About Me

My Photo
TsooRad is a blog for John Weber. John is a Lync Server MVP (2010-2014). My day job is titled "Principal Consulting Engineer" - I work with an awesome group of people at CDW, LLC. I’ve been at this gig in one fashion or another since 1988 - starting with desktops (remember Z-248’s?) and now I am in Portland, Oregon. I focus on collaboration and infrastructure. This means Exchange of all flavors, LCS/OCS/Lync, Windows, business process, and learning new stuff. I have a variety of interests - some of which may rear their ugly head in this forum. I have a variety of certifications dating back to Novell CNE and working up through the Microsoft MCP stack to MCITP multiple times. FWIW, I am on my third career - ex-USMC, retired US Army. I have a fancy MBA. One of these days, I intend to start teaching. The opinions expressed on this blog are mine and mine alone.

2011/12/30

Create CSR from TMG

Scenario

You need to create a Certificate Signing Request (CSR) for your TMG to support Lync (or Exchange or whatever) - AND you need this certificate to have SAN (Subject Alternative Name) entries.

What to do?

Chad McGreanor has a great write-up on this!

Changes?

If you do not already have a Local Computer Certificates\Personal\Certificates container in your TMG deployment, you can still use this process – by accessing the CSR process as shown here:

image

YMMV

2011/12/29

DB errors after lyncserverupdateinstaller.exe is run

Situation

You have recently updated Lync Server 2010 to the latest Cumulative Update and you are having issues that appear to be DB related.

Possible Fix

It is entirely likely that you may have missed updating your databases as required.  This used to be a separate download.   Now that the lyncserverupdateinstaller.exe is available (see this MS KB) I have noticed that sometimes people forget to update the databases which is a separate step. 

AFTER you run the lyncserverupdateinstaller (remembering to do outside in methodology), here is what you need to do, by type of database environment:

If Enterprise Edition Back End Server databases are not collocated with any other databases, such as Archiving or Monitoring databases, at the command line, type the following:

Install-CsDatabase –Update –ConfiguredDatabases –SqlServerFqdn <SQL Server FQDN>

If Enterprise Edition Back End Server databases are collocated with other databases, such as Archiving or Monitoring databases, at the command line, type the following:

Install-CsDatabase –Update –ConfiguredDatabases –SqlServerFqdn <SQL Server FQDN> -ExcludeCollocatedStores

For Standard Edition, type the following:

Install-CsDatabase –Update –LocalDatabases

YMMV

2011/12/28

OAB and GAL issues

Situation

I just spent the last 3-4 hours doing this research for some random issues as listed below.  What resulted was a pretty comprehensive Tshoot OAB/GAL issues outline.  Thought I would share.


Issue is (seemingly) random users get created but never show in the GAL – no pattern.

Issue is (seemingly) random users cannot see all users in GAL – no pattern.

- If you create a brand new Outlook profile on a newly installed client with a newly created account, in cached mode, are you able to download a full OAB successfully (this happens automatically with a new OL profile).

o If yes, do you see the "missing" account ?

o If yes, then the OAB is the correct one, and is correctly being updated.

- If no, you have a problem with syncing your OAB. It should point only to the GAL and if it does, and there are no sync errors, it MUST contain the errant account if this appears correctly in the GAL.

The answer to the short experiment above drives which of the following choices to pursue.

1. Can you see the Contact if you turn off Outlook Cached Mode?

2. Does the Contact resolve in Outlook Web Access?

3. Can others see the Contact?

4. Ensure that the user’s default external e-mail address and the windows e-mail address (AD attribute) are exactly the same.

5. If you have a client in cached mode that is not updating the OAB, remove/rename *.oab files in their %userprofile%\Local Settings\Application Data\Microsoft\Outlook. Next time you start Outlook it will re-download the address book and create new OAB files. The problem was the oab files got corrupt and would not catch new updates.

6. If it continues to happen, try excluding these oab files from your anti-virus scanner.

7. Recreate the users Outlook Profile and download all the content fresh

8. folder underneath OAB named d33d3462-etc-etc where the OAB resides had read only permissions set for authenticated users.  The OAB folder did not have that permission. 

