Tuesday, May 24, 2016

Conferencing Modalities No Longer Function - MS16-065

Microsoft recently published a KB article related to a security bulletin MS16-065:

Symptoms
After you install the Microsoft .NET Framework Security Update MS16-065 on a Front End or Standard Edition server for Lync Server 2010, Lync Server 2013, or Skype for Business Server 2015, several conferencing modalities no longer function for internal users.

For a complete list of the .NET Framework updates that can cause this problem, see the 
Microsoft Security Bulletin MS16-065 - Important topic on the Microsoft TechNet website.

The following are known modalities affected by this issue:

·         Whiteboards
·         Uploading PowerPoint Presentations
·         Sharing Notes
·         Polls
·         Q&A

The error messages that users may receive when this problem occurs include the following:
·         We can’t connect to the server for presenting right now.
·         Network issues are keeping you from sharing notes and presenting whiteboards, polls and uploaded Pow…
·         An error occurred during the Skype Meeting.


I ran into this but it was not immediately apparent to which KB's this correlates to so I thought I would list out the ones that will cause this behavior and save someone else some time hunting:

Server 2008 R2:

KB3142024
KB3142033
KB3142037

Server 2012:

KB3142025
KB3142032
KB3142035

Server 2012 R2:

KB3142026
KB3142030

KB3142036


Update:


This also breaks the Lync Web App in Lync Server 2010 which is not documented in the KB at the time of this post. You will also need to add the following reg keys in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\System.Net.ServicePointManager.SchSendAuxRecord]:

DWORD Name: C:\Program Files\Microsoft Lync Server 2010\OCSMCU\Web Meeting Conferencing\MeetingMCUSvc.exe
DWORD Value: 0

DWORD Name: C:\Windows\System32\inetsrv\w3wp.exe
DWORD Value: 0

Then restart the RTCMEETINGMCU service as well as perform an IISReset.

Friday, May 6, 2016

Mobility - Topology Doesn't Have Required SIP Listening Port Setting

I had a client with a Lync 2010 deployment recently phone me and tell me that some users were unable to login to their mobile client when outside of the organization. The first thing I did was check the MCX service on the pool that the users were homed to. I was immediately greeted with Server Error in MCX application:


I attempted to recycle the external MCX application pool which typically fixed this issue, however it did not resolve it. I then started digging through the event logs on the server and noticed the following error Application Event ID 1309:


To which the following portion of the error specifically caught my eye:

Exception message: Topology doesn't have required sip listening port setting

I then ran:

Get-CsService -Identity WebServer:FQDNOFFEPOOL.com


Which showed that the value for McXSipExternalListeningPort was $null:


Then I ran the following to set the MCX External Listening and Primary Listening ports to the correct values:

Set-CsWebServer -McxSipExternalListeningPort 5087 -McxSipPrimaryListeningPort 5086 -Identity WebServer:FRONENDSERVERFQDN.com


Then running the get-csservice command again showed that the values were correct:



At which point I invoked CMS replication, verified it had completed replicating and then performed and IISReset and the mobility service was working once again:



Thursday, February 18, 2016

How to Disable Interfaces on AudioCodes Mediant 1000

One of our clients recently rolled out AudioCodes Element Management System (EMS) and noticed that they were receiving a lot of alarms about interfaces being down. You might also see these alarms show up on the gateway management page:




I wasn't able to find much online in the way of how to administratively down or disable the alarms on each gateway so I opened a support ticket figured it out and thought I should post this in the event that anyone else out there also needs to do this. 

First login to your gateway and determine which interface you want to turn disable the alarm on. The interfaces are read on the top row beginning as GB_0_1 on the left and then going two, three, four, etc, if you have another row of interfaces then it would be GB_X_1 with X being 1-9




Once you have written down which interface you want to remove, expand VoIP -> Network -> and select Ethernet Groups Table:




Select Index 0 (or whichever index has the interface under the member column) and then click edit:




In the edit record window click the drop down of the member you want to remove, and change it to none:




Click submit, and your changes should show the Index as no longer having that interface listed:




You will then need to restart the gateway for the changes to take effect 

Monday, February 15, 2016

Lync Server 2013 Services by Server Type

The following is a list of each server role and the associated Lync server services for Lync 2013:


