We had a case where, a duplicate prevented call being delivered to Poycom VVX. As you can imagine we spent some time to take logs and understand the issue. but it is simply not visible on that level. When we got traces from the SBA mediation server, it was clear that call is rejected by SFB due to a duplicate.
ms-diagnostics: 4002;reason="Multiple users associated with the source phone number";
Checking in powershell revealed nothing, however in SQL resources table on SBA we discovered records that were deleted, but never left SQL.
Here is how to check this: http://lyncinsider.com/skype-for-business/sql-active-directory-mismatch-prevents-skype4b-user-login/ and http://lynclead.com/?p=324
Monday, December 17, 2018
Tuesday, November 20, 2018
Tuesday, October 23, 2018
Tuesday, October 9, 2018
Thursday, September 20, 2018
Microsoft MFA two-way SMS deprecated soon
https://blogs.technet.microsoft.com/stbnewsbytes/2017/11/15/cloud-platform-release-announcements-for-november-15-2017/ scroll to the very bottom of the article.
Monday, September 3, 2018
Thursday, August 30, 2018
Select Windows 2016 with GUI right from the begining
Do not forget to select Windows 2016 with Desktop experience, unless you want to have server core flavour. You can not convert from core to GUI. You have to reinstall.
Monday, July 2, 2018
Sonus SBC 1000 SNMP traps and SNMP GET
To setup SNMP for Sonus, please use the follwing reference:
https://support.sonus.net/display/UXDOC50/Sonus+SBC+1000-2000+Download+Center
Note also that community string should be low case, check firewall settings for UDP 162 and 161.
Use MIB browser to crack OID code for specific interface you want to monitor.
As example:
https://support.sonus.net/display/UXDOC50/Sonus+SBC+1000-2000+Download+Center
Note also that community string should be low case, check firewall settings for UDP 162 and 161.
Use MIB browser to crack OID code for specific interface you want to monitor.
As example:
Tuesday, June 26, 2018
Monday, June 18, 2018
Web analytics SP2013 vs SP2010
Reminder Web site analytics of SP2010 is accessible via Central Administration, but in SP2013 it is on each site administration level
https://blogs.msdn.microsoft.com/chandru/2013/08/31/sharepoint-2013-web-analytics-report-where-is-it/
https://blogs.msdn.microsoft.com/chandru/2013/08/31/sharepoint-2013-web-analytics-report-where-is-it/
SQL alias for SharePoint Database
Few words about creating SQL Alias for SharePoint - imagine you want to move SharePoint DB to another server, if you hardcode it as FQDN you will need to manage it on DNS level and point to another server. But you can also use SQL aliases and define them locally to point to SQL server by alias thather than FQDN:
https://sqlandme.com/2011/05/05/create-sql-server-alias-cliconfg-exe/
https://sqlandme.com/2011/05/05/create-sql-server-alias-cliconfg-exe/
Thursday, June 14, 2018
Check Skype for Business or Lync or OCS presence in SQL
User strored procedure
dbo.DiagShowPublisherPresence
in RTCLOCAL SQL copy on each FrontEnd (not SBA)
http://mikestacy.typepad.com/mike-stacys-blog/sql/
dbo.DiagShowPublisherPresence
in RTCLOCAL SQL copy on each FrontEnd (not SBA)
http://mikestacy.typepad.com/mike-stacys-blog/sql/
Tuesday, May 29, 2018
Skype for Business Hybrid one way
We have a problem of one way presence in hybrid deployment. From one Prems, we can not see online users in the same domain. Here is subscribe ok we get on onprem side:
TL_INFO(TF_PROTOCOL) [EDGE01\EDGE01]0E00.1480::05/25/2018-19:37:29.817.0000BB79 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(261)) [2044151173] Trace-Correlation-Id: 2044151173
Instance-Id: F3
Direction: incoming;source="external edge";destination="internal edge"
Peer: sipfed.online.lync.com:5061
Message-Type: response
