Archive

Archive for the ‘UC’ Category

Skype for Business at VMworld 2016

July 27, 2016 Leave a comment

Are you going to VMworld? Do you work with Skype for Business? Are you planning a deployment of Skype for Business that you want to virtualize? Are all your first choice sessions full?

If you answered “Yes” to any of these questions, you should register for VIRT7620: Successfully Virtualize and Operate your Microsoft Skype for Business Infrastructure on the VMware vSphere Platform.

I will be speaking alongside VMware IT on how they deployed Skype for Business and the best practices that were implemented. We will highlight why latency, IOPs and other resources are important to Skype for Business and other Real Time Protocol products.

We will also talk through what happens to a virtual machine when you vMotion it from one host to another and how that would impact Skype for Business.

I hope you will join us to hear all about Skype for Business and virtualization!

Categories: UC

Centralized Logging Service not working in Skype for Business

July 26, 2016 5 comments

I haven’t written a new post in a while as I have not been doing as many deployments lately. I have been focused more on evangelism and speaking with different organizations that are thinking about deploying Skype for Business.

That said, recently I had the opportunity to get back in to the game and start a deployment for a large organization. We were experiencing some issues that necessitated us to do some logging on the Front-end servers. I turned to my favorite tool for this, the CLSLogger which takes advantage of the Centralized Logging Service (CLS).

I would start up CLSLogger and when I attempted to start the scenario, I would get an error like this:

WARNING: Failed on 1 agents
Agent - mediation1.domain.com, Reason - Error code - 20000, Message - Unknown error - 
Error calling agent mediation1.domain.com; Could not connect to 
net.tcp://mediation1.domain.com:50001/. The connection attempt lasted for 
a time span of 00:00:02.0228175. TCP error code 10061: 
No connection could be made because the target machine actively
 refused it 10.0.0.40:50001. . Please refer CLS logs for details.

When I went to the server and did a netstat, I saw that CLS was not actively listening. I should have seen the system listening on ports 50001-50003.

PS C:\Windows\system32> netstat -an | findstr 5000*
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:4500           *:*
  UDP    [::]:500               *:*
  UDP    [::]:4500              *:*

I went round and round with this and ultimately had to open a case with Microsoft on it. After doing some traces and pulling the ETL logs, the Microsoft Engineer got back with and asked how we had generated the certificate. He was seeing the following message in the ETL log (which us mere mortals don’t have the ability to read and the real reason I’m writing this blog article):

29 TL_ERROR(TF_COMPONENT) [3]14CC.1728::06/08/2016-16:53:00.193.00000010 
(CLSAgent,CommandProcessor.Initialize:commandprocessor.cs(247))Exception - 
[System.ArgumentException: It is likely that certificate 
'CN=mediation.domain.com, OU=IT, O=Domain, C=US' 
may not have a private key that is capable of key exchange or the process 
may not have access rights for the private key. 
Please see inner exception for detail. ---> System.Security.Cryptography.CryptographicException: 
Invalid provider type specified.

We then looked at the certificates installed on the machine by running “certutil -store my”. (I’ve purposfully deleted identifying information and highlighted in red the Provider which is the key piece of information.)

PS C:\Windows\system32> certutil -store my
my "Personal"
================ Certificate 0 ================
Serial Number: 5xxxxxx
Issuer: 
NotBefore: 4/15/2016 11:29 AM
NotAfter: 4/15/2019 11:59 AM
Subject: CN=, OU=IT, O=Domain, C=US
Non-root Certificate
Cert Hash(sha1): 39 2d..... 
  Key Container = le-360ab342
  Unique container name: 5d26bec417ed43b7840b7bf82c2fb363
  Provider = Microsoft Software Key Storage Provider
Encryption test passed
CertUtil: -store command completed successfully.

When we talked to the group that generated the certificate, we found that they used their own template instead of the Wizard in Skype for Business. While you certainly don’t have to use the Wizard, Skype for Business definitely has some requirements on the certs that will work with it. As an example, going to a key length longer that 256 usually doesn’t work out too well. In this case, the Provider was what was wrong.

I then turned to the Digicert Utility, one of our other favorite tools to generate the Certificate Request (CSR). This then utilized the correct Provider which is the Microsoft RSA SChannel Cryptographic Provider. After we issued the new cert and assigned it, we restarted the servers and checked the certs.

