onsdag den 14. juni 2017

LS Data MCU error on SfB 2015 after May OS Patch

The May 2017 .NET patches introduced a problem in both Skype for Business 2015 and LYNC 2010/ 2013 servers - after the patch the way that .Net handles EKU's in a certificate has changed.

The issue you will find is seen in the event viewer at both all frontends, and on the edge server aswell.

Front End event log every minute, Event ID 41026 followed by 41025:



And on the Edge server you will find:

 Microsoft has confirmed this issue:
https://support.microsoft.com/da-dk/help/4023993/ls-data-mcu-events-41025-and-41026-are-constantly-generated-after-you-

Follow the above article to mitigate the problem - either fix the CA template and reissue the Edge server internal certificate OR add this RegKey that will omit this check.
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.RequireCertificateEKUs

Run the following regadd in a CMD as administrator - that will add this key with the default path of Web conferencing components.

NOTE if your install path is anything but default, change the corresponding path in the reg add cmd.


LYNC Server 2010
reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\System.Net.ServicePointManager.RequireCertificateEKUs /v "C:\Program Files\Microsoft Lync Server 2010\Web Conferencing\DataMCUSvc.exe" /t REG_DWORD /d 0 /f


Lync Server 2013:

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.RequireCertificateEKUs /v "C:\Program Files\Microsoft Lync Server 2013\Web Conferencing\DataMCUSvc.exe" /t REG_DWORD /d 0 /f

Skype for Business Server 2015:

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.RequireCertificateEKUs /v "C:\Program Files\Skype for Business Server 2015\Web Conferencing\DataMCUSvc.exe" /t REG_DWORD /d 0 /f

After adding the registry key simply restart the Web Conferencing service and the errors will go away - and any related conferencing errors will also reolve.


HAPPY SKYPE'ing

onsdag den 31. maj 2017

Manage Response Groups in Powershell

When managing Response Groups in SKYPE for Business, the tool needed is the Classic "Manage or edit Workflows" Website - very often customers ask if they can control these options by powershell, or even automate some actions.




This is indeed possible, the powershell way may seem a bit wrinkled - but it works. :)

I will describe the two most commonly used task - that is changing the PSTN forward location for out of Business Hours, and also changing the prompt (audiofile) and Voicemail

First the Process for changing the Audio File and setting forward to Voicemail - if for example you want change the wording from "You are now being forwarded to VoicemailA" - to "You are being forwarded to VoicemailB"

First of you should identify your Response Groups workflows - we need the Identity string for later.

Run this in Powershell:

get-CsRgsWorkflow | ft Identity,Name -auto


If you want to you can now save the current config to a txt file

get-CsRgsWorkflow service:ApplicationServer:FE1.spinne.local/d546f544-1443-1443-1234 > C:\Workflow.txt
In the meantime prepare the new audiofile - keeping requirements in mind:
https://technet.microsoft.com/en-us/library/gg398649(v=ocs.14).aspx
And then load it into a variable as a new CsRgsAudioFile:
$audioFile = Import-CsRgsAudioFile -Identity "service:ApplicationServer:FE1.spinne.local" 
 -FileName "Audioprompt.wav" -Content (Get-Content C:\Audioprompt.wav -Encoding byte -ReadCount 0)
Now create a new CsRgsPrompt that links to the file.
 (Type the text here if you were instead going to use Text To Speech) 
$prompt = New-CsRgsPrompt -AudioFilePrompt $audioFile
Now Create a new CsRgsCallAction that is the Action the workflow will take when Outside Business Hours.
 In this case two Actions will occur, play a prompt and then transfer the call to voicemail
$action = New-CsRgsCallAction –prompt $prompt -Action TransferToVoicemailUri -Uri "sip:voicemail@spinne.dk"
Now Read the whole workflow into its own Variable
$workflow = get-csRgsWorkflow “service:ApplicationServer:FE1.spinne.local/d546f544-1443-1443-1234”
Now we can customize the workflow by adding the action defines earlier:
$workflow.NonBusinessHoursAction = $action
And finally write the whole thing back to existing workflow - and thereby owerwrtiting existing config.
Set-CsRgsWorkflow $workflow
So a script doing the whole process in one step would look like this:

