Got some weird errors on our new Skype for Business server install. After a straight forward install users was unable to login from external and some issues regarding conferences. Skype services seemed to start but ended up running with unknown details when get-windowsservices. Also we had one error in the eventviewer on frontende server.
The most important clue was : CA_Failure: InternalError . So this pointed towards a certificate error. What could be wrong with the CA server (A windows server 2016 Enterprise Root CA).
Encryption key lengths of 1024, 2048, and 4096 are supported. Key lengths of 2048 and greater are recommended.
The default digest, or hash signing, algorithm is RSA. The ECDH_P256, ECDH_P384, and ECDH_P521 algorithms are also supported.
Once again check CA configuration:
This CA was installed with the ECDSA_P256 CSP, We did not have the option to reinstall/migrate the CA to a supported version, so our workaround was to install a new standalone CA using RSA256 CSP and use this CA to issue certificates for Edge server internal and frontend certificate. (We published the new CA public key to clients using GPO).
After we assigned the new certificates and rebooted it all seems to work OK. The new certs are now RSA256
To see information stored in SfB addresslist you can dump its content to a text file:
C:\Program Files\Skype for Business Server 2015\Server\Core>abserver -dumpfile “\\\1-WebServices-1\ABFiles\00000000-0000-0000-00 00-000000000000\00000000-0000-0000-0000-000000000000\f-195a.lsabs” c:\temp\sdump.txt
Have done several upgrades from Lync 2013 to Skype for Business 2015, so this last one should be no different, but faith had other plans.
Installed topology builder on a new computer and prepared the upgrade process. But when a bit into the upgrade it failed.
Error: Error returned while installing OcsCore.msi(Feature_LocalMgmtStore), code 1603. Error Message: A fatal error occurred during installation. For more details please consult log at C:\Users\paupav\AppData\Local\Temp\Add-OcsCore.msi-Feature_LocalMgmtStore-[2018_10_17][14_05_11].log
As most people know a MSI error of 1603 tells us as much as “An error occurred”. Tried do some reboots and retried, but nothing helped. With no idea of what could possibly be wrong, I was browsing for ideas or hints the usual places: Eventviewer, Windows explorer (free diskspace, files and folders), services, policies, and finally windows update settings and history. One clue (except that is was error 1603) there was 1 SfB update installed (probably because I selected the installer to check for updates). Thougt it was strange that there should be one update since I has not yet managed to install any SfB software.
So simple. Uninstalled the update , rebooted and the upgrade from now on went flawless.
This event started to appear every 20 seconds or so. The Skype for Business servers had recently been patched. In the patch list was updates to .Net framework. Included in these patches is a security update that resolves an security bypass feature. https://support.microsoft.com/en-us/help/4014510/description-of-the-security-and-quality-rollup-for-the-net-framework-4 . To solve this all I had to do was add the required registry key : HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319 – DWORD: RequireCertificateEKUs=0 and restart the “Skype for Business Server Web Conferencing” service. The fix can be applied to Lync server 2013 as well.
Some users was missing in Office 365 Skype admin center. I verified that they had a Skype license plan assigned. Tried to remove and readd – did not help. These users are replicated from on premise to cloud using Azure AD sync. Turned out these users had previously been Lync enabled on on premise Lync server. Compared all ActiveDirectory attributes, and the only one that make any sense was msRTCSIP-DeploymentLocator.
The attribute did not have any value that I reacted to when I first saw it, But I cleared the value and ran a sync to O365.
Cleared it by opening the Attribute and pressed Clear button.
After the sync to Azure the user finally appeared in O365 Skype Admin Center.
This is a rather confusing event. It occurs on the Exchange server 2010 that is holding the Unified Messaging role. “The following UM IP gateways did not respond as expected to a SIP OPTIONS request”, and at the end “This operation has timed out”. The server mentioned in the erro is, in this senario, the Lync server.
I thought I knew this PKI stuff and I was sure that all my certificates where correct. Also when telneting for the exchange server to the Lync server on port 5061 there was most defiantly an answer – No timeout”. After a while a decided to do all my certificates all over. Replacing the Lync , of course made no difference. When replacing the exchange certificate I change the SN to be the FQDN of the server, This did the trick. The error message disappeared. So now I remember that on Exchange UM server keep FQDN as Subject name and place all other names as SAN’s
After you install KB3101496 missed phone calls are no longer displayed in Lync 2013/Skype. All other Lync functionality is ok. You will be notified about missed conversation and conversation. The only thing that I have noticed is that missed phone calls are not appearing in the list. After uninstalling this update everything went back to normale.
(UPDATED) After we installed the Latest Lync server 2013 security fix (Security Update for Lync Server 2013 Web Components Server KB3080353) we have had severeal issues where users where unable to sign in to Lync. This was the server complaining about the client certificate , normally it is the client complaining about the server certificate.
Particulary users homed on VDI or Citrix /RDS and also some CommonareaPhones where affected. Inspecting the client log from a user login revealed :
There was an error communicating with the endpoint at ‘https://lyncserver.domain.local/WebTicket/WebTicketService.svc/mex’.
The server returned HTTP status code ‘500 (0x1F
09/18/2015|11:34:46.551 46A8:461C INFO :: CUccPlatform::WriteStreamToLog:
09/18/2015|11:34:46.551 46A8:461C INFO :: 4)’ with text ‘Internal Server Error’.
The server was unable to process the request.
Latest issue was kind of a puzzle. When one organization sent Skype meeting invitation to another organization it was impossible to click on the meeting in the schedule tab of Skype/Lync.
“Join” functionality missing from sceduler tab in Skype or Lync.
Right click on the meeting gave nothing. The links in Outlook and OWA did work thoe. At first we thought it was something wrong with the client installation, but several reinstalls and updates later the conclution was that there had to be something wrong with the calendar entry.
I’m trying to installing a solution by Acano to integrating different AV conferencing solutions with Lync. Installing it in a split server solution (one edge server in DMZ and one core server in server LAN). Will post the final howto guide when it is installed, as I think the documentation is not that well explained.
Tried to install S4B server 2015 in my lab. Tried this from a computer with no internet access, also I did not install any prerequisites.
“Error: Prerequisite installation failed: Prerequisite installation failed: SqlInstanceRtc For more information, check your SQL Server log files. Log files are in the folder C:\Program Files\Microsoft SQL Server\MSSQL*.Rtc\MSSQL\Log, where the * represents your SQL Server version number. For example, SQL Server 2012 uses this path: C:\Program Files\Microsoft SQL Server\MSSQL11.Rtc\MSSQL\Log.”
You have several dialplans and voicepolicies in your Lync organization and the default “Global” has no PSTN usage or route. Next you create a workflow,Queue and group, on the Queue you specify a overflow or timeout action. You define an external phone number that should be used when overflowing or timeout action is reached.
When you test this – the call is abandoned when the timeout limit is reached. The reasen for this is probably that the responsegroup does not have a dialplan or/and voice policy. This is how to solve this:
First get the information for the workflow that handles the call: