Monday, September 30, 2013

Lync Edge Server Replication failed FALSE with red cross

LYNC REPLICATION NOT WORKING

In a Lync Deployment, where we have installed Lync Edge Server, we see the Replication is not healthy. You will notice a red cross or in the Management Shell the Replication is not UpToDate: False.

If actually have telnet to the Edge Servers Port 4443, you realize that the port is open and working.
As well you can test access the service itself:
https://<edgeserver.fqdn>/replicationwebservice

Via this access, you also be able to validate the assigned internal Certificate and the Certificate Chain. If you encounter an error with trusted root certificate, you will end up adding it other Trusted Root Authorities.

Afterwards, you will still encounter the red cross, or false up-to-date status.

This is normal!
The Replication itself is working fine, but your Connectivity to the Edge is limited.
This mean we cannot query the service due to the SECURE CHANNEL limitation.

Solution:
Open REGEDIT
navigate to:

HKey_Local_Machine\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

add the new DWORD:
ClientAuthTrustMode Value=2

Now reboot the edge server. After it has restarted, you might need forcing the CMS to replicate:
Invoke-CsManagementStoreReplication

Problem is now solved...!

-----------------------

Documentation:

Validation:





Set new Registry Key on Edge Server:

Do not forget the reboot.

Verification:



---------------------------------------

NOTE:
I was asked a few time, what acually is happened if the SQL Server shows a Red Corss.
This is failed topolgy configuration and should be validated.
I post a correct few.
 

 

You should also validated your Get-CsManagementStoreReplicationStatus. There should be not SQL Server shown.



Wednesday, September 18, 2013

Lync 2013 Audio Gateway Debug Logging (Ferrari, AudioCodes, Dialogic, NET Quintum)


I need writing about Debug Logging on several ISDN Audio Gateways.

Please visit this article more frequently, since I will update all common vendors over the time.

---------------------------------------------------

First we need to identity tools we need for Debug Logging:

WireShark for PCAP file analysis: download
properly WireShark can be your Syslog Server too. it is not the best option, but under Capture Options, define a filter: upd port 514 and start your capture on the eth.
Syslog Server: download
Snooper if its Lync Mediation Server related: download (Lync 2013 Debug Tools)


---------------------------------------------------

Ferrari Electronics (Office Master):




updated soon....



---------------------------------------------------

AudioCodes (Mediant):

First we need to configure the Syslog Server:
Navigate to Management-> Management Setting-> Syslog Setting.


 Setting
 Value
 Description
 Syslog Server IP Address
 e.g. 192.168.1.1
 
 Syslog Server Port
 514
 
 Enable Syslog
 Enable
Enable = active
Disable = deactivated 
 Debug Level
 5
Set the depth for the logging details, 5 is debug logging
Step 0 off -> 7 full
 Analog Ports Filter
 -1
if needed for analog ports,
true = 1 
 Trunks Port Filter
 -1
 if needed for trunks,
true = 1
 

 
 Next is, you will click the Radio Button "FULL" and navigate to Configuration-> Protocol Configuration-> SIP Advanced Parameters-> CDR and Debug:


 Setting
 Value
 Description
CDR Server IP Address
 e.g. 192.168.1.1
should be the same as the Syslog Server
CDR Report Level
 Star & End Call
 tracing the entire call
Debug Level 
 5
Set the depth for the logging details, 5 is debug logging
0 off -> 7 full


Now we need to jump to the Mediant Config Webpage, which is located under:
http://IPAddress/FAE or use Putty for a SSH connection.
 
On this page, we will configure the Trunk Traces for ISDN Signaling. You need to click the "Trunk Trace" option inside the left navigation panel.
 
 Setting
 Value
 Desciption
 Trace Level Trunk 1
 acFull_TRACE
 
 Trace Level Trunk 2
 acFull_TRACE
 
 Enable PSTN Trace from Web
 Off
 
 Port
 0
 


 
Now its time to start the tracing:
Start your WireShark  or make sure the Syslog Server is running, so the Mediant can transmit the debug logging information.
Therefor you click the "Cmd Shell" menu option and will copy the following commands (alternatively use SSH):
 
ADV (advanced Mode)
DR (Avanced Recording)

RTR ALL (removes any previous traces)
RT ALL (removes any previous trace targets)
AIT <IP_Address_of_Wireshark_PC/ Syslog Server> (adds your PC as the target for the debug recording packets)
AIPCT N2H SIP (send SIP traffic to target PC)
APST ISDN (send ISDN traffic to target PC)
START (begin trace)

 
-> now we are tracing, you need to save the trace as a pcap file for further analysis <-
 
STOP
RTR ALL
RT ALL

 
 
This only captures the ISDN side of the Mediant Audio Gateway.

---------------------------------------------------

Dialogic (...):






---------------------------------------------------

Net Quintum (....):





Hide User Last Active Time Stamp (Lync Server 2013 Modification)

As very often requested or even legally forbidden in certain countries, Administrators seeking for a possible solution removing the user activity time stamp.
Mostly it is misinterpreted and secretly used for user activity monitoring. There Microsoft introduced an update with Lync Server 2010 CU6 and enabled without additional costs a simple and easy way removing this LastActive Attribute from the Users Lync Object.
 
Note:
After you apply this solution, only newly written/ detected activity time stamps are effected. In other words, if the user object was Lync enabled before has not yet logged into Lync again, the last time stamp is still visible, as you can see in the illustration below.
As well remember, this setting affect all user hosted on the Front-End Server (Pool) and cannot be set to individual users.


 
Procedure:
 
1. Create a text file, named Rtcaggregate.exe.config in the Lync Server 2013 Folder, e.g. C:\Program Files\Microsoft Lync Server 2013\Server\Core
 
2. Add the following configuration information into the .config file
<configuration>
    <appSettings>
      <add key="PublishLastActive" value="false" />
    </appSettings>
</configuration>

3. Now restart the Lync Server Front-End Service (RtcSrv)
Stop-CsWindowsService -Name "RtcSrv"
Start-CsWindowsService -Name "RtcSrv"

-------------------
Before:


-------------------
After:


Tuesday, September 10, 2013

Lync 2013 Server Prerequisites (per roles and with powershell script)

Lync 2013 Server Software Prerequisites:


Lync 2013 requires several additional software to be installed and has the need of certain roles and features, as well as hotfixes.
Since I'm missing a scripted PowerShell installation, segregated into Lync 2013 roles, I decided writing this detailed Blog, based on Microsoft Technet article and experiences. It shows you all requirements  and prerequisites for each Lync Server Roles and all supported Operating Systems.

Especially with the additional software you need to install, the installation sequence is important, therefor .NET Framework is a prerequisites for PowerShell 3.0 and Identity Foundation

As a common question; Which prerequisites do we have if I need the Administrative tools only. You simply can consider the Administrative Tools as a server role, therefor you need the same prerequisites as listed in the common section for "All Server Roles required".
The other components, e.g. Visual C++ or SQL Tools....

Regarding the Visual C++ Runtime: Best is you install this component by ONLY using the installation media. Microsoft C++ 2012 x64 Runtime -  11.0.50727 if you try installing any other version, you will run into an issue. 
Check my blog article about this issue here.


Windows 2008 R2

All Server Roles require:



Additional on all Standard and Enterprise Frontend Server:

  •  .NET 3.5 (activated by default)
  •  SilverLight (optional)
  •  prerequisite KB2646886 for IIS 7.5 (http://support.microsoft.com/kb/2646886/en-us)
      FIX: Heap corruption occurs when a module calls the InsertEntityBody method in IIS 7.5
      NOTE: Install this Hotfix only after IIS Components are installed!
Import-Module ServerManager
Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-HTTP-Activation, Web-Asp-Net, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Telnet-Client, BITS, Desktop-Experience

Director:


  •  prerequisite KB2646886 for IIS 7.5 (http://support.microsoft.com/kb/2646886/en-us) FIX: Heap corruption occurs when a module calls the InsertEntityBody method in IIS 7.5
  • NOTE: Install this Hotfix only after IIS Components are installed!

Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, NET-HTTP-Activation, Web-Asp-Net, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Telnet-Client, BITS


Mediation:

No more additional prerequisites

 

Edge:

No more additional prerequisites

pChat:

We need Microsoft Message Queuing (Server and Services)
Add-WindowsFeature MSMQ-Services



Note:
Remember, with Windows Server 2008 R2 you need to import the Server Manager module first.
Import-Module ServerManager




Windows 2012 and Windows 2012 R2

All Server Roles require:

  •  Windows PowerShell 3.0 (is installed by default)
  •  Microsoft .NET Framework 4.5 (http://go.microsoft.com/fwlink/p/?LinkId=268529) Additional Step's after Installation: Select WCF Activation if it isn’t already selected. Then select HTTP Activation, or include in PowerShell
  •  Windows Identity Foundation 3.5 (activate via Server Manager)
    or add via PowerShell
    Add-WindowsFeature
    Windows-Identity-Foundation

