Tuesday, January 26, 2016

Skype for Business Meeting Failed: Content was blocked because it was not signed by a valid security certificate

In either Internet Explorer or other browsers you might see this issue finally popping when you try joining a Skype for Business Server Meeting if the Meeting is hosted on Premise,


This issue also pop's up with Lync Meeting, not only with Skype for Business Meetings.


Error:
Content was blocked because it was not signed by a valid security certificate




After investigation, I saw this was most likely related to changes in Skype for Business Client Update from Januar 2016: https://support.microsoft.com/en-us/kb/3114502


It implements a new and proper described certificate validation procedure for all SIMPLE URL's.
(Note: This issue can't be replicated each time, therefore you have to consider this as "possible issue")
 
 

As I described earlier in my blog: http://lyncuc.blogspot.de/2015/10/wildcard-certificate-support-in-skype.html
It is absolute curial following the infrastructure recommendations from Microsoft, regardless if it might work or not. Once there will be an update released, the not recommended setup will have issues or will fail!


A valid SAN Wildcard certificate could look like this:

CN   = fqdn.DOMAIN.COM
+

SAN = fqdn.DOMAIN.COM
SAN = surl.DOMAIN.COM
SAN = *.DOMAIN.COM



 
I took a deeper look into the assigned certificate.
Btw, it is also in hybrid Skype for Business setup required to be assigned to a local point of access for simple URL's.


We see the CN (or SN) has FQDN as *.domain.com
next screenshot show's it in detail again.
While the last screenshot show's the wildcard name repeated in the SAN (Subject Alternative Name).


I have seen several environment running this configuration without issues as they told me.
But, how they can trace the join users experience?
True, they can't and here I give the example of a situation,where it ended up in mess.


Please define your Reverse Proxy and your Edge Server certificates in the supported and best practice setup.

 

 






Saturday, January 9, 2016

Call Monitor Skype for Business Client

With the last client update from January 2016, Microsoft introduced a new feature call Call Monitor.


(first it is still a little buggy and it is also not really suitable. more annoying)


The impacted client version is:
Skype for Business 2016 MSO (16.0.6326.101)


The change introduced the Call Monitor, where the view totally changed and consumes now a huge space on your desktop.


If you switch during a call to another application and Skype is not on front any longer you will see a the two following possibilities:


simple audio call:







conference call with audio/ video:






You can, if you click the icon, still hide the huge screen part.
now you will see this little icon: