection Group
Items scanned: 0
Items fixed: 0


in the WBS inside the server we can see it actually corresponds to low space error. indeed we have 12GB free on the drive E: and backup size is 14GB.

As we decide not to touch the drive E: (it is IDE VHD drive on that server, we add new VDHX file attached to SCSI adapter - this way we can alter disk space online. Which is not possible with VHD attached ove IDE interface. You will have to shutdown server and then change.

Now new drive F: can take the load.

go to C:\Program Files\Microsoft Data Protection Manager\DPM\Datasources and in the file PSDataSourceConfig.xml locate E; - drive short in space in section FilesToProtect and replace by F:  new drive.

Rerun consistance check in DPM.


Exchange 2016 onPrem mailbox restore error TooManyMissingItemsPermanentException

Hello, if you get this error

TooManyMissingItemsPermanentException
Error: This mailbox exceeded the maximum number of corrupt or missing items
that were specified for this request.

while running a powershell to restore mailbox from recovery DB:


New-MailboxRestoreRequest -SourceDatabase "RMLB05" -SourceStoreMailbox 86a3500a-53aa-4124-9661-76bab9d2fd15 -TargetMailbox  username@domain.com –TargetRootFolder Recovery -SkipMerging FolderRules 


try to add a switch -BadItemLimit 1000


  

Thursday, January 26, 2017

CentOS 7.3 on HyperV

In order to make CentOS 7.3 work in Hyper-V, please add legacy network adapter first, then mount ISO

https://www.microsoft.com/en-us/download/details.aspx?id=51612

and run install from CENTOS73 folder.

Aftet that you will have support for standard network adapter and you can remove legacy one.

to activate automatic connection use  nmtui

Monday, January 16, 2017

LDAP limits for .net queries

When using LDAP queries in .NET or Java, do not forget about limits:

C:\Users\Administrator>ntdsutil
ntdsutil: ldap policies
ldap policy: connections
server connections: connect to server dc
Binding to srvdc ...
Connected to srvdc using credentials of locally logged on user.
server connections: q
ldap policy: show value

Policy                          Current(New)

MaxPoolThreads                  4
MaxDatagramRecv                 4096
MaxReceiveBuffer                        10485760
InitRecvTimeout                 120
MaxConnections                  5000
MaxConnIdleTime                 900
MaxPageSize                     1000
MaxQueryDuration                        120
MaxTempTableSize                        10000
MaxResultSetSize                        262144
MinResultSets                   0
MaxResultSetsPerConn                    0
MaxNotificationPerConn                  5
MaxValRange                     1500
ThreadMemoryLimit                       0
SystemMemoryLimitPercent                        0

ldap policy: set maxpagesize to 5000
ldap policy: commit changes
ldap policy: q
ntdsutil: q

Visual Studio hangs when debugging SharePoint .net code at breakpoint

if the VS hangs on breakpoint when debugging SP with Process attach, try to reset IDE:

devenv.exe /ResetSettings

Tuesday, January 3, 2017

SCCM stops SCOM

be aware:

https://scompanion.wordpress.com/2016/01/19/system-center-management-service-paused-on-management-server/

Log Name:      Operations Manager
Source:        HealthService
Date:          29.12.2016 15:30:53
Event ID:      1217
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      xxx
Description:
The Microsoft Monitoring Agent running on computer "xxx" is suspended for the following reason:
"ConfigMgr 5.00.8239.1000 - SMS_MaintenanceTaskRequests - {55B3DD10-2110-4EBC-A8EF-E03D66EB3160}"