Event ID 14563
Source LS Protocol Stack
Two servers cannot be configured at the same FQDN with different server version numbers.
Cannot configure a server at FQDN [exchange.doamin.com] because another server is already configured there with a different server version number.
Cause: This is a configuration problem.
Resolution:
Review the server roles that are configured at this FQDN and ensure that they have identical version numbers.
Please review https://blogs.technet.microsoft.com/jenstr/2012/11/13/when-to-have-a-lync-trusted-application-pool-for-exchange-owa-im-integration/
It seems that you have trustedapplicationpool defined in Topology and also UM server is assigned for a dial plan. This will push twice server name to Skype.
Remove from topology or if you have several servers, do it in the way that it is popolated without a conflict.
Thursday, April 12, 2018
Wednesday, April 11, 2018
Microsoft-Windows-Windows Fabric/Admin warning 4097 in Skype for Business
Hello,
if you have this error (actually warning) in Skype for Business FrontEnd, you most probably can ignore it.
Investigation:
check settings.xml in C:\ProgramData\Windows Fabric\GVASFE1.domain.com\Fabric\Fabric.Config.1.0.0
you can see
Parameter Name="IgnoreCrlOfflineError" Value="true"
Parameter Name="CrlCheckingFlag" Value="3221225476"
So the setting is set to ignore the error. The description of CrlCheckingFlag you can find in
C:\Program Files\Skype for Business Server 2015\Server\Core\ClusterManifest.Xml.Template
CrlCheckingFlag setting follows the rest of the Lync Server components (sipstack, web) which
set the following flags:
CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL =0x00000004 | // do not go on the wire for cert retrieval
CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY =0x80000000 | // do not go on the wire for cert revocation check
CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT=0x40000000
0xC0000004=3221225476 (unsigned int)
as you see CrlCheckingFlag equal 0xC0000004
means - check cache only - exclude root - we must be checking only intermediate CRL and if it is locally cached.
to check local cache (of current user) use command
certutil -urlcache CRL
to chache a specific CRL - use command
certutil -f -urlfetch -verify gvasfe1.cer
where cer is a file with a certificate
refer https://blogs.technet.microsoft.com/pki/2006/11/30/basic-crl-checking-with-certutil/
Fabric run as network service, so you can check that also, but it would require hacking: https://windoh.wordpress.com/2011/04/23/crl-caching-in-windows-and-a-little-bit-about-ocsp-caching-too/
Summary: as you can see SFB Windows fabric is set up to ignore the error and continue, the error may come from issues retrieving CRL or absence of CRL in local cache. In most cases you should also ignore this error. If you want to fix it (not recommended), replace in ClusterManifest.Xml.Template %CRLCHECKINGFLAG% as 0 and reboot
if you have this error (actually warning) in Skype for Business FrontEnd, you most probably can ignore it.
Investigation:
check settings.xml in C:\ProgramData\Windows Fabric\GVASFE1.domain.com\Fabric\Fabric.Config.1.0.0
you can see
Parameter Name="IgnoreCrlOfflineError" Value="true"
Parameter Name="CrlCheckingFlag" Value="3221225476"
So the setting is set to ignore the error. The description of CrlCheckingFlag you can find in
C:\Program Files\Skype for Business Server 2015\Server\Core\ClusterManifest.Xml.Template
CrlCheckingFlag setting follows the rest of the Lync Server components (sipstack, web) which
set the following flags:
CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL =0x00000004 | // do not go on the wire for cert retrieval
CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY =0x80000000 | // do not go on the wire for cert revocation check
CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT=0x40000000
0xC0000004=3221225476 (unsigned int)
as you see CrlCheckingFlag equal 0xC0000004
means - check cache only - exclude root - we must be checking only intermediate CRL and if it is locally cached.
to check local cache (of current user) use command
certutil -urlcache CRL
to chache a specific CRL - use command
certutil -f -urlfetch -verify gvasfe1.cer
where cer is a file with a certificate
refer https://blogs.technet.microsoft.com/pki/2006/11/30/basic-crl-checking-with-certutil/
Fabric run as network service, so you can check that also, but it would require hacking: https://windoh.wordpress.com/2011/04/23/crl-caching-in-windows-and-a-little-bit-about-ocsp-caching-too/
Summary: as you can see SFB Windows fabric is set up to ignore the error and continue, the error may come from issues retrieving CRL or absence of CRL in local cache. In most cases you should also ignore this error. If you want to fix it (not recommended), replace in ClusterManifest.Xml.Template %CRLCHECKINGFLAG% as 0 and reboot
Subscribe to:
Posts (Atom)