Enterprise Edition Front End:
Lync Server Application Sharing
Lync Server Audio Test Service
Lync Server Audio/Video Conferencing
Lync Server Bandwidth Policy Service (Authentication)
Lync Server Bandwidth Policy Service (Core)
Lync Server Call park
Lync Server Conferencing Announcement
Lync Server Conferencing Attendant
Lync Server File Transfer Agent
Lync Server Front-End
Lync Server IM Conferencing
Lync Server Master Replicator Agent
Lync Server Mediation
Lync Server Replica Replicator Agent
Lync Server Response group
Lync Server Web Conferencing
Lync Server Web Conferencing Compatibility

Standard Edition Front End:
Lync Server Application Sharing
Lync Server Audio Test Service
Lync Server Audio/Video Conferencing
Lync Server Bandwidth Policy Service (Authentication)
Lync Server Bandwidth Policy Service (Core)
Lync Server Call park
Lync Server Conferencing Announcement
Lync Server Conferencing Attendant
Lync Server Front-End
Lync Server IM Conferencing
Lync Server Mediation
Lync Server Replica Replicator Agent
Lync Server Response group
Lync Server Web Conferencing
Lync Server Web Conferencing Compatibility

Mediation:
Lync Server Front-End
Lync Server Mediation
Lync Server Replica Replicator Agent

SBA:
Lync Server Front-End
Lync Server Mediation
Lync Server Replica Replicator Agent

Edge:
Lync Server Access Edge
Lync Server Audio/Video Authentication
Lync Server Audio/Video Edge
Lync Server Replica Replicator Agent 

Friday, February 5, 2016

Skype for Business Hybrid Remote PowerShell

I recently began to start working on a couple hybrid deployments both internally and for clients. One of the first things that noticed was it was not as straight forward to get connected to remote PowerShell as it was for Azure AD or Exchange Online. The first thing to note is that if you are in a hybrid and you have your lyncdiscover.domain.com pointed to your on-premise environment you will be greeted with the following error:



Get-CsPowerShellEndpoint : Unable to connect to the remote server
At C:\Program Files\Common Files\Skype for Business
Online\Modules\SkypeOnlineConnector\SkypeOnlineConnectorStartup.psm1:94 char:26
+             $targetUri = Get-CsPowerShellEndpoint -TargetDomain $adminDomain
+                          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-CsPowerShellEndpoint], WebException
    + FullyQualifiedErrorId : System.Net.WebException,Microsoft.Rtc.Management.OnlineConnector.GetPowerShellEndpointCm

   Dlet

Normally the workaround that has been in place for this is to specify the -OverrideAdminDomain switch and specify your tenant. However I have recently learned that this does not always work. When I tried I was greated with the following error:


New-PSSession : [admin0b.online.lync.com] Processing data from remote server admin0b.online.lync.com failed with the
following error message: The specified tenant 'spscom.onmicrosoft.com' could not be found in current forest. Please
verify the tenant Identity and then try again. For more information, see the about_Remote_Troubleshooting Help topic.
At C:\Program Files\Common Files\Skype for Business
Online\Modules\SkypeOnlineConnector\SkypeOnlineConnectorStartup.psm1:118 char:16
+     $session = New-PSSession -ConnectionUri $ConnectionUri.Uri -Credential $webt ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
   gTransportException
    + FullyQualifiedErrorId : IncorrectProtocolVersion,PSSessionOpenFailed


I opened a ticket with Microsoft and we were able to get connectivity to work by specifying the -OverridePowerShellURI parameter, and then using the same URL that you access the control panel within O365:

New-CsOnlineSession –Credential $cred –OverridePowershellURI –OverridePowershellURI https://admin2a.online.lync.com/OcsPowershellLiveid”

We escalated this issue to the product group in which responded with the following:

There is a known issue currently where DomainUrlMap (what gets used for Autodiscovery) is only being populated with the domains of online enabled users. While our tenant does have some online enabled users, it would appear that those users are all on spscom.com – Autodiscover doesn’t know about the spscom.onmicrosoft.com domain so you get routed somewhat randomly when trying to resolve that domain.

There are two workarounds – 1) you could enable a user for spscom.onmicrosoft.com and subsequently disable it, once the domain is in the DomainUrlMap it should remain there, or 2) use “-OverrideAdminDomain spscom.com”, which is already in the DomainUrlMap.

Solution:

I created a new cloud only user with an onmicrosoft.com UPN, licensed them for Skype for Business Online, and then was able to sucessfully access remote PowerShell:


You can then remove the cloud only user it is only needed to add the onmicrosoft.com domain to the DomainUrlMap