Start-Line: SIP/2.0 200 OK
From: "Test Skype1"
To:
Call-ID: f7f33e99902d45488e4b2c76924d00a5
CSeq: 1 SUBSCRIBE
Contact:
Via: SIP/2.0/TLS 10.100.1.41:49186;branch=z9hG4bK9FE0F169.F3E35464A2AA98C9;branched=FALSE;ms-internal-info="aaDSMbd_7l0a4U9R6npyIrDBxYlV2GUNocfizAJ2ScR15kVOPzyc4VHQAA";received=52.112.132.124;ms-received-port=49186;ms-received-cid=B6C95E00
Via: SIP/2.0/TLS 10.20.1.36:61901;branch=z9hG4bKB46E0708.870D177F11B578C8;branched=FALSE;ms-received-port=61901;ms-received-cid=300
Via: SIP/2.0/TLS 10.20.1.9:49176;branch=z9hG4bK7D7D836D.E605002CA2AA98C9;branched=FALSE;ms-received-port=49176;ms-received-cid=4DBD00
Via: SIP/2.0/TLS 192.168.168.244:55348;received=84.75.200.148;ms-received-port=55348;ms-received-cid=1400
Record-Route:
Record-Route:
Content-Length: 470
Content-Type: multipart/related; type="application/rlmi+xml";start=resourceList; boundary=1550b37c575843dbb98e18be4e840f3d
ms-split-domain-info: ms-traffic-type=SplitIntra
ms-telemetry-id: D31CB29B-EEE7-56FB-A1C5-7F04353D74C3
Expires: 0
Require: eventlist
Event: presence
subscription-state: terminated;expires=0
ms-piggyback-cseq: 1
Supported: ms-piggyback-first-notify
Message-Body:
--1550b37c575843dbb98e18be4e840f3dContent-Transfer-Encoding: binaryContent-ID: resourceListContent-Type: application/rlmi+xml
Solution, refresh directory schema in AADconnect.
Monday, May 28, 2018
How to check user attributes in Azure AD
Open https://graphexplorer.azurewebsites.net/#
login with a user who has access to Azure AD
then type url:
https://graph.windows.net/myorganization/users/tskype1@domain.com
login with a user who has access to Azure AD
then type url:
https://graph.windows.net/myorganization/users/tskype1@domain.com
Monday, May 7, 2018
Windows 7 WebDAV client requires SHA protocol
If you have a Sharepoint site that provides Open with explorer functionality make sure you do not disable SHA (hash) protocol on your server. Otherwise some clients with Windows 7 will not be able to open shares in Explorer.
Tuesday, May 1, 2018
Thursday, April 12, 2018
Exchange and Skype for Business error 14563: Two servers cannot be configured at the same FQDN with different server version numbers.
Event ID 14563
Source LS Protocol Stack
Two servers cannot be configured at the same FQDN with different server version numbers.
Cannot configure a server at FQDN [exchange.doamin.com] because another server is already configured there with a different server version number.
Cause: This is a configuration problem.
Resolution:
Review the server roles that are configured at this FQDN and ensure that they have identical version numbers.
Please review https://blogs.technet.microsoft.com/jenstr/2012/11/13/when-to-have-a-lync-trusted-application-pool-for-exchange-owa-im-integration/
It seems that you have trustedapplicationpool defined in Topology and also UM server is assigned for a dial plan. This will push twice server name to Skype.
Remove from topology or if you have several servers, do it in the way that it is popolated without a conflict.
Source LS Protocol Stack
Two servers cannot be configured at the same FQDN with different server version numbers.
Cannot configure a server at FQDN [exchange.doamin.com] because another server is already configured there with a different server version number.
Cause: This is a configuration problem.
Resolution:
Review the server roles that are configured at this FQDN and ensure that they have identical version numbers.
Please review https://blogs.technet.microsoft.com/jenstr/2012/11/13/when-to-have-a-lync-trusted-application-pool-for-exchange-owa-im-integration/
It seems that you have trustedapplicationpool defined in Topology and also UM server is assigned for a dial plan. This will push twice server name to Skype.
