Duplicate number in Skype for Business

https://social.technet.microsoft.com/Forums/lync/en-US/5d4bc40e-4a02-43c1-9a48-07852e5f8bfc/unique-lineuri-but-485-ambiguous?forum=lyncvoice


get-csuser etc will not see any disabled users with a number, but this script will see:

Get-AdUser -filter * -property msRTCSIP-Line | Select Name, @{Name="MSRTCSIPLine";Expression={$_."msRTCSIP-Line"}}|where {$_.MSRTCSIPLine -like "tel:+XXXXXXX*"}

Script to Clear Credman

https://blogs.technet.microsoft.com/rmilne/2019/01/11/script-to-clear-credman/

Analog devices in SFB and Audiocodes

https://devsite.enablingtechcorp.com/Blog/TabId/777/ArtMID/2450/ArticleID/622/Skype-for-Business-and-Lync-Server-2013-Analog-Gateways-Trunk-to-Trunk.aspx

Disk C space issue? use mklink /j

mkdir D:\ProgramData
robocopy /XJ /MIR "C:\ProgramData" "D:\ProgramData"
mklink /J "C:\ProgramData" "D:\ProgramData"

How to compare and fix SQL database schemas

https://www.decisivedata.net/blog/schema-comparisons-using-visual-studio-sql-data-tools

Finish migration from SFB hybrid to online

https://docs.microsoft.com/en-us/skypeforbusiness/hybrid/cloud-consolidation-disabling-hybrid

Cloud Azure MFA Radius?

With MFA server onpremises deprecation, you need to implement NPS extension for Azure on your local NPS/Radius to connect to Cloud MFA.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension

Exchange hybrid migration errors decoded

https://blogs.technet.microsoft.com/exovoice/2017/06/30/hybridmigrationerrors/

Skype for Business mobility and hair-pinning requirements

Mobility Service URL Requirement

In a default configuration, a user who is connected to the internal network via Wi-Fi will always be returned the external Mobility Service URL for his/her home pool. The user’s device must be able to query the internal DNS zone and resolve the external Lync Web Services FQDN to the IP address of the external interface of the reverse proxy. The user will then make an outbound, hair-pinned connection to the Mobility Service through the reverse proxy.

https://docs.microsoft.com/en-us/previous-versions/office/skype-server-2010/hh690030(v=ocs.14)

Add or remote server from the Lync pool

https://tomtalks.blog/2013/04/lync-2013-gotcha-when-addingremoving-fes-in-topology-publishing-topology-will-reset-the-relevant-pool/

https://docs.microsoft.com/en-us/skypeforbusiness/manage/topology/manage-front-end-servers


When you add or remove a server to the pool in your topology and then publish the updated topology, it will cause all of the servers in the pool to restart at the same time. While the servers are restarting the pool is offline, which will interrupt service for your users connected to that pool. To prevent any interruption of service to users, plan to publish the topology with the new server in the pool during non-business hours.

Windows 2019 server activation error

With a correct key, we can not activate Windows 2019 server:

"We can’t activate Windows on this device as we can’t connect to your organization’s activation server. Make sure that you’re connected to your organization’s network and try again."

The workaround is to do with command line - run as administrator:

slmgr.vbs /ipk   key-key-..

SharePoint 2013 install error 1603

if you get an error such as

Problem Event Name:                        OfficeClassicSetup

  SETUP EXE VERSION:                        15.0.4454.1000

  SETUP DLL NAME:                            SVRSETUP.DLL

  SETUP DLL VERSION:                        15.0.4709.1000

  ERROR CODE:                                   1603

  MSI HRESULT:                                   Unspecified

  ERROR DETAILS:                               FC73469E

  FIRST ERROR CODE:                         1603

  OS Version:                                       6.3.9600.2.0.0.272.7

  Locale ID:                                          1033

it may mean that you need to ad resources: check if you have 4vCPU, disk space 80GB+

Re.run setup

takeover tenant in office 365

https://powerbi.microsoft.com/en-us/blog/how-to-perform-an-it-admin-takeover-with-o365/

OWA or ECP ADFS error "wrongaudienceuriorbadsigningcert"

https://vandijk.cloud/ad-fs-for-ecp-or-owa-fails-with-error-wrongaudienceuriorbadsigningcert/

Offline IM for Skype and Lync

Offline IM -  a feature that allows you to get missed IM while you are offline is not avaiable for Lync 2013 server, but is for Skype for Business server: https://docs.microsoft.com/en-us/skypeforbusiness/deploy/im-and-presence/enable-or-disable-offline-im

PGP for Widows

https://www.gpg4win.de/thanks-for-download.html

Verify certificate with command line certutil.exe

The command to verify a certificate:

certutil -f -urlfetch -verify C:\temp\www.google.de.crt

https://www.admin-enclave.com/en/articles/windows/57-how-to-verify-the-certificate-chain-via-windows.html

CentOS 7 on Hyper-V 2016

CentOS 7 minimal installs happily on Windows Server Hyper-V 2016. Do not forget to run
nmcli
nmtui

to active network connection, as by default it is not active.