PS C:\Windows\system32> certutil -store my
my "Personal"
================ Certificate 0 ================
Serial Number: 5xxxxxx
Issuer: 
 NotBefore: 6/9/2016 12:02 PM
 NotAfter: 6/9/2019 12:32 PM
Subject: CN=, OU=IT, O=Domain, C=US
Non-root Certificate
Cert Hash(sha1): 3c e2....
  Key Container = 70C232....
  Unique container name: 9ed77....
  Provider = Microsoft RSA SChannel Cryptographic Provider
Encryption test passed

We also started seeing CLS listening as expected:

PS C:\Windows\system32> netstat -an | findstr 5000*
  TCP    0.0.0.0:50001          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:50002          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:50003          0.0.0.0:0              LISTENING
  TCP    [::]:50001             [::]:0                 LISTENING
  TCP    [::]:50002             [::]:0                 LISTENING
  TCP    [::]:50003             [::]:0                 LISTENING
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:4500           *:*
  UDP    [::]:500               *:*
  UDP    [::]:4500              *:*

I hope this helps someone else who might end up in this situation.

Categories: Lync, UC

COUCUG Feb Meeting – Identity Management and #Office365

February 25, 2014 Leave a comment

For folks in the Denver area, the February meeting of the Colorado UC User Group is this Thursday (2/27) from 4-6pm at the Microsoft offices in the DTC.

We are going to be discussing Identity Management with Office365. This is an important topic if you are wanting to utilize Office365 with Single Sign-on or if you are running (or going to run) a Hybrid setup.

You can find out more and RSVP at http://www.coucug.org.

Categories: UC Tags: ,

#Lync Conferencing Anonymous User Time-out

January 16, 2014 Leave a comment

Ran into this awhile back and documented it in my “To Blog” note pile. Client wanted to know how long someone who isn’t the meeting owner (i.e. a guest from another company) could stay in a meeting before they were kicked out if the meeting owner (aka Presenter) dropped.  I found this article on Technet: http://technet.microsoft.com/en-us/library/gg398340.aspx and it explained the following:

AnonymousUserGracePeriod:

Represents the amount of time an anonymous (unauthenticated) user can remain in a meeting without an authenticated user being present in that same meeting. For example, if this value is set to 15 minutes an anonymous user can stay in the meeting for, at most, 15 minutes before an authenticated user must join. If an authenticated user does not join before the grace period expires then the anonymous user will be removed from the meeting. This setting applies to both scheduled meetings and to ad-hoc meetings created by clicking Meet Now in Microsoft Lync.

 The AnonymousUserGracePeriod must be specified using the following format: days.hours:minutes:seconds (for example, 0.00:30:00 for 30 minutes). The grace period can be set to any value between 0 second and 1 day; the default value is 90 minutes (01:30:00).

Note that the default value is 90 minutes. That means if you have people in a call and all of the authenticated users drop, the non-authenticated users could continue to chat for 90 more minutes.

For this particular client, they wanted to ensure that if an authenticated user (aka Presenter) dropped from the call, that the other non-authenticated (aka Guests) user would drop after 5 minutes. We achieved this using the following command:

Get-CsUserServicesConfiguration | Set-CsUserServicesConfiguration -AnonymousUserGracePeriod "00:05:00"

LyncConfTimeOut

Categories: Lync, UC Tags: ,

COUCUG January Meeting (1/30)

January 13, 2014 Leave a comment

The January meeting of the Colorado Unified Communications User Group (COUCUG) will be held on January 30th from 4-6pm at the Microsoft offices in the DTC. Plantronics will be sponsoring the meeting and will be providing food and drinks.

Our topics this month are:

  • Lync Meeting Etiquette
  • Deploying Lync Voice

Please RSVP at www.coucug.org so we can bring in the right amount of food.

We’re looking forward to a great year with lots of great topics and hope you will join us.

Categories: Lync, UC Tags: ,

Lync 2013 Refer Support

January 15, 2013 Leave a comment
This isn’t a major change, merely just a “if you aren’t paying attention it might just slide past you” type of thing.  In Lync 2013, the option for Refer Support has changed from a Check-box to a Drop-down menu.

Here is what it looks like in Lync Server 2010:
Image
And here is what it looks like in Lync Server 2013:
Image
Not really such a big deal but if you are just comparing check boxes between the two system, it can easily be over-looked.
The reason for the change to the drop down is because Refer support is no longer an on or off setting.  We now have three settings:
Image
Per Technet (http://technet.microsoft.com/en-us/library/jj688104.aspx), our two options (besides None) are:
If set to Enable sending refer to the gateway, indicates that the trunk supports receiving Refer requests from the Mediation Server.

If set to Enable refer using third-party call control, indicates that the 3pcc protocol can be used to allow transferred calls to bypass the hosted site. 3pcc is also known as “third party control,” and occurs when a third-party is used to connect a pair of callers (for example, an operator placing a call from person A to person B).

Categories: Lync, UC Tags: