Sfb 2019 July 2019 CU

Script to update sfb 2019 install to enable the new control panel contained in the SfB July 2019 CU.

Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Windows-Identity-Foundation, Server-Media-Foundation, Telnet-Client, BITS, ManagementOData, Web-Mgmt-Console, Web-Metabase, Web-Lgcy-Mgmt-Console, Web-Lgcy-Scripting, Web-WMI, Web-Scripting-Tools, Web-Mgmt-Service

CMS install fails SfB 2015 Jan 2019 CU

Details:

We are upgrading/migrating from Lync 2010 to SfB 2015 (not 2019)( cannot do three levels at once).

New host servers are 2016 Standard.

SQL BE is 2016 SP2.

EE 2015 pool installed, patched to Jan 2019.

Updated databases on BE SQL.

Prepare for CMS move to new EE pool failed on install-csdatabase -centralmanagementdatabase ---- specifically it fails to find the SQL instance.

After much tshooting, we determined that any management workstation or SfB 2015 server with the Jan 2019 CU refused to take this action.

Process ran just fine with SfB2015 July 2018 CU, or from a management workstation running RTM bits.

This error appears on screen to be a SQL issue, but it’s not. There is something “different” with the install-csdatabase server when invoked as -centralmanagementdatabase that is preventing this action. While this error was present, a normal install-csdatabase -update -configureddatabases -excludecollocatedstores (which is needed for the jump from RTM to any CU past CU5) ran perfectly as did test-csdatabase -configureddatabases

YMMV

Audiocodes Teams Phone C450HD

I feel like cueing up Steve Martin in “The Jerk” but I have already done that once, and I hate to repeat.   So, you think about that scene where the phone book arrives….

I got a squeaky new Audiocodes C450HD.  A long time coming.  But, now I have a Teams phone.  And based on the goodness that is an Audiocodes handset.

So, we should have a pretty nice piece of gear here.  Let’s kick the virtual tires and see how this thing works.

Taking it out of the box, connected to PoE, and here we go…

Tapping the 'Sign in' gets you to the Company Portal page, and a further tap in address entry cell pops up a handy qwerty keyboard.

Edited Note:  I contacted Audiodcodes about the placement of the virtual keyboard and was told that anything UI is Microsoft-dictated.  So, if you get chapped off at poor design (like I did), your complaint needs to go to Microsoft, who we all know is NOT E.F. Hutton when it comes to this kind of thing.

Once you figure out how to spell your UPN correctly, and the verification code is received, you get two options for data entry…keyboard on screen or you can simply use the big square things on the phone itself.

There are a few cartoon screens of “how to” and “what can you do…”

But in the end, you get this – and you say to yourself – “…this is different…”

Let’s do a little reading to figure this out. And we discover that on this page here:  https://www.audiocodes.com/library/technical-documents?productFamilyGroup=1672&productGroup=16127 there does not appear to be any user guide for the TEAMS version of this phone…. odd.  

A quick call to my Audiocodes contact (who I am sure  will never answer my call again) revealed that the code is not GA yet (Microsoft supplied code) so therefore the TEAMS documentation is not published yet.  Bummer.

But, to answer my own question, a few quick (or not) logins later and we have the information that “Shared” pretty much presents the phone as a CAP (nee SfBS CAP).  I can see how to make this have a semi-generic account and get invited to meetings and such… and then the room could have this phone in it and we’d be able to join the meeting, but not see contacts, history of personal calls, et cetera.

Shared:  Nothing but join a meeting.

Personal: here I am presented with calls,. meetings, my voicemail.

After all  the button clicking and MFA entering, we now have a phone that works with Microsoft TEAMS natively.  Not a 3PIP phone that sort of works, but a handset set that is actually a full login.  Minus video, screen sharing, and access to my full Teams account content.

You can make the C450HD into an SfB phone if you wish.  From the login screen, before you login to the Teams phone, switching the c450HD to SfB is three clicks.

Menu | Debug | Switch to Skype for Business

I have been using this device now for the better part of this week to make and take my business calls and participate in meetings.  The build quality, technical execution of the device, audio quality, fit, finish and feel are all what you would expect from Audiocodes. 

YMMV

Surface, SfBS 2019, PKI

Thanks to Yomi for helping out. Hopefully you have been nice to him. Apparently today I was worthy.

Do you have:

• SfB 2019/2015 on-premises?
• Empty root domain with child domain that has the user accounts?
  • Domain.com and ad.domain.com?
• Internal PKI for internal functions; public PKI for public-facing functions?
• Multiple SIP domains?
  • Domain.com, aa.domain.com, someotherdomain.com, someotherdomain2.com, (I had 15 of these)
• Surface hubs that appear to be V1 devices?
  • Mine reported themselves as 10 (built 15063) with all current updates. This will be a bit tricky as all the guidance from google-fu shows different screens that what I had. But you can probably read between the lines a bit and still be successful.

• Setup the user account as normal – full Exchange mailbox, setup same to handle calendar auto enroll, etc.
  • Non-expiring passwords highly desired but not required (you have to change the PW on the device each time the user account changes PW)
• Enable that email account as SfB user. EV not required, but they need to be account as described in various guides… full mbx, full calendaring, etc.

The issue at hand:

• Surface logs in as device admin, finds Exchange account and logs in. Any attempt to login as SfB account results in either a refusal to do anything (you got the SIP domain wrong) or it just spins.
  • For the first one, check your spelling.
  • For the second, it turns out to be two issues:
• First, the cert being presented by the SfB internal services is PRIVATE, so therefore a non-domain device/user (like a Surface)(Windows Team – the core O/S on a Surface cannot join domain) does not have the Trusted Root Cert from the internal PKI CA, so it refused to connect.
  • In my case, ZERO additional information – no error message, no nothing… just the spin. Bummer.

Fix:

• You need to tell the Surface to like/trust both the SIP domain name AND the domain the server itself resides within.
  • Ex: sip domain of domain.com, server domain of ad.domain.com
• And you need the trusted root loaded onto the Surface.
  • Easier said than done.

To fix the first one:

• Get into the settings (requires device admin)
• All Settings| Calling and Audio|configure domain name
  • You can enter multiple names comma separated
• Restart to have it take effect

• Download via Windows Store the “Windows Imaging and Configuration Designer.
  • With my squeaky new Zbook, the our corp store barfed on delivering what it said we owned. But, there is another source also:

https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-packages

https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install

• I did choice #2/3, and then installed JUST the one tool needed as noted in the link.

• From there, get a copy of the Trusted Root Cert, and then follow these instructions:

https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package

https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package

• Next, restart the Surface.

Finally. Enjoy the goodness.

YMMV

How to completely leave a Team that you are a guest

I am blatantly stealing this for publishing as I don’t want to forget this.  Why this is not part of the Teams client itself is beyond me.  But here you go;

https://docs.microsoft.com/en-us/azure/active-directory/b2b/leave-the-organization

What is obviously different in my case was the need to actually sign in to the org I wanted to leave.  But OK, it worked, and THEN I could go back through the instruction and choose “leave organization”. So while the guidance has changed a bit, the job still got done.

YMMV