Search This Blog

Saturday, September 23, 2017

Polycom VVX for hybrid Exchange

Polycom FW version 5.5.3 and Exchange hybrid.

From the logs we see that Polycom tries to perform autodiscover, but finally fails and leave EWS not deployed for online users.  I will continue debuging that, but I found a workaround:

login with sip and UPN  as username@domain.com but leaving domain field empty.
Then in settings-applications-exchange server URL you can hardcode:

https://outlook.office365.com/EWS/Exchange.asmx/WSSecurity

and leave autodiscover disabled.

Update: with CURL DEBUG we can see that problem was in SSL certificates of Digicert not being trusted due to limits we left from other tests in Network - TLS - Application profile 6 (select certificates from platform or imported, but we had only one certificte selected). I also imported Digicert root, as for unknown reasons outlook is based on that while rest of MS is Baltimore.


Posted by at No comments:
Labels: , ,

Inside exchutil.ps1

https://flinchbot.com/2013/09/09/exchucutil/

Posted by at No comments:
Labels: ,

Tuesday, September 19, 2017

Skype for Business debuging tools crashing

Latest debugging tools for SFB have a bug, dowload previous version:

Posted by at No comments:
Labels:

Friday, September 15, 2017

ADFS trics for MFA

ADFS access control rules to disable MFA for Office 365 application if usrs are connecting from intranet, Lync clients and enforce MFA for member of AD group:

$rp = Get-AdfsRelyingPartyTrust –Name "Microsoft Office 365 Identity Platform"
$groupMfaClaimTriggerRule = 'NOT EXISTS([Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)skype"]) && NOT EXISTS([Type=="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)ACOMO"]) && NOT EXISTS([Type=="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)lync"]) => add(type = "http://schemas.company.com/not_lync", value = "true" );
c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-21-796845957-688789844-854245398-6148"]  && c2:[Type =="http://schemas.company.com/not_lync", Value== "true"] && c3:[Type =="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", Value== "false"]=> issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "http://schemas.microsoft.com/claims/multipleauthn");'

Set-AdfsRelyingPartyTrust –TargetRelyingParty $rp –AdditionalAuthenticationRules $groupMfaClaimTriggerRule


We use this rule to let Lync on Premises users to use Exchange online
Posted by at No comments:
Labels: , ,

Thursday, September 14, 2017

Some ADFS MFA trics

http://www.lieben.nu/liebensraum/2016/05/excluding-skype-for-business-from-adfs-mfa/

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)