Remove from topology or if you have several servers, do it in the way that it is popolated without a conflict.
Wednesday, April 11, 2018
Microsoft-Windows-Windows Fabric/Admin warning 4097 in Skype for Business
Hello,
if you have this error (actually warning) in Skype for Business FrontEnd, you most probably can ignore it.
Investigation:
check settings.xml in C:\ProgramData\Windows Fabric\GVASFE1.domain.com\Fabric\Fabric.Config.1.0.0
you can see
Parameter Name="IgnoreCrlOfflineError" Value="true"
Parameter Name="CrlCheckingFlag" Value="3221225476"
So the setting is set to ignore the error. The description of CrlCheckingFlag you can find in
C:\Program Files\Skype for Business Server 2015\Server\Core\ClusterManifest.Xml.Template
CrlCheckingFlag setting follows the rest of the Lync Server components (sipstack, web) which
set the following flags:
CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL =0x00000004 | // do not go on the wire for cert retrieval
CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY =0x80000000 | // do not go on the wire for cert revocation check
CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT=0x40000000
0xC0000004=3221225476 (unsigned int)
as you see CrlCheckingFlag equal 0xC0000004
means - check cache only - exclude root - we must be checking only intermediate CRL and if it is locally cached.
to check local cache (of current user) use command
certutil -urlcache CRL
to chache a specific CRL - use command
certutil -f -urlfetch -verify gvasfe1.cer
where cer is a file with a certificate
refer https://blogs.technet.microsoft.com/pki/2006/11/30/basic-crl-checking-with-certutil/
Fabric run as network service, so you can check that also, but it would require hacking: https://windoh.wordpress.com/2011/04/23/crl-caching-in-windows-and-a-little-bit-about-ocsp-caching-too/
Summary: as you can see SFB Windows fabric is set up to ignore the error and continue, the error may come from issues retrieving CRL or absence of CRL in local cache. In most cases you should also ignore this error. If you want to fix it (not recommended), replace in ClusterManifest.Xml.Template %CRLCHECKINGFLAG% as 0 and reboot
if you have this error (actually warning) in Skype for Business FrontEnd, you most probably can ignore it.
Investigation:
check settings.xml in C:\ProgramData\Windows Fabric\GVASFE1.domain.com\Fabric\Fabric.Config.1.0.0
you can see
Parameter Name="IgnoreCrlOfflineError" Value="true"
Parameter Name="CrlCheckingFlag" Value="3221225476"
So the setting is set to ignore the error. The description of CrlCheckingFlag you can find in
C:\Program Files\Skype for Business Server 2015\Server\Core\ClusterManifest.Xml.Template
CrlCheckingFlag setting follows the rest of the Lync Server components (sipstack, web) which
set the following flags:
CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL =0x00000004 | // do not go on the wire for cert retrieval
CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY =0x80000000 | // do not go on the wire for cert revocation check
CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT=0x40000000
0xC0000004=3221225476 (unsigned int)
as you see CrlCheckingFlag equal 0xC0000004
means - check cache only - exclude root - we must be checking only intermediate CRL and if it is locally cached.
to check local cache (of current user) use command
certutil -urlcache CRL
to chache a specific CRL - use command
certutil -f -urlfetch -verify gvasfe1.cer
where cer is a file with a certificate
refer https://blogs.technet.microsoft.com/pki/2006/11/30/basic-crl-checking-with-certutil/
Fabric run as network service, so you can check that also, but it would require hacking: https://windoh.wordpress.com/2011/04/23/crl-caching-in-windows-and-a-little-bit-about-ocsp-caching-too/
Summary: as you can see SFB Windows fabric is set up to ignore the error and continue, the error may come from issues retrieving CRL or absence of CRL in local cache. In most cases you should also ignore this error. If you want to fix it (not recommended), replace in ClusterManifest.Xml.Template %CRLCHECKINGFLAG% as 0 and reboot
Monday, March 19, 2018
Thursday, March 15, 2018
ExMon - a tool to measure Exchange 2016 usage
https://blogs.technet.microsoft.com/exchange/2016/02/16/exchange-2013-and-2016-exmon-tool-is-now-available/
Wednesday, March 14, 2018
Exchange 2016 Prefered Architecture
Microsoft has designed a Prefered Architecture model (PA) which sounds more like Sci-fi for real world installation - companies want to use Virtualisation, PA talk about physical servers, companies want SAN, PA - DAS, etc.
