Category Archives: Lync

Make sure you have the correct CSP for Your CA

Got some weird errors on our new Skype for Business server install. After a straight forward install users was unable to login from external and some issues regarding conferences. Skype services seemed to start but ended up running with unknown details when get-windowsservices. Also we had one error in the eventviewer on frontende server.

The most important clue was : CA_Failure: InternalError . So this pointed towards a certificate error. What could be wrong with the CA server (A windows server 2016 Enterprise Root CA).

This was the first time I have seen a ECDSA CSP used. Next was to verify S4B requirements. https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/requirements-for-your-environment/environmental-requirement

  • Encryption key lengths of 1024, 2048, and 4096 are supported. Key lengths of 2048 and greater are recommended.
  • The default digest, or hash signing, algorithm is RSA. The ECDH_P256, ECDH_P384, and ECDH_P521 algorithms are also supported.

Once again check CA configuration:

This CA was installed with the ECDSA_P256 CSP, We did not have the option to reinstall/migrate the CA to a supported version, so our workaround was to install a new standalone CA using RSA256 CSP and use this CA to issue certificates for Edge server internal and frontend certificate. (We published the new CA public key to clients using GPO).

After we assigned the new certificates and rebooted it all seems to work OK. The new certs are now RSA256

Upgrade to Skype for Business failed. Error 1603

Have done several upgrades from Lync 2013 to Skype for Business 2015, so this last one should be no different, but faith had other plans.

Installed topology builder on a new computer and prepared the upgrade process. But when a bit into the upgrade it failed.

Error: Error returned while installing OcsCore.msi(Feature_LocalMgmtStore), code 1603. Error Message: A fatal error occurred during installation. For more details please consult log at C:\Users\paupav\AppData\Local\Temp\Add-OcsCore.msi-Feature_LocalMgmtStore-[2018_10_17][14_05_11].log

As most people know a MSI error of 1603 tells us as much as “An error occurred”. Tried do some reboots and retried, but nothing helped. With no idea of what could possibly be wrong, I was browsing for ideas or hints the usual places: Eventviewer, Windows explorer (free diskspace, files and folders), services, policies, and finally  windows update settings and history.  One clue (except that is was error 1603) there was 1 SfB update installed (probably because I selected the installer to check for updates). Thougt it was strange that there should be one update since I has not yet managed to install any SfB software. 

So simple. Uninstalled the update , rebooted and the upgrade from now on went flawless.

No connectivity with any of Web Conferencing Servers.

This event started to appear every 20 seconds or so. The Skype for Business servers had recently been patched. In the patch list was updates to .Net framework. Included in these patches is a security update that resolves an security bypass feature. https://support.microsoft.com/en-us/help/4014510/description-of-the-security-and-quality-rollup-for-the-net-framework-4 . To solve this all I had to do was add the required registry key : HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319          –   DWORD: RequireCertificateEKUs=0 and restart the “Skype for Business Server Web Conferencing” service.  The fix can be applied to Lync server 2013 as well.

Unable to create a new Skype meeting from Outlook.

When trying to create a new Skype meeting from Outlook we get the message “The request failed. Please try again. Make sure that you are signed in to Skype for Business.” skype

First solution was to clear outlook name cache. This solves the problem for a short while.

A better workaround is to disable outlook the use of UCAddin.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Lync\AddinPreference]
“RecipientResolutionMode”=dword:00000002

Then close and restart Lync/S4B. This is a “bug” in a windows update to the Skype client.

 

Lync Licensed user is not showing up in Lync Admin Center

Some users was missing in Office 365 Skype admin center. I verified that they had a Skype license plan assigned. Tried to remove and readd – did not help. These users are replicated from on premise to cloud using Azure AD sync. Turned out these users had previously been Lync enabled on on premise Lync server. Compared all ActiveDirectory attributes, and the only one that make any sense was msRTCSIP-DeploymentLocator. msrtcdeployment

The attribute did not have any value that I reacted to when I first saw it, But I cleared the value and ran a sync to O365.

msrtcdeployment2Cleared it by opening the Attribute and pressed Clear button.

After the sync to Azure the user finally appeared in O365 Skype Admin Center.