Additional on all Standard and Enterprise Frontend Server:

  •  .NET 3.5 (must be manually activated)
  •  SilverLight (optional)

Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Telnet-Client, BITS, Desktop-Experience, Windows-Identity-Foundation -Source D:\sources\sxs



Director:

Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Telnet-Client, BITS, Windows-Identity-Foundation -Source D:\sources\sxs


Mediation:

No more additional prerequisites


Edge:

No more additional prerequisites

pChat:

Add-WindowsFeature MSMQ-Services
---------------------------------------------------------------

Additional Information:

Do not install any Winsock Layered Service Providers (LSP) software, on any Front End Servers or stand-alone Mediation Servers. Installing this software could cause poor media traffic performance.
A LSP Software for example it:
Microsoft Internet Security and Acceleration (ISA) Server client software


Lync 2013 Survival Branch Server

In this section regarding the SBS (the equivalent "self-build" SBA:), I assume Windows Server 2012/ 2012 R2 is used:
As written, all server role have requirements in common, therefore to realize the SBA has its Registrar, Lync Frontend Service, the same overall requirements are valid too:

All Server Roles require:

  •  Windows PowerShell 3.0 (is installed by default)
  •  Microsoft .NET Framework 4.5 (http://go.microsoft.com/fwlink/p/?LinkId=268529) Additional Step's after Installation: Select WCF Activation if it isn’t already selected. Then select HTTP Activation, or include in PowerShell
    Add-WindowsFeature NET-WCF-HTTP-Activation45, Web-Asp-Net45
  •  Windows Identity Foundation 3.5 (activate via Server Manager)
    or add via PowerShell
    Add-WindowsFeature
    Windows-Identity-Foundation


Wednesday, September 4, 2013

Deploy Office Web Apps Server 2013 and external publishing

Office Web Apps Server 2013 is the central component presenting and editing Microsoft Office document with Web services. The Web Apps Server is shared with Lync, Exchange and SharePoint.

Version 1.5: 17.12.2014

Web Apps can be installed as standalone system or in a web cluster (Load Balanced).


Prerequisites:
Microsoft Office Web Apps Server was downloadable from the Download Portal. But since 24.Nov.2014 it is from now on only downloadable via the Volume Licensing  Portal and MSDN Subscription. For easy deployment, make sure you download it including Service Pack 1.
(Reference: http://blogs.technet.com/b/office_sustained_engineering/archive/2014/10/22/web-apps-server-removal-from-download-center.aspx)



While it downloads, we can configure the other prerequisites.

Windows Server 2008 R2
If you’re using Windows Server 2008R2, please download Microsoft’s .Net Framework 4.5, download Windows Management Framework 3.0, and download KB2592525, which will allow you to run the applications in a Server 2008R2 environment. Additionally apply KB2670838.
Install all of the above, Then, run this using an elevated PowerShell:

Import-Module ServerManager

Add-WindowsFeature Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-App-Dev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,Web-Security,Web-Windows-Auth,Web-Filtering,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Console,Ink-Handwriting,IH-Ink-Support
 
Restart the server if you’re prompted to do so.


Note:
If Windows Server 2008 R2 reports: KB2592525 is not applicable for your computer, you need to remove the conflicting Update: KB2670838
Second Option is here: TechNet



Windows Server 2012 and Windows Server 2012 R2
you’re using Windows Server 2012, it’s even easier; Just run the following from an elevated  PowerShell (Server 2012 imports the relevant PS modules automatically, so you don’t have to use the “Import-Module” command) :



Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,InkandHandwritingServices

Restart the server if you’re prompted to do so.


Install the Microsoft Office Web Apps Server:

Certificate Requirements:

WAC Server
Konfiguration
externalURL
internalURL
AllowHTTP
FALSE
SSLOffloading [1]
FALSE
 
 
CertificateName
OfficeWebApp


WAC Server Sertificate
Konfiguration
Common Name
server.internalDomain.intern
 
 
SAN
server.internalDomain.intern
SAN
webapp.extDomain.de
SAN [2]
server

[1] TRUE, if HLB for SSL Offloading is used
[2] if the WAC Server is deployed without an extenalURL, the NetBIOS name might appear!
 