$audioFile = Import-CsRgsAudioFile -Identity "service:ApplicationServer:FE1.spinne.local" 
 -FileName "Audioprompt.wav" -Content (Get-Content C:\Audioprompt.wav -Encoding byte -ReadCount 0)
$prompt = New-CsRgsPrompt -AudioFilePrompt $audioFile
$action = New-CsRgsCallAction –prompt $prompt -Action TransferToVoicemailUri -Uri "sip:voicemail@spinne.dk"
$workflow = get-csRgsWorkflow “service:ApplicationServer:FE1.spinne.local/d546f544-1443-1443-1234”
$workflow.NonBusinessHoursAction = $action
Set-CsRgsWorkflow $workflow

Now you could save different PS1 files named by name of Workflow, or even take it at step further, 
putting the whole thing into Orchestrator and making e.g. Voicemail destination as an variable.
Also worth noting the power of the New-csRGScallaction cmdlet - read more here:
https://technet.microsoft.com/en-us/library/gg398136.aspx

The next example is more simple, but also more commonly used - it simply changes the PSTN number that the
Workflow forwards to when outside business hours.

$action = New-CsRgsCallAction -Action TransferToPSTN -Uri "sip:+4511111111@spinne.dk"
$workflow = get-csRgsWorkflow “service:ApplicationServer:FE1.spinne.local/d546f544-1443-1443-1234”
$workflow.NonBusinessHoursAction = $action
Set-CsRgsWorkflow $workflow
Thats it :)
Lastly i wanna point your attention to a brilliant script made available on Technet - making it possible to automatically 
cycle between PSTN forwards, for example if you have a IT hotline where We rotate the on call responsibility weekly between the techies on duty. 
That script can be found here:
https://gallery.technet.microsoft.com/office/Lync-Workflow-off-hours-da661656

As Always Happy SKYPE'ing

torsdag den 18. maj 2017

May 2017 patches for SKYPE for Business server

A Cumulative update has been released today for SKYPE for Business servers.
And finally full support for "Server 2016" is here.


This CU contains ALOT of fixes for both minor issues and major annoyances like The VoicemailonBusy limitation when running exchange online. And also another MAJOR improvement is the simplified Meeting Join experience. Se lets get to it :)

The patch version number is:6.0.9319.281
To find out which version you are currently running please run this i Powershell:
Get-WmiObject –query ‘select * from win32_product’ | where {$_.name –like “*SKYPE for business*”} | ft Name, Version –AutoSize

The patch is found here:
http://www.microsoft.com/en-us/download/details.aspx?id=47690

This CU includes updates for the following roles:
  • Skype for Business Server 2015 - Standard Edition server
  • Skype for Business Server 2015 - Enterprise Edition - front-end server and back-end server
  • Skype for Business Server 2015 - Edge server
  • Skype for Business Server 2015 - stand-alone Mediation server
  • Skype for Business Server 2015 - Director server
  • Skype for Business Server 2015 - Persistent Chat front-end server
  • Skype for Business Server 2015 - Administration Tools
  • Skype for Business Server 2015 - Video Interop server
The long list of fixes are:
  • 4020997 Skype for Business Server 2015 Front-End service may crash in Windows Server 2016
  • 4020994 Event ID 36023 is consistently logged on Multiple Front-End servers in a Skype for Business Server 2015 environment that enables CAC
  • 4020993 DTMF tone isn’t played when some DTMF packets are dropped in the network in Skype for Business Server 2015
  • 4020991 Enables “move-csmeetingroom” cmdlet to move meeting room from on-premises to Online in Skype for Business Server 2015
  • 4020987 The update to OcsMcu.msp can't be applied when conferencing is disabled in Skype for Business Server 2015
  • 4020984 The ms-client-diagnostics header for application sharing scenario is not correctly formatted in Skype for Business Server 2015
  • 4020983 “sorry, I didn't get that...” GVA announcement is triggered by external audio sources in Skype for Business Server 2015
  • 4019726 Call remains ringing on a PSTN phone when you click End Meeting in a Skype meeting in Skype for Business Server 2015
  • 4019725 Event ID 44005 and 44008 are logged when you try to leave a voicemail in Skype for Business Server 2015
  • 4019724 You cannot join Skype meeting after you perform a pool failover in Skype for Business Server 2015
  • 4019723 Agents in a Response Group can’t receive call after you invoke pool failover in Skype for Business Server 2015
  • 4019722 Event ID 30210 occurs when you try to leave voicemail in Skype for Business Server 2015
  • 4015911 Pool failover fails when you have many conference directories in Skype for Business Server 2015
  • 4015910 Event ID 53106 "Unable to Save Message" occurs in Skype for Business Server 2015 Persistent Chat Server
  • 4015907 Update that enables simplified meeting join experience in Skype for Business Server 2015
  • 4015904 Enables UCWA to populate "OTHER CONTACTS" and "FAVORITES" groups at first sign in to Skype for Business mobile app
  • 4015902 Failed to start MatchMaking service and its dependencies if FIPS for RGS is enabled in Skype for Business Server 2015
  • 4015901 Calls to RGS may fail after an in-place upgrade from Lync server 2013 to Skype for Business Server 2015
  • 4015900 Enables “VoicemailOnBusy” ActionType to be set for Exchange Online users in Skype for Business Server 2015 Busy Options
  • 4015899 "Busy Options" feature doesn’t check the second incoming call in Skype for Business Server 2015
  • 4015898 RGS agents may stop receiving calls after you run the “Enable-CsTopology” cmdlet in Skype for Business Server 2015
  • 4015893 Enables delegate management feature for Unified Communications Web API in Skype for Business Server 

PLEASE remember the database updates in this patch

Installation methods (Taken from official KB guidance)

Install the cumulative updates

The Cumulative Server Update Installer applies all updates for the appropriate server role in one operation.

Note If User Account Control (UAC) is turned on, you must start the Cumulative Server Update Installer by using elevated permissions to make sure that all updates are installed correctly.
  Note Updates for Skype for Business Server 2015 will no longer be auto-installed by Microsoft Update. You must manually download SkypeServerUpdateInstaller.exe from Microsoft Update, and then use the following installation steps.

To apply the update to the Front End servers in a pool

  1. Type the following cmdlet:
    Get-CsPoolFabricState -PoolFqdn <PoolFQDN> 
    If this cmdlet shows any missing replicas, then run the following cmdlet to recover the pool before you apply any patches:
    Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery 
  2. On the first server you want to patch, run the following cmdlet:
    Invoke-CsComputerFailOver -ComputerName <Front End Server to be patched> 
    This cmdlet moves all services to other Front End Servers in the pool, and takes this server offline.
  3. Run the Cumulative Server Update Installer and click Install Updates to upgrade the server role.

    You can also run the following parameters together with the SkypeServerUpdateInstaller.exe command:
     
    • The /silentmode switch applies all applicable updates in the background.
    • The /silentmode /forcereboot switch applies all applicable updates in the background, and then automatically restarts the server at the end of the installation process if this is necessary.
    • The /extractall switch extracts the updates from the installer, and saves the updates in a subfolder that is named "Extracted" in the folder in which you ran the command.
  4. On the upgraded server, run the following cmdlet:
    Invoke-CsComputerFailBack -ComputerName <Front End Server to be patched> 
    The server is returned to service.
  5. Repeat Steps 2-4 for each server that needs to be upgraded.

To apply the update to a back end server or Standard Edition server

  1. Log on to the server you are upgrading as a member of the CsAdministrator role.
  2. Start the Skype for Business Server Management Shell: Click Start, click All Programs, click Skype for Business 2015, and then click Skype for Business Server Management Shell.
  3. Stop Skype for Business Server services. At the command line, type:
    Stop-CsWindowsService 
  4. Stop the World Wide Web service. At the command line, type:
    net stop w3svc 
  5. Close all Skype for Business Server Management Shell windows.
  6. Run the Cumulative Server Update Installer and click Install Updates to upgrade the server role.

    You can also run the following parameters together with the SkypeServerUpdateInstaller.exe command:
     
    • The /silentmode switch applies all applicable updates in the background.
    • The /silentmode /forcereboot switch applies all applicable updates in the background, and then automatically restarts the server at the end of the installation process if this is necessary.
    • The /extractall switch extracts the updates from the installer, and saves the updates in a subfolder that is named "Extracted" in the folder in which you ran the command.
  7. Start the Skype for Business Server Management Shell: Click Start, click All Programs, click Skype for Business 2015, and then click Skype for Business Server Management Shell.
  8. Stop Skype for Business Server services again to catch Global Assembly Cache (GAC) –d assemblies. At the command line, type:
    Stop-CsWindowsService 
  9. Restart the World Wide Web service. At the command line, type:
    net start w3svc 
  10. Apply the changes made to the SQL Server databases by doing one of the following:

    Note When you run the Install-CsDatabase cmdlet, you will receive an error that you can safely ignore. The error message in the request is expected if you are updating the database on a computer that isn't hosting the Central Management Store.
     
    • If this is an Enterprise Edition Back End Server and there are no collocated databases on this server, such as Archiving or Monitoring databases, then type the following at a command line:
      Install-CsDatabase -Update -ConfiguredDatabases -SqlServerFqdn <SQL Server FQDN> 
    • If this is an Enterprise Edition Back End Server and there are collocated databases on this server, then type the following at a command line:
      Install-CsDatabase -Update -ConfiguredDatabases -SqlServerFqdn <SQL Server FQDN>  -ExcludeCollocatedStores 
    • If this is an Standard Edition server, type the following at a command line:
      Install-CsDatabase -Update -LocalDatabases 

AS always - Happy SKYPE'ing

fredag den 21. april 2017

CallerID control in Office365 CloudPBX

When using CloudPBX with PSTN Calling, you are able to control the number that is shown when a user is dialing out - when the PSTN Calling feature was in preview this was done with CsCallerIDPolicy's but they have been deprecated, and a shiny new set of CMD-LET's have been introduced in order to control this.

Meaning that 
Get-CsCallerIdPolicy 
New-CsCallerIdPolicy 
Set-CsCallerIdPolicy 
Grant-CsCallerIdPolicy 
Remove-cscalleridpolicy
Can no longer be used.

Instead this is how to do it.

If you want to have a look at your current policyes - NOTE: If you havent yet played with this only the default "global" policy wil be shown.
NOTE: This must be run in an online powershell against your SKYPE for Business online subscription.
If you need help to open such a shell please look here: https://technet.microsoft.com/en-us/library/dn362795(v=ocs.15).aspx

To view current policyes run
Get-CSCallingLineIdentity

When creating new policyes you have the choice to either make a Servicenumber policy, which will show a Servicenumber for outgoing calls, this could be an Autoattendant or a Call Queue.
OR you could choose to make the policy show "anonymous" meaning NO CallerId is presented.

To create a policy for servicenumbers type:
New-CsCallingLineIdentity -Identity "US_Call_Queue" -CallingIdSubstitute "Service" -ServiceNumber "14255522020" -EnableUserOverride $False -Verbose

To create a policy for anonymous type:
New-CsCallingLineIdentity -Identity "CallerIDAnonymous -Description "anonymous policy" -CallingIDSubstitute Anonymous -EnableUserOverride $false

Note this:
  • Identity must be unique.
  • ServiceNumber must be a valid Service Number in the Skype for Business Online Telephone Number Inventory.
  • If CallerIdSubstitute is given as “Service”, then ServiceNumber cannot be empty

 For both types it is also possible to actually prevent incoming calls from showing callerID do this by adding
-BlockIncomingPstnCallerID $true

If you made a mistake, or later need to change your policy either remove them with

Remove-CSCallinglineIdentity

Or by using the SET cmd-let

Set-CsCallingLineIdentity -Identity "CallerIDAnonymous -BlockIncomingPstnCallerID $true 

Now finally - you want to make all this happen, meaning granting the policy to your users.
This is straightforward.

Grant-CsCallingLineIdentity -PolicyName Anonymous -Identity test.user@contoso.com
Or by piping - so for instance.

Get-csonlineuser -Filter {LineURI -like “tel:+45*”}| Grant-CsCallingLineIdentity
-PolicyName Anonymous

AS always - HAPPY SKYPE'ing. :)

torsdag den 2. februar 2017

The CSAddressBook Guide

Hi ! :)

I wery often get the question - "We updated this or that in AD - but our clients are not reflecting changes" or worse, clients are reflecting both old and updated info.

So i decided to do this guide on how to get on top of things on the SKYPE for Business/ LYNC address book updating topic.

So lets assume that you have a standard environment with AD - SKYPE for Business server 2015 and Office 2013/2016 - and have changed the phone number on a specific user in AD.

First off - if you don't do any manual work, the SFB server will automatically update the userdatabase and addressbooks at 1:30AM - And the the clients will update accordingly depending on the settings in the client Policy in SFB.

So let's go through manually updating this.

First of after changing info in Active Directory Users and Computers - make sure your GC's have replicated.
The go to "Skype for Business Management Shell" and run update-csuserdatabase
This will connect to AD and get the latest userinfo and update in the Backend SQL database.

Goto Event Viewer in the "LYNC" portion of "Applications and services Logs"
And wait for this event:
Now replication is running.

The wait for it to finish with this event:

Now its tome to update the addressbook files on the SFB File Share.

Go back to The SFB Management Shell and run "update-csaddressbook"


The go back to event viewer and watch out for this event:
PLEASE NOTE: If you have a pool of more than one SFB server, this event can occur of any FrontEnd server:

Now wait for Synchronization to Finish:

During this Synchronization - you may come accros This Event:
This is due to either failing Normalization txt file, or type error in the phone numbers field in AD - open the Txt file found in the SFB FileShare - and go through the errors, and correct in AD.

IF the fail is due to a missing normalization file - please go back to your SFB fileshare and make shure that the text file called Company_Phone_Number_Normalization_Rules.txt exists in the ABFiles directory:
Also check that the addressbook service is actually configured to use this normalization file:
And lastly make sure that the regex in the file actually meets your company requirements, example above is for a Danish installation with 8 digit numbers in AD being converted to E.164

For a Fantastic article on this subject of Normalization alone - please goto Jeff Schertz great blog:
http://blog.schertz.name/2010/09/lync-2010-address-book-normalization/

SO - Now the Synchronization is complete - this means that the servers address book version is up to date - so now the fun begins - because you would expect that after signing out of back in your client, the number would be corrected - yes ? No ? Maybe ?
Well i have seen everyting from Next day to several days before changes appearing, and very common is the issues of both the new number and the old number showing - all this is down to client caching.
If you dont change anything your SFB client will make a local cache of the address book in the SIP_yoursipaddress@yoursipdomain.com folder in this path:
%appdata%\local\microsoft\Office\16.0\Lync (depending of Office version)
It is perfectly Safe to delete this folder entirely (after closing the SFB client) on sign in it will generate the folder again - and anywhere between 5 and 60 minutes your addressbook will cache again - BUT in smaller environments  - My recommendation is usually to disable this caching entirely by setting this setting in the Csclientpolicy:
set-csclientpolicy -addressbookavailability websearchonly

This force the SFB client to search directly in the servers addressbook - both from Lan and Internet.

this also has the great sideeffect, that you will never see the message "Please wait for address book to finish replicating" in your client - it just works.

BUT - the fun does not stop here - that client is very keen on finding the user that you want to contact, so by default it also searches Outlook - and in the Contacts folder in Outlook (since version 2013) there is actually a hidden folder called "Recipient cache" This i great for Outlook, but not so great for SFB - so i also recommend disabling this folder i local searches from the SFB client - by running this command:
set-csclientpolicy -excludedcontactfolders "Recipient Cache"


So now you can finally restart your client, let the new policyes apply, and finally se ONLY the updated info in your search - If your still see wrong info - please make sure you dont have your own copy of this person in your contacts in Outlook.

Happy SKYPE'ing.

fredag den 13. januar 2017

Not-So-Busy on Busy

If you are familiar with the new SKYPE for Business feature BusyOnBusy introduced in CU2 in 2016 - you are perhaps also using this great little feature - then there is a small thing to make a note of.
If you either plan to or already is running your mailbox from Office365 - then please note that the VoicemailOnBusy actiontype will not work (outofthebox at least) - Because (strange as i may seem) the BusyOptions feature set was designed for Onprem only - and therefore hosted Voicemail is not supported - and wont work.

See if you have it enabled by running get-csvoicepolicy

The Basic BusyOnBusy function will still work great, only Voicemailonbusy as actiontype is not supported.

IF you ARE running 365 UM and still want busyonbusy with choice of Voicemail - you would have to run to 3.rd party solution like ex Routingagent from Competella.

BytheWay here is an MS article on how to activate the feature:
https://technet.microsoft.com/en-us/library/mt750458.aspx

Or turn to my blog post on the subject:
http://lyncvoice.blogspot.dk/2016/06/busy-on-busy-for-sfb-get-started.html

The "Feature" of missing 365 UM support is documented here:
https://support.microsoft.com/en-us/kb/3168736

As always Happy SKYPE'ing

tirsdag den 13. december 2016

December 16 Client patches SFB

Hi and Almost merry Christimas :)

This client patch is litteraly packed with fixes - it updates the Office 2013-based Lync/SfB client from 15.0.4875.1001 to 15.0.4885.1000

Download is available here:
The update is available for download from the Microsoft Download Center.

32-bit
64-bit

Which fixes are included.

This update fixes the following issues:
Happy SKYPE'ing