 

Exchange UM event ID 1400

This is a rather confusing event. It occurs on the Exchange server 2010 that is holding the Unified Messaging role. “The following UM IP gateways did not respond as expected to a SIP OPTIONS request”, and at the end “This operation has timed out”. The server mentioned in the erro is, in this senario, the Lync server.exevent1400

I thought I knew this PKI stuff and I was sure that all my certificates where correct. Also when telneting for the exchange server to the Lync server on port 5061 there was most defiantly an answer – No timeout”. After a while a decided to do all my certificates all over. Replacing the Lync ,  of course made no difference. When replacing the exchange certificate I change the SN to be the FQDN of the server, This did the trick. The error message disappeared. So now I remember that on Exchange UM server keep FQDN as Subject name and place all other names as SAN’s

KB3101496 and missing “missed calls” log

Lync2013Latest News March 2016: https://support.microsoft.com/en-us/kb/3136400 . This is what we also discovere. But users did not want voicemail.  With the patch from February it seems to be solved.         

After you install KB3101496 missed phone calls are  no longer displayed in Lync 2013/Skype. All other Lync functionality is ok. You will be notified about missed conversation and conversation. The only thing that I have noticed is that missed phone calls are not appearing in the list. After uninstalling this update everything went back to normale.

 

Lync server security fix KB3080353 causing problems.

(UPDATED) After we installed the Latest Lync server 2013 security fix (Security Update for Lync Server 2013 Web Components Server KB3080353) we have had severeal issues where users where unable to sign in to  Lync. This was the server complaining about the client certificate , normally it is the client complaining about the server certificate.

LyncCertError

Particulary users homed on VDI or Citrix /RDS and also some CommonareaPhones where affected. Inspecting the client log from a user login revealed :

Error:
There was an error communicating with the endpoint at ‘https://lyncserver.domain.local/WebTicket/WebTicketService.svc/mex’.
The server returned HTTP status code ‘500 (0x1F
09/18/2015|11:34:46.551 46A8:461C INFO  :: CUccPlatform::WriteStreamToLog:
09/18/2015|11:34:46.551 46A8:461C INFO  :: 4)’ with text ‘Internal Server Error’.
The server was unable to process the request.

Continue reading Lync server security fix KB3080353 causing problems.

Unable to join Lync\S4B from client schedule tab.

skypeLatest issue was kind of a puzzle. When one organization sent Skype meeting invitation to another organization it was impossible to click on the meeting in the schedule tab of Skype/Lync.

“Join” functionality missing from sceduler tab in Skype or Lync.

s4b

Right click on the meeting gave nothing. The links in Outlook and OWA did work thoe. At first we thought it was something wrong with the client installation, but several reinstalls and updates later the conclution was that there had to be something wrong with the calendar entry.

Continue reading Unable to join Lync\S4B from client schedule tab.

Error installing Skype for Business server 2015

Tried to install S4B server 2015 in my lab. Tried this from a computer with no internet access, also I did not install any prerequisites.

Error: Prerequisite installation failed: Prerequisite installation failed: SqlInstanceRtc For more information, check your SQL Server log files. Log files are in the folder C:\Program Files\Microsoft SQL Server\MSSQL*.Rtc\MSSQL\Log, where the * represents your SQL Server version number. For example, SQL Server 2012 uses this path: C:\Program Files\Microsoft SQL Server\MSSQL11.Rtc\MSSQL\Log.”

installerror

Continue reading Error installing Skype for Business server 2015

Allow responsegroup to forward to an external contact.

You have several dialplans and voicepolicies  in your Lync organization and the default “Global” has no PSTN usage or route. Next you create a workflow,Queue and group, on the Queue you specify a overflow or timeout action. You define an external phone number that should be used when overflowing or timeout action is reached.

When you test this – the call is abandoned when the timeout limit is reached. The reasen for this is probably that the responsegroup does not have a dialplan or/and voice policy.  This is how to solve this:

First get the information for the workflow that handles the call:

Get-CsApplicationEndpoint -Identity responseg* | fl *

Next assign voice policy and dialplan:

Grant-CsVoicePolicy -Identity “sip:[email protected]” -PolicyName “Company Voice Policy”
Grant-CsDialPlan -Identity “sip:[email protected]” -PolicyName “Company”

Lync voice messages does not arrive in the mailbox.

exchangeIt is time to remind me to always check Exchange for existence of receive connectors and their scoping. In this case users where able to record voice messages, but they never arrived in recipients mailbox. Checked the Exchange server event Viewer. Continue reading Lync voice messages does not arrive in the mailbox.