Now start configuring the WAC server:
New-OfficeWebAppsFarm -InternalUrl "https://internalFQDN" -ExternalUrl "https://externalFQDN" -CertificateName "OfficeWebApp" -EditingEnabled

in Lync you need only the internal Discovery URL:
https://internalFQDN/hosting/discovery

Lync 2013 Server will identify the internal and external URL configured with the WAC Server.
Now we need a verification, that Lync 2013 Frontend has the correct setting.
Filter the Lync FE EventLog for all WAC related events: 41032 and 41034

You will find an entry similar like this:

- System
  - Provider 
     [ Name]  LS Data MCU        
  - EventID 41032
     [ Qualifiers]  17402      
   Level 4
   Task 1018
   Keywords 0x80000000000000
  - TimeCreated
     [ SystemTime]  2013-09-04T11:33:32.000000000Z      
   EventRecordID 5473
   Channel Lync Server
   Computer WACinternal.domain.intern
   Security
- EventData
 
 
SNOOPER TRACING with PowerPoint  in WAC:
 
09/04/2013|14:55:10.399 558:61C INFO  ::
SERVICE sip:thomas.poett@acp-test.de SIP/2.0
Via: SIP/2.0/TLS 192.168.1.105:52102
Max-Forwards: 70
From: <sip:thomas.poett@acp-test.de>;tag=1216ee8c42;epid=fe5337abb5
To: <sip:thomas.poett@acp-test.de>
Call-ID: c858fcb8e8dd4390b20bd3957050e6d8
CSeq: 1 SERVICE
Contact: <sip:thomas.poett@acp-test.de;opaque=user:epid:qxOEj3bU1VaO18cHg7Lu4wAA;gruu>
User-Agent: UCCAPI/15.0.4517.1004 OC/15.0.4517.1004 (Microsoft Lync)
Proxy-Authorization: TLS-DSK qop="auth", realm="SIP Communications Service", opaque="0A6C31A1", targetname="SVIELYNC.acp.local", crand="f0cb3d02", cnum="276", response="1ccdd5bb003db213989aeda53ed2f12c6e7d97ce"
Content-Type: application/msrtc-reporterror+xml
Content-Length: 1177
<reportError xmlns="http://schemas.microsoft.com/2006/09/sip/error-reporting"><error toUri="sip:thomas.test@testdomain.de;gruu;opaque=app:conf:focus:id:TYQF4ZHC" callId="3a63424bce4f4542a1878cf29782fd35" fromTag="6eec3407d5" toTag="23480080" requestType="" contentType="" responseCode="0"><diagHeader>54025;reason="A viewing URL navigation was attempted.";ClientType=Lync;Build=15.0.4517.1004;ContentMCU="sip:thomas.test@testdomain.de;gruu;opaque=app:conf:data-conf:id:TYQF4ZHC";ConferenceUri="sip:thomas.test@testdomain.de;gruu;opaque=app:conf:focus:id:TYQF4ZHC";LocalFqdn="KOL-SRVPOETT.acp.local";Url="https://webapp.testdomain.de/m/ParticipantFrame.aspx?a=0&amp;e=true&amp;WopiSrc=https%3A%2F%2Fmgacsap40.testdomain.intern%2FDataCollabWeb%2Fwopi%2Ffiles%2F5-1-2EB85D8&amp;access_token=AAMFEHCysGizzW9ZqKYwzMlxwFQGEM34svWrZyP-zsPbJWGjNzKBEHCysGizzW9ZqKYwzMlxwFSCAtO2gyAQW9O14tatIkg7-CY3o087igqpE1IlNxyRe8SIPyn0bYYI1bAhMch30AgIDURhdGFDb2xsYWJXZWI&amp;&lt;fs=FULLSCREEN&amp;&gt;&lt;rec=RECORDING&amp;&gt;&lt;thm=THEME_ID&amp;&gt;&lt;ui=UI_LLCC&amp;&gt;&lt;rs=DC_LLCC&amp;&gt;&lt;na=DISABLE_ASYNC&amp;&gt;"</diagHeader><progressReports/></error></reportError>


Troubleshooting:
Attempted Office Web Apps Server discovery Url: https://webapps.extDomain.de/hosting/discovery/
Received error message: The remote certificate is invalid according to the validation procedure.The number of retries: 13327, since 2/27/2013 9:07:42 PM.
or
Lync 2013 PowerPoint sharing issue: “There was a problem verifying the certificate from the server. Please contact your support team.”




CERTUTIL –URLFETCH –VERIFY “OfficeWebApp.cer”
Use this command to verify if the CDP for CRL checkup is correct. This verifies the HTTP connection.

NOTE: IIS Error 500.21

For Windows Server 2008 R2
%systemroot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -iru
iisreset /restart /noforce


For Windows Server 2012
dism /online /enable-feature /featurename:IIS-ASPNET45