9. On the e2010 server, make sure the Microsoft exchange file distribution service is running.

10.  Make sure the recipient that does not show up has an x500 address entry

11. Does anything show in a BPA from e2003?

12. Does anything show in a BPA from e2010?

13. Which server is the OAB generator?  Anything in the event log there?

14. Make an e2010 server the OAB generator

a. Any ol2003?  Then you need PF distribution

b. Only OL2007 or higher?  Use e2010 and web distribution

These seem fairly on point:

http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/b12fb4e6-9da2-450e-b994-0b90eb5252bc/

The domain controller that you are using for OAB gen specified in the 9117

event isn’t seeing that user. Make sure there is not a 9325 in the

application log skipping him because of a bad attribute. You can download a

copy of OABInteg from http://code.msdn.com/oabinteg. Use an online profile

and run oabinteg /s:srvname /t:proxytest /v:2 /l and look at the errors in

the log.

Try deleting the user's oab files then have him redownload.

Go to C:\Users\username\AppData\Local\Microsoft\Outlook

Delete all files with .oab

Outlook, send\receive download address book.

Also did you move this user to another new mailbox store? If so make sure the mailbox store has been set to use the default OAB.

Exchange 2007/2010 Web services and Autodiscover Ultimate Troubleshooting Guide

I decided to put this ultimate guide to spare the hustle and allow smoother and nicer web services experience.
Well, let us first list the directories that are used in the Exchange web service:

· EWS is used for OOF, Scheduling assistance and free+busy Lookup.
OAB provides offline address book download services for client.
Autodiscover is used to provide users with autodiscover service.
EAS provides ActiveSync services to Windows Mobile based devices.
OWA provides outlook web access for users.
ECP provides Exchange control panel feature for Exchange 2010 users only.

Issues that might be resolved using the troubleshooting steps here:

· You cannot set the OOF using outlook client, you receive the server not available error.
You cannot view free/busy information for other users.
You cannot use scheduling assistance, also you might receive not free/busy information data retrieved.
You cannot download Offline Address book errors.
You cannot use autodiscover externally.
Certificate mismatch error in autodiscover, users prompted to trust certificate in outlook 2007/2010.

I will update this post to include all of the errors that I face and solve in my work or on EE to help experts all over EE to quickly solve their issues.
First let us start by the configuration required post Exchange 2007/2010 installation for the above to work correctly:
Configure External and Internal URLs for OWS, ref: http://technet.microsoft.com/en-us/library/bb691323(EXCHG.80).aspx

· You have to configure the internal URL to be the server name in case you have multiple servers in NLB.
External URL will be the URL used by users to access webmail e.g. https://mail.domain.com/owa
Mail.domain.com in multiple CAS servers will be the NLB FQDN.
Configure External and Internal URLs for OAB, ref: http://technet.microsoft.com/en-us/library/bb123710.aspx
This will point if multiple CAS servers are used then this will point to NLB FQDN.
If single server used this will point to the internal server FQDN in the internal URL, and the mail.domain.com which is used by webmail users.

Configure the autodiscover internal URL:

· You will use the powershell cmdlet : Set-ClientAccessServer –Identity <CAS Server Name> -AutoDiscoverServiceInternalUri: <Internal URL>, this FQDN must match the URL included in the certificate.
If you cannot use autodiscover.domain.com internally (you have a domain name of domain.local and you must use it), you will get a certificate miss match error, you will have to include the internal name in the certificate if you purchase an external certificate.
If you have multiple CAS in NLB this will be the NLB FQDN.
You cannot set autodiscover external URL since outlook will try to access https://autodiscover.domain.com/autodiscover/autodiscover.xml, this behavior is by design and cannot be changed.
Autodiscover.domain.com must be included in the certificate that you assign to IIS if you purchasing a certificate externally from 3rd party provider.

Configure EAS internal and External URLs, ref: http://technet.microsoft.com/en-us/library/bb629533(EXCHG.80).aspx

· This URL will point to the NLB FQDN internally
This IRL will point to NLB FQDN Externally.

Configure the EWS (which provides availability, OOF) internal and external URLs

· You can set the internal FQDN and External FQDN using: get-webservicesvirtualdirectory | Set-WebServicesVirtualDirectory  –InternalUrl: https://url.domain.local/EWS/Exchange.asmx –ExternalURl: https://url.domain.com/EWS/Exchange.asmx

after all of the above settings you have to take into considerations the following note:

· All of the above uses https connection, so SSL certificate must be configured and assigned to IIS on the CAS servers.
Since all of the above uses https, if you have a proxy traffic might be affected.
Make sure that clients can access the URL internally and externally, you can do that by going to the above URL using IE or Firefox and validate that you can access them.

For some people after doing the above configuration you still receive some errors so make sure of the following:

· IIS is started.
OWA application pool, OAB application pool and EWS application pool are running and started with no errors
If you receive authentication error, error 500 service not available, error 400 login time out, or unspecified error you will need to rebuild your virtual directories. You can do that as following:

· For OWA:
Get-owavirtualdirectory | remove-owavirtualdirectory
New-owavirtualdirectory.
You can repeat this step for EWS (webservicesdirectory), OAB (OABvirtualdirectory) and autodiscover(autodiscovervirtualdirectory)

You will have to note that you will need to re-configure any customizations you made to OWA after removing and deleting it, also you will have to redo any internal and external URL configuration you have did in the past

Troubleshooting Offline Address Book Generation on Exchange 2010

After migrating from Exchange 2007 to Exchange 2010, we began noticing that address book downloads failed during a manual send/receive operation with:

‘error (0x8004010F) operation failed. An object cannot be found.’

clip_image002

Basically, this error is happening because Outlook 2007 and higher clients rely on web based distribution of the offline address book, and that address book is not found on the CAS Server.

The fix is to enable the Default Offline Address book on the mailbox server for Web-based distribution:

clip_image004

This setting does not go into effect immediately. If you want to force it to start working immediately, you need to perform these steps:

1) Update the address book

clip_image006

2) Restart the File Distribution Service on the CAS Server

clip_image008

Performing this step will cause the CAS to download a copy of the OAB from the Mailbox server, see this post for more info on the Exchange File Distribution service.

3) Force Active Directory to sync  (repadmin /syncall /APed)

Now, when you force a send/receive from Outlook, the address book will download cleanly!

There are other reasons why clients may be getting error 0x8004010F, check out this post for more information: http://blogs.msdn.com/dgoldman/archive/2008/10/01/understanding-why-error-code-0x8004010f-is-thrown-when-trying-to-download-an-oab.aspx

Also, if you are getting Event 9320 in your event logs, you can safely ignore those per this blog:

http://blogs.msdn.com/dgoldman/archive/2009/12/01/please-read-events-9320-and-9359-on-new-installation-of-exchange-2010.aspx

2011/12/22

Lync Mobile Client for iPhone/iPad

Background

In November 2011, Microsoft released the mobility updates for Lync.  Get the bits here.  There is also a mobility guide on how to deploy, what needs to change, what stays the same, and what needs adding to your environment.  Get the guide here.

Then just a few weeks ago, Microsoft released the actual clients.  Windows 7.x mobile, of course, was available almost immediately, the Droid crowd got theirs quickly also.  But iOS users had to wait for the AppStore to approve and release.  And now they are here!  To get your very own install, try the following links:

Client Setup

Once you have this wonderful tool installed, setup is very easy.  Here is the initial screen:

image

Add the obvious information that is needed for autologin.  You may need to add your account details if your AD login is different from your SIP address.  If so, pull down the “more details” as shown.  Also notice the toggle for “auto-detect.”

image

Then you enter your call back number.  This is important because the Lync Mobility setup uses a server-centric call back routine much like the old COMO client did.  You can make phone calls from the client, but the SERVER will call you, then call your other party.  Works well.

image

Here is the options screen.  Notice that everything is nice and clean.  Well laid out and coherent.  This is direct contrast to the Damaka Xync client that is clunky at best and confusing to use.  Anyone familiar with Lync on the desktop will need no training to use this mobile client on iOS.

image

For those sharp-eyed readers, notice that I took all these screen shots from an iPad client.  But the iPhone client is, as far as I can tell, exactly the same.  Nice and consistent.  Obviously, the iPad client benefits from a greatly expanded screen size, so all things are not exactly the same, but dang!

Also, because my iPhone is actually a phone with service (my iPad is not) the iPhone Lync client can be used to make phone calls as described above.  The iPad client will join meetings, and when you initiate the call, the SERVER will call your cell phone (provided that is the number you entered in the setup).  Nifty.