Get more information here: http://video.ch9.ms/sessions/ignite/2015/decks/BRK3197_Smith.pptx
few more session dedicated to PA: https://blogs.technet.microsoft.com/nawar/2017/10/04/ignite-2017-exchange-sessions/
And the epic one: https://www.youtube.com/watch?v=i5rsxynRI4E realworld non-PA implementations.
Get more information here: http://video.ch9.ms/sessions/ignite/2015/decks/BRK3197_Smith.pptx
few more session dedicated to PA: https://blogs.technet.microsoft.com/nawar/2017/10/04/ignite-2017-exchange-sessions/
And the epic one: https://www.youtube.com/watch?v=i5rsxynRI4E realworld non-PA implementations.
Monday, January 29, 2018
How to kill remote RDP session
https://rodolfovaraujo.wordpress.com/2012/03/06/how-to-kill-rdp-sessions-remotely-if-exceeded/
query session /server:servername
reset session ID /server:servername
query session /server:servername
reset session ID /server:servername
Friday, January 26, 2018
Integration with Exchange Online breaks Skype for Business federation
Hello,
if you follow this article to setup your integration with Exchange online (for voicemail)
https://blogs.technet.microsoft.com/nexthop/2016/03/29/integrate-on-premise-lync-or-skype-for-business-with-office-365-unified-messaging-um/comment-page-3/#comments
you may kill your sfb federation. If this is a case, please note a following specificity of SFB:
when you set up Edge, you will be confronted with a choice, where to set your DNS. You can set it to external DNS, such as 8.8.8.8 or your internal DNS.
If you select external, you might need to define some hosts file entry like for FrontEnd pool, etc. Not ideal, right?
then you select internal DNS. However once you run
New-CsHostingProvider -Identity UMonline-Enabled $True -EnabledSharedAddressSpace $True -HostsOCSUsers $False -ProxyFQDN "exap.um.outlook.com" -IsLocal $False -VerificationLevel UseSourceVerification
you cut all federation. This is due to the fact that after this powershell , the edge will try to look for it's own SRV _sipfederationtls._tcp and because it is usually not defined internally, it will fail.
Solution is to check what is defined externally and in internal split DNS zone create exactly the same (SRV pointing to A record of to external public IP of edge access (SIP) interface.
if you follow this article to setup your integration with Exchange online (for voicemail)
https://blogs.technet.microsoft.com/nexthop/2016/03/29/integrate-on-premise-lync-or-skype-for-business-with-office-365-unified-messaging-um/comment-page-3/#comments
you may kill your sfb federation. If this is a case, please note a following specificity of SFB:
when you set up Edge, you will be confronted with a choice, where to set your DNS. You can set it to external DNS, such as 8.8.8.8 or your internal DNS.
If you select external, you might need to define some hosts file entry like for FrontEnd pool, etc. Not ideal, right?
then you select internal DNS. However once you run
New-CsHostingProvider -Identity UMonline-Enabled $True -EnabledSharedAddressSpace $True -HostsOCSUsers $False -ProxyFQDN "exap.um.outlook.com" -IsLocal $False -VerificationLevel UseSourceVerification
you cut all federation. This is due to the fact that after this powershell , the edge will try to look for it's own SRV _sipfederationtls._tcp and because it is usually not defined internally, it will fail.
Solution is to check what is defined externally and in internal split DNS zone create exactly the same (SRV pointing to A record of to external public IP of edge access (SIP) interface.
Subscribe to:
Posts (Atom)