No connectivity with any of Web Conferencing Servers.

This event started to appear every 20 seconds or so. The Skype for Business servers had recently been patched. In the patch list was updates to .Net framework. Included in these patches is a security update that resolves an security bypass feature. https://support.microsoft.com/en-us/help/4014510/description-of-the-security-and-quality-rollup-for-the-net-framework-4 . To solve this all I had to do was add the required registry key : HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319          –   DWORD: RequireCertificateEKUs=0 and restart the “Skype for Business Server Web Conferencing” service.  The fix can be applied to Lync server 2013 as well.

S4B – Error preparing forest.

Was installing a Skype for Business server the other day, and the simple task of preparing the forest failed. I am always on the alert when doing Active Directory forest wide tasks as prepare schema and prepare forest, so it is not fun to see error messages during these tasks.

prepareforestWhat now. It is no good feeling to see “Unrecoverable” and “You cannot retry this operation”. But I had to retry, and then there was a slight different error message.

prepareforest2I’ve had errors before, and at those cases the simple thing to do was to change from  “Local domain” to “Domain FQDN” in the “Universal Group Location” dialog box.

prepareforest3

This time there was nothing but lots of scary errors.

I know this domain has several trusts configured, so it looks like the wizard get confused of where to  put these groups. Next step was to run prepare forest from PowerShell so that I was able to provide all this information to the command.

Enable-CsAdForest -GroupDomain s4b.local -GroupDomainController s4b-dc1.s4b.local -GlobalCatalog s4b-dc1.s4b.local

And finally success. The command completed without warnings and errors.

Unable to create a new Skype meeting from Outlook.

When trying to create a new Skype meeting from Outlook we get the message “The request failed. Please try again. Make sure that you are signed in to Skype for Business.” skype

First solution was to clear outlook name cache. This solves the problem for a short while.

A better workaround is to disable outlook the use of UCAddin.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Lync\AddinPreference]
“RecipientResolutionMode”=dword:00000002

Then close and restart Lync/S4B. This is a “bug” in a windows update to the Skype client.

 

Lync Licensed user is not showing up in Lync Admin Center

Some users was missing in Office 365 Skype admin center. I verified that they had a Skype license plan assigned. Tried to remove and readd – did not help. These users are replicated from on premise to cloud using Azure AD sync. Turned out these users had previously been Lync enabled on on premise Lync server. Compared all ActiveDirectory attributes, and the only one that make any sense was msRTCSIP-DeploymentLocator. msrtcdeployment

The attribute did not have any value that I reacted to when I first saw it, But I cleared the value and ran a sync to O365.

msrtcdeployment2Cleared it by opening the Attribute and pressed Clear button.

After the sync to Azure the user finally appeared in O365 Skype Admin Center.

 

Forwarding email in Exchange

One common question from users are “How can I forward my email to my home mail?” or from a manager “How can we forward his/her mail to the external address?”. In fact in Exchange there is several possibilities, but most of them requires some administrator involvement. For users to forward their own email an administrator would have to allow it.

Users could define a forward using outlook. This requre the administartor to allow it. The administrator will have to set “AutoForwardEnabled” on “Remote Domain” : Set-remotedomain “*” -AutoForwardEnabled $true . This will ofcourse enable this for all users. They will be enables to send to det remote domain defined or all.

As an administrator you could create an exchange contact and sett this as forwarding on the mailbox in the EMC. Mailbox properties and mailbox features -> Mail flow ->delivery options: forward_emc1

forward_emcHere you can select an allready created Mail contact.

It can also be done from PowerShell, here you have one more option.forwardingaddress forwardanddeliverHer we can specify either a contact or a smtp address, but you can not use both at the same time.

set-mailbox demouser -forwardingsmtpaddress [email protected] -delivertomailboxandforward $true

This will sett forwarding for mailbox with alias demouser to [email protected] , and also deliver mail to both the forwarding address and the mailbox. One thing to notice is that for this to work you will have to add “dom.ex” as a remote domain in exchange.

 

 

Office 365 applications and high disk IO

After we installed office 365 on our pc’s we discovered high disk IO, especially on our terminal servers. Running tools from sysinternals this turned out to be something in Office installation called Telemetry, When we started office apps some file, in the profile folder structure, called OTELE was constantly updated. Not one file, but several.Telemetry3

After som time of investigation we found one registry key that seem interesting “DisableTelemetry”. The obvious thing to do was to set this value to 1 (binary enabled). But that did not help at all. When we started Oulook the value was set to “0”. Searching the internet gave us the answer from Microsoft (second hand 🙂 ) That this could not be disabled. But after a support case : It would have taken us forever to find the value. The answer is 170000 , telemetry2

Set the value to 170000 and all disk IO to OTelemetry stopped. Now our servers are back to normal, only a subset of files are created.Telemetry1Thanks to Jan Ove Aarnes for his findings.

Exchange UM event ID 1400

This is a rather confusing event. It occurs on the Exchange server 2010 that is holding the Unified Messaging role. “The following UM IP gateways did not respond as expected to a SIP OPTIONS request”, and at the end “This operation has timed out”. The server mentioned in the erro is, in this senario, the Lync server.exevent1400

I thought I knew this PKI stuff and I was sure that all my certificates where correct. Also when telneting for the exchange server to the Lync server on port 5061 there was most defiantly an answer – No timeout”. After a while a decided to do all my certificates all over. Replacing the Lync ,  of course made no difference. When replacing the exchange certificate I change the SN to be the FQDN of the server, This did the trick. The error message disappeared. So now I remember that on Exchange UM server keep FQDN as Subject name and place all other names as SAN’s

KB3101496 and missing “missed calls” log

Lync2013Latest News March 2016: https://support.microsoft.com/en-us/kb/3136400 . This is what we also discovere. But users did not want voicemail.  With the patch from February it seems to be solved.         

After you install KB3101496 missed phone calls are  no longer displayed in Lync 2013/Skype. All other Lync functionality is ok. You will be notified about missed conversation and conversation. The only thing that I have noticed is that missed phone calls are not appearing in the list. After uninstalling this update everything went back to normale.

 

Outlook : Flagged messages does not show in tasklist

OutlookFlagsOnce upon a time there was several on premise mailboxes. The follow up flags were working flawlessly from Outlook running in “online mode” on a RDS server. Someone installed hybrid mode and moved the mailboxes to O365. Now the user was really disappointed with the response from Outlook still running in Online Mode. One of the users got archive mailbox enabled. The primary mailbox was moved to on premise. We now got a new issue : It was possible to tag messages with flags, but they never appeared on the task list. Where do you start to troubleshoot this? Our first check is to see use OWA. Usually this will give us a hint if it is client or server side error. And …  it looked faulty in owa. So this seems to be a mailbox error. What to do next? We tried to run Outlook with command line parameters – in this case /resettodotab . And….. that did not help. Next we tried to create new outlook mapi profile, but that did not help either. Then a more drastic approach – we did a export and import of the entire mailbox from Outlook. During the import we did select to overwrite existing elements. We also selected to start Outlook using the same command line /resettodotab. This time it worked out fine. This was a time consuming approach so now we tried to move another mailbox, with the same problem, to another mailboxdatabase and that also worked fine. Conclusion for us was to move the troublesom mailbox to another mailbox database and start Outlook with command line /resettodotab, We did not try to uninstall any office patch , since we had this problem on both Outlook 2010 and Outlook 2013. This worked fine for small mailboxes (>500 MB) but not for larger ones.

Ended up creating a supportcase with Microsoft and the result of this is that this is an issue.  Senario is when a Exchange 2010 mailbox is moved to O365 (Exchange 2016) Legacy attributes are removed from the mailbox. These attributes does not exist when the mailbox is moved back to onprem (Exchange 2010) and there for issues like this will emerge.

Why does it help to move a small mailbox to a new database? According to MS support : when a small mailbox( less than 500 Mb) is moved to a new database a new content table is created,  this is not the case when you move a larger mailbox.

 

Outlook does not show online archive.

outlook2016In a hybrid environment we moved mailboxes from onprem to Office 365. Some of the users felt response from a mailbox in O365 was to slow so we enabled an archive mailbox in cloud and migrated the primary mailbox to onprem server. As soon as this was done the archive mailbox disappeared from Outlook. Tried running the “Microsoft Remote Connectivity Analyzer” witch return the unexpected result of :

<ErrorCode>603</ErrorCode>
<Message>The Active Directory user wasn’t found.</Message>

This was quite odd since the primary mailbox works in Outlook. Tried to compare to mailboxes , on where the archive was visible and one where it was not – they looked the same. Next I ran adsiedit to compare all values in ActiveDirectory for the two account. Nothing special, except one thing. On the one that did not work the AD attribute “msExchDelegateListBL” contained reference to an old onprem shared mailbox that had previously been moved to O365. Now this made som sense when Outlook run autodiscover it try to find and connect to all mailboxes that the user has been granted full access to. To solve this I had to use adsiedit on the active directory object of the old shared mailbox. Open properties for the mailbox and removed the problem user from  the attribute “msExchDelegateListLink”.

Lync server security fix KB3080353 causing problems.

(UPDATED) After we installed the Latest Lync server 2013 security fix (Security Update for Lync Server 2013 Web Components Server KB3080353) we have had severeal issues where users where unable to sign in to  Lync. This was the server complaining about the client certificate , normally it is the client complaining about the server certificate.

LyncCertError

Particulary users homed on VDI or Citrix /RDS and also some CommonareaPhones where affected. Inspecting the client log from a user login revealed :

Error:
There was an error communicating with the endpoint at ‘https://lyncserver.domain.local/WebTicket/WebTicketService.svc/mex’.
The server returned HTTP status code ‘500 (0x1F
09/18/2015|11:34:46.551 46A8:461C INFO  :: CUccPlatform::WriteStreamToLog:
09/18/2015|11:34:46.551 46A8:461C INFO  :: 4)’ with text ‘Internal Server Error’.
The server was unable to process the request.

Continue reading Lync server security fix KB3080353 causing problems.

-MS Stuff-