SharePoint 2010 workflows performace

http://melick-rajee.blogspot.com/2011/09/how-to-improve-workflow-performance-in.html

SharePoint 2010 workflows - create a hyperlink

https://wonderlaura.com/2013/05/30/workflow-create-a-hyperlink/

Office 365 Exchange Online Protection and DMARC

If you want to protect your domain with DMARC or use DMARC to filter spam and you use Office 365, note that Microsoft decided to alter normal DMARC policy. Imagine the domain protects itself and a message was identified as DMARC=fail and policy is set to reject with 100%. DMARC policy example: v=DMARC1;p=reject;pct=100
Office 365 will ignore reject and will deliver email marked as spam. A header will contain

"dmarc=fail action=oreject" (oreject being overwritten reject.)

Here is how Microsoft justifies this design decision:

"If the DMARC policy of the sending server is p=reject, EOP marks the message as spam instead of rejecting it. In other words, for inbound email, Office 365 treats p=reject and p=quarantine the same way.

Office 365 is configured like this because some legitimate email may fail DMARC. For example, a message might fail DMARC if it is sent to a mailing list that then relays the message to all list participants. If Office 365 rejected these messages, people could lose legitimate email and have no way to retrieve it. Instead, these messages will still fail DMARC but they will be marked as spam and not rejected. If desired, users can still get these messages in their inbox through these methods:

• Users add safe senders individually by using their email client
• Administrators create an Exchange mail flow rule (also known as a transport rule) for all users that allows messages for those particular senders."

https://docs.microsoft.com/en-us/office365/securitycompliance/use-dmarc-to-validate-email#inbounddmarcfail

ADFS 2016 auditing

https://blog.dacimm.com/audit-adfs-extranet-lockout-protection-81620ec055df

ICMP redirect

In the middle of migration from one firewall to another you may discover that you need to point a specific migrated IP to new firewall, while default gateway remains as old firewall.


Then in the old firewall you will specify a route to forward to new firewall.

When a user will ping that IP, the old firewall as default route will respond with ICMP redirect message.  This message will most problably be ingored by your user PC.

Check if the registry Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect   is 1

and that Firewall allows ICMP Redirect messages (the best is to enable a custom Windows firewall rules to let this to be accepted in trusted networks, but not in public as example.


Then when you ping you will see ICMP redirect message in Wireshark, then after a while that your PC starts sending it to new Firewall.


Note that "route print" will not show this new route.

Skype for Business Response Group report does not work

If RGS report is too slow, and if you wait will just timeout, then use the solution mentioned here. It was for LYNC, but was tested and proven to work in SFB as well.


https://social.technet.microsoft.com/Forums/en-US/7e472c38-35ac-42cb-ad4a-a683eb0becac/response-group-usage-report-not-working

Client connectivity in Exchange 2016 and 2010 co-existence

https://blogs.technet.microsoft.com/exchange/2015/10/26/client-connectivity-in-an-exchange-2016-coexistence-environment-with-exchange-2010/

Microsoft Project Server 2016 MVP

https://blog.devoworx.net/2015/10/16/install-and-configure-project-server-2016/#projectserver2016_4
https://blog.devoworx.net/2017/10/30/project-server-2016-migration/

Call progress tones for different countries

https://www.3amsystems.com/World_Tone_Database?q=Switzerland,Call_waiting_tone

Lync 2013 address book view from SQL and CSLogger

https://itspartlycloudy.com/2015/06/05/getting-lync-2013-address-book-data-from-sql/

In CSlogger simply select AddressBook scenario

RAC0218: The maximum number of user sessions is reached

racadm racreset

Skype for Business Edge hairpining

http://silbers.net/lync-edge-hairpin-requirement/

NetApps file share does not work via alias for Skype for Business

Log Name:      Lync Server

Source:        LS Storage Service

Date:          21.01.2019 13:55:45

Event ID:      32008

Task Category: (4006)

Level:         Error

Keywords:      Classic

User:          N/A

Computer:      

Description:

Unexpected exception.

Message=Error: Path \\fs_AppsData_.domain.com\Apps_Data$\SFBshare\1-WebServices-11\StorageService failed to be read for flushed data. Error details: System.IO.IOException: The account used is a computer account. Use your global user account or local user account to access this server.

The problem is that we use alias, if we change alias to server name, it works. This share is actually NetApp vfiler.

Here is a reference on how to add SPN for the alias. The alias is CNAME or A record.

https://social.technet.microsoft.com/Forums/lync/en-US/896a987f-990f-4668-9fc4-9c0be523f4db/lync-replication-wont-work-with-file-share-on-netapp-nas?forum=ocsplanningdeployment

SCVMM manually install agent

https://seneej.com/2013/06/04/scvmm-2012-sp1-host-agent-manual-installation-and-client-logs/

Direct Access on Windows 10 does not send troubleshooting logs

http://itcalls.blogspot.com/2018/08/windows-10-directaccess-collect-logs.html

Skype for Business Address Book normalisation rules

In the past Lync used txt files Company_Phone_Number_Normalization_Rules.txt to manage normalisation rules, with SFBit is now powershell Get-CsAddressBookNormalizationRule, etc.

By default it contains already some rules, but if you need to modify you can.

Here is a test tool that will show existing rules and will allow to test with a specific test number:
https://gallery.technet.microsoft.com/Skype-for-Business-Address-2ab65ca7


One thing remains unclear - the tool and all articles that I could find says that SFB will automatically strip spaces and other symboles like dashes from the phones number. However, I have an example where it does not work - when number is typed in contact lookup in SFB client the string must match exactly the string in AD phone field, otherwise the contact is not proposed. For the moment I do not know why. In another installation it work ok. It looks like something related to either client version  or method (web search only) or client  or GPO policy - had no time to analyse further.