Here, I have entered a phone number and tapped on “call” – the system tells me to answer the call, which is the server connecting me.

image

Then, the server calls the other party…both sides think the server called them, which in fact it did.  But now I can call clients using my cell phone, and having the call come from the office!  Nice.

image

 

What doesn’t work?

The iOS client has specific functionality – as outlined by the chart that you can find here.  But the bottom line is that it works very well, and looks good to boot!  Sadly (at least for my expectations) it will not do Audio, Video, or Desktop Sharing (like Xync – but Xync is a full edge client).  To be fair, the other clients do not perform those functions either.  A list of what CANNOT be done from the Lync iOS client:

  • add a custom location
  • publish status based on calendar free/busy
  • view frequent contacts group (nobody got this one)
  • modify contacts list (the symbian client can do this)
  • tag contacts for status change alerts
  • manage contact group (symbian can manage group contents)
  • automatically log conversations in Exchange (nobody got this one)
  • use dial-in conferencing (more on this a bit later)
  • view meeting video (Sad smile)
  • use in-meeting controls, presenter or otherwise (nobody got this one)
  • desktop share (nobody got this one)
  • navigate a list of your meetings (I don’t understand why the iOS clients are listed as not being able to do this.  I can see a list of my day’s meetings!)
  • manage team call settings
  • manage delegates
  • initiate call to Response Group
  • support e-911
  • make calls on behalf of
  • conduct two-party calls with external user (although it will call my cell phone, so I don’t know what is meant by this)
  • conduct multiparty calls with external users (ditto as above)
  • client-side archiving
  • client-side recording

iOS clients can send location data in an IM.  Very nice for tracking down your clients location or possibly showing your buddies what bar you are in….

image

Conclusions

Overall, I think this is solid release with some great functionality.  The Damaka Xync client, as a full edge client, has full functionality.  However, the Xync client has a strange interface and some things do not work quite as well I would like them to work; the Microsoft Lync Mobility client has a very clean interface that is instantly familiar – and it provides its’ feature set seamlessly.  And free.  Free is a very good price.

YMMV

2011/12/14

MiFi speed–WiFi is getting better

Sitting in a car dealer getting my car fixed…. With my zippy new Verizon MiFi…not too shabby.

image

2011/12/12

Lync Server 2010 ROI

Over at cio.com, Sprint reveals how much it saved by deploying Lync Server.  Discussion points cover why Sprint did it and where the savings are and several pain points are also highlighted.

Take a look here.

YMMV

Lync Server 2010 Troubleshooting

Fellow MVP Stale Hansen has published a sweet Lync Server 2010 Troubleshooting Tips article.

Take a look here.  I think you will find it extremely useful.

YMMV

Microsoft SIP error codes

When reviewing troubleshooting traces from both server roles and client side log files, you will encounter numerous SIP codes that may seem to be a complete different language. 

Here is a nice MSDN guide to those SIP codes.

The guide is presented in terms of what the log file will reflect for various states and errors, whether they are unhandled or unidentified.  Very helpful for those situations where things are just not operating as expected.

Client Error Display and Logic

Handled Error Display

Unhandled Error Display

YMMV

Lync 2010 & Exchange UM Integration

If you are deploying Lync Server 2010 with Exchange 2010 Unified Messaging, then this guide is your friend.

The sections of this document help you understand how to deploy and troubleshoot this vital UC component interaction to include conducting testst using synthetic transactions.

YMMV.

2011/12/09

Lync Server 2010 Support for Communicator Mobile for Java/Nokia

Maybe a tad esoteric…but if you need it you NEED it.

Configuring Microsoft Lync Server 2010 to Support Communicator Mobile for Java and Communicator Mobile for Nokia

This document provides the necessary steps for installing the Communicator Mobile component alongside Lync Server 2010 so that Office Communicator Mobile 2007 R2 for Java and Office Communicator Mobile for Nokia 1.0 can connect to the Communicator Mobile component as usual, and the Communicator Mobile component can connect to Lync Server 2010.

 

YMMV

2011/12/08

Useful Tips for Testing Your Lync Server 2010 Edge Server

Patrick Kelly and Sebastiaan Poels just published a nice Lync Edge troubleshooting tips article.

Go here to get it.

YMMV