CRM Outlook issues after October 2017 updates

Several complains from clients regarding Outlook CRM client (add-in) that stopped working and does not show (render) accounts, contacts, dashboards in Outlook. At the same time Web browser works ok.


The problem is related to recent security updates for Outlook 2010, 2013, 2016. You can fix it by adding registry to current user:


EnableRoamingFolderHomepages

https://support.microsoft.com/en-us/help/4049314/microsoft-dynamics-365-for-outlook-is-unable-to-render-webpages-after

SQL to list Users logged to Lync and their device

Select (cast (RE.ClientApp as varchar (100))) as ClientVersion,R.UserAtHost as UserName,HRD.LastNewRegisterTime as LastRegisterTime, EP.ExpiresAt
        FROM rtcdyn.dbo.RegistrarEndpoint RE
       Inner Join rtc.dbo.Resource R on R.ResourceId = RE.OwnerId
       Inner Join rtcdyn.dbo.Endpoint EP on EP.EndpointId = RE.EndpointId
       INNER JOIN rtcdyn.dbo.HomedResourceDynamic HRD on HRD.OwnerId = R.ResourceId
        Order By UserName ,ClientVersion

Polycom VVX debug

I had a case when VVX did not work for hybrid Exchange with Lync onPremises, I spent a lot of time to understand why it is not working until I enabled logging for CURL as DEBIG :)

As always the problem was in SSL Certificates.

Polycom VVX for hybrid Exchange

Polycom FW version 5.5.3 and Exchange hybrid.

From the logs we see that Polycom tries to perform autodiscover, but finally fails and leave EWS not deployed for online users.  I will continue debuging that, but I found a workaround:

login with sip and UPN  as username@domain.com but leaving domain field empty.
Then in settings-applications-exchange server URL you can hardcode:

https://outlook.office365.com/EWS/Exchange.asmx/WSSecurity

and leave autodiscover disabled.

Update: with CURL DEBUG we can see that problem was in SSL certificates of Digicert not being trusted due to limits we left from other tests in Network - TLS - Application profile 6 (select certificates from platform or imported, but we had only one certificte selected). I also imported Digicert root, as for unknown reasons outlook is based on that while rest of MS is Baltimore.

Inside exchutil.ps1

https://flinchbot.com/2013/09/09/exchucutil/

Skype for Business debuging tools crashing

Latest debugging tools for SFB have a bug, dowload previous version:

https://greiginsydney.com/clslogger-exe-crashes-with-unhandled-exception/

ADFS trics for MFA

ADFS access control rules to disable MFA for Office 365 application if usrs are connecting from intranet, Lync clients and enforce MFA for member of AD group:

$rp = Get-AdfsRelyingPartyTrust –Name "Microsoft Office 365 Identity Platform"

$groupMfaClaimTriggerRule = 'NOT EXISTS([Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)skype"]) && NOT EXISTS([Type=="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)ACOMO"]) && NOT EXISTS([Type=="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)lync"]) => add(type = "http://schemas.company.com/not_lync", value = "true" );

c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-21-796845957-688789844-854245398-6148"]  && c2:[Type =="http://schemas.company.com/not_lync", Value== "true"] && c3:[Type =="http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", Value== "false"]=> issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "http://schemas.microsoft.com/claims/multipleauthn");'

Set-AdfsRelyingPartyTrust –TargetRelyingParty $rp –AdditionalAuthenticationRules $groupMfaClaimTriggerRule

We use this rule to let Lync on Premises users to use Exchange online