To segregate companies in Lync we would use the msRTCSIP-GroupingID attribute on the user Object.
Default value for this attibute is “<not set>”
This would as expected result in the default addresslist 00000…….
If we add a value to the attribute i.e : 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
After adding this new value I would normally run :> update-csaddresslist
We now get a new a addresslist based on the msRTCSIP-GroupingID value.
This will be the addresslist users searches from Lync.
After I install i new Lync 2013 solution I’m always so keen to start testing. One of the first things I do is to start Lync 2013 on my Windows Phone. As soon as I see the error Message “Please install Lync 2010 …” I know that I have forgotten to install the Lync Server 2013 CU…
| We have tried several products, but for the time being PEXiP Infinity is our preferred choice. It is easy to deploy and the price seems right. Deployment of a new solution can be done in minutes. Upload the Pexip management node to your VMware host and use Pexip to deploy the number of conferencing nodes your solution would require – usually 1 or 2. As we all know Lync servers are rather strict when it come to certificates, so you will have to buy one sertificate for the main conference node. Also publish the normal Lync federation DNS records (srv record _sipfederationtls._tcp.your.domain 0 5061) for the Pexip system as it will pretend to be a Lync edge server. Now it is possible to call a pexip video conference room from Lync. In version 4, coming in April 2014,desktop sharing will be possible. Now that we have this pexip Virtual Meeting room – Cisco ,Polycom and Lync can Connect and share content.The only thing missing at the moment is a good solution to manager your Meeting, at the moment you will need a iphone or Ipad but this will change and become a web Interface. |
 |
Installed Lync 2013 on a Windows 2012R2 server. When I login with an external Lync Client there are no photos of internal users. A validation shows that the thumbnailPhoto attribute has bin populated with images of the correct size.
If the client Connect directly to the frontend server photos are presented correctly.
An examination of the Lync Addressbook shows the addressbook files and also the photo files. The photo files are renamed jpg files exported from Active Directory. The Lync server create these PHOTO files when a client request photos of users. Since these photos are placed in the addressbook folder they are downloaded through https to the Lync Client.
Running netstat on Lync front end did not show any TCP Connection from reverseproxy server !
A network monitor show that connection are reset after half a TLS 1.2 handshake – a strong indication that there is something wrong with ssl/tls. Revalidated all sertificates and also publishing rules on F5 reverseproxy.
Used Bing to find any issues regarding TLS 1.2 and Windows 2012 R2, and yes, someone have hade the same issue. Entered registry keys as below – rebooted and now it works –
To Resolve this issue do the following:
– On the Lync 2013 server open the registry and browse to the following location: HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols
– Create the following Key under Protocol: TLS 1.2
– Create the following two Keys under TLS 1.2: Client and Server
– Create the following DWORDs under both the Client and Server Key: DisabledByDefault and Enabled
– Under both Client and Server set the following: DisabledByDefault=1 and Enabled =0
– Reboot the server.
Entering these keys Disables TLS 1.2 on the server forcing the client and server to communicate over TLS 1.1.
Good Luck,
Matt
How do I check and enable Lync UCS?
First of all you need Exchange 2013 , then make sure you have enabled UCS in Lync server. By running get-csuserservicesPolicy and verify it has been set to UCSAllowed=TRUE
Next check you client policy. Get-CsClientPolicy should show you “EnableExchangeContactSync = true” for the policy assigned to your user.
If you run the latest rollup for Lync server 2013 you get the ability to run Debug-CsUnifiedContactStore to check the UCS status of you Lync server installation. PS: This commandlet did not exist in Lync server 2013 RTM , I’am running cumulative update from January 8th.
You can even test UCS for a specific user. In this example the test user has never logged on the Outlook Account.
You would get result like “Disabled” if “EnableExchangeContactSync” is false. If EECS is true you could get : Ready to Migrate or Migrated, enabled.
This can be validated in the Lync Client. Hold down CTRL and right click on the Lync icon in the statusbar – Select Configuration Information.
Look for “Contact List Provider”. If it is UCS you are done. If it is “Lync Server” – Close exit Your Lync Client and restart it.
A lot of common area phones suddenly displayed “Your account has been locked.”. This was strange since we did not define any lockout policies. To see if any phone are lockedout:
get-cscommonareaphone | get-csclientpininfo | ft Identity,islockedout
To unlock an account use :
unlock-csclientpin
When you try to get all properties of an ActiveDirectory Object using PowerShell you get an error.
You would typically run some command like:
Get-ADUser -Identity someone -Properties * . This will return an unexpected error.
Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
At line:1 char:1
+ Get-ADUser pilot1 -Properties *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (pilot1:ADUser) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
The workaround is to pipe AD Object to GET- ADObject like this:
Get-ADUser – identity someone | Get-ADObject -Properties *
This is probably a bug in Windows 2012R2 and Windows 8.1
There was a change in RBAC. Group managers are not able to add or remove members of a distribution Group even if it seems so in the Exchange Management Console.
The only options in ECP was to give them the additional permission to great and remove groups. You can create a new role that will enable this permission again. Thanks to Matthew Byrd at Microsoft who has created a Powershell script that does this for us.
Had problem with som Lync Phones (Polycom CX600). That suddenly stop signing in. Did a reset to factory deafult and the issues remained. Solution was to login with extension and pin and then connect the phone to PC using USB and login. Now I was able to login the phone using Lync client. This procedure was repeated on several phones. It seems to me that a factory default does not completely remove all old settings.
Often we have to troubleshoot routing and firewall rules as seen from a client on a internal client subnets. I use PSEXEC and PORTQRY from Microsoft. This will work if it is a Windows pc and I have permissions to connect to it. Run these commands from a server in the server lan
I try to check if the port is open from the client to server (10.10.10.100) :
PsExec.exe
\\clientpc.domain.local -c portqry.exe
-n 10.10.10.100 -P TCP -e 443
If this fails I will run a tracert from the client to the server IP (10.10.10.100):
PsExec.exe
\\clientpc.domain.local tracert -h 8 -d
10.10.10.100
Tried to move a mailbox from Exchange 2010 to Exchange 2013, but the job would take forever. Status for the job was “StalledDueToCI” ( Get-MoveRequest | Get-MoveRequestStatistics | ft mailboxidentity,status ). I suspected this had something to do with ContentIndexing. And infact it does. Tried to reset Search index for the database containing the failed mailbox.
To reset Exchange search index for a database:
1.Stop Exchange search services:
2.Delete the search folder. Usually a folder inside the folder containing the database.
3.Start Exchange search service.
4. Check Index crawler status to see when it has finished: Get-MailboxDatabaseCopyStatus -Server <servername>| FL Name,*Index*
This worked for some short time. But it would fall back to failed.
After some time searching the Internet found some people claiming that this is a bug and that you would have to create a group i Active Directory named ContentSubmitters. After Checking Exchange Setup Validation http://technet.microsoft.com/en-us/library/bb125224(v=exchg.150).aspx I did not find this group mentioned.
I do not like to do anything whitout knowing why so I tried to find a Microsoft article describing this issue. And there it is : http://support.microsoft.com/kb/2807668
Turned out there are 2 solutions to the problem.
1. Create the Active Directory group.
Or.
2. Disable Exchange 2013 from using/checking the group existense.
If you use PowerShell to list members of dynamic distribution Groups in Exchange 2013 you would probably see more entries than expected. The PowerShell commands
$dgr=Get-DynamicDistributionGroup “GroupNAme”
Get-Recipient -RecipientPreviewFilter $dgr.RecipientFilter
does not take in to consideration OU filtering. If you look at $dgr.RecipientFiler it only contains the other attributes.
I do not know if this is a bug or by design.
This is my HolidaySet editor for Lync 2013/2010 RGS. It is created in Powershell. This is version 1.1 and is working “Perfectly” in my environment. Code needs som tidying up and commenting. Please do not copy, but link to it since I will update it with more info and features.
HolidaySetEditorV11.ps1 (11.2KB)
What does the “Enable Remote Logs” on a Lync Phone edition meen?
This is a feature for you to get logfiles from a phone that is not signed into. If someone are logged into the phone – Remote log Access will not work.
If you enable this feature on the phone it is possible to ftp to the phone and download log files. Remember that you will need a Microsoft support tool to be able to read them properly.
Step1: Enable “Remote Log Access”
Step2: Find the phone’s IP address in the system information menu.
Step3: FTP to the IP address and log in as anonymous to download log files.
Microsoft have a page with links to all Lync downloadabels.
http://technet.microsoft.com/en-us/lync/dn146015.aspx
