How do I create a custom RBAC scope based on csuseradministrator but scoped to a single domain. e.g. "dc=contoso,dc=com"
there serveral hundred user OU's so not practical to assign role to each OU. This is an AD forest with multiple user domains.
Furthermore if you do scope to an OU does it apply also to all sub-OU's
thanks in advance
Hi
Building my first EE lab. I have 4 servers: FE1, FE2, SQL and DC
In Topology Builder I create a pool and add by two FE's. do I add the SQL as well? because I have but further in the wizard when I enter the location for the CMS it says SQL.xxx.local is already used.
Do I have to give my server two FQDN's.?
I have put the file share on the DC because its the only place it will allow, is this right as well?
Thanks in advance
I'm at a bit of a loss here and would like some help. Being a newbie at Lync deployment I ask that someone try and keep it simple.
We currently have 3 servers in our Lync 2013 Enterprise environment. CMS resides on the FE server and the DBs are located on one of our SQL servers. I am trying to figure out how to move the DBs to one of our other SQL servers. I've attempted some of the solutions in the following links, however both say to establish a Standard Edition Server in the environment before moving the CMS and backup/restore the DBs steps. The trouble I'm having is getting the SE server setup and in the pool to accomplish this. Any and all help would be awesome!
http://blogs.technet.com/b/nexthop/archive/2010/12/20/change-a-pool-database-instance-when-the-pool-hosts-the-central-management-server.aspx
http://www.ucprofessional.com/2013/11/move-lync-server-2013-backend-databases.html
Thanks everyone!
Hello
Looking to upgrade to Win 2012 but I would like to upgrade one server at a time in a Lync 2013 pool.
Does anyone know if there are any issue with a Lync 2013 pool in a mixed Win 2008 R2 and Win 2012 OS environment?
I'm looking for MS documentation, if any?
Thanks :)
Hi,
trying to add archiving role to existing 2013 lync std edition, I want to colocate archive on same server
if I specify store as the server fqdn and rtc as the named instance it tells me already exists and red boxes the field in topology builder.
so I choose default instance tickbox instead but when adding the role in deplyment assitant it fails and says instance default cant be found.
What do I need to do? do I need to prestage the instance , if so how?
Cheers
Hi All
I need to move my File Store from one server to another. I have a single FE server running SfB Standard and i need to relocate the File Store as the server it is on will be decommissioned.
Is it as easy as creating new file store and assigning it to the FE or do i need to follow the process documented in the link below.
https://technet.microsoft.com/en-us/library/gg195742(v=ocs.14).aspx
This process is for Lync 2010 and i am not sure this is the process? please can someone clarify for me?
Many thanks
Joe
Joe
I am currently unable to renew my Lync Server 2013 OAuth certificate.
Assigning this through the wizard or shell completes without any errors but the new certificate is not shown in the wizard or shell and an event is logged under the replication service to say that the replication failed.
This appears to be the same error reported in http://social.technet.microsoft.com/Forums/lync/en-US/6e4b15f7-16a2-48d9-9cbe-1fc3ff8cf432/lync-server-2013-rtm-cannot-assign-oauth-certificate?forum=lyncdeploy and I've copied this in below.
The replication of certificates from the central management store to the local machine failed due to a problem with certificate processing or installation on the local machine Microsoft Lync Server 2013, Replica Replicator Agent will continuously attempt to retry the replication. While this condition persists, the certificates on the local machine will not be updated. Exception: Microsoft.Rtc.Management.Common.Certificates.CertificateException: Keyset does not exist ---> System.Security.Cryptography.CryptographicException: Keyset does not exist at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at Microsoft.Rtc.Management.Common.Certificates.CertAccessRule.CAPIModifyAccessRule(X509Certificate2 certificate, AccessRule rule, Boolean addRule) --- End of inner exception stack trace --- at Microsoft.Rtc.Management.Common.Certificates.CertAccessRule.CAPIModifyAccessRule(X509Certificate2 certificate, AccessRule rule, Boolean addRule) at Microsoft.Rtc.Management.Common.Certificates.CertAccessRule.ModifyAccessRule(X509Certificate2 certificate, AccessRule rule, Boolean addRule) at Microsoft.Rtc.Management.Common.Certificates.CertUtils.AddCertificateToStore(X509Certificate2 cert, StoreName storeName, IManagementReporter reporter) at Microsoft.Rtc.Management.Deployment.Core.Certificate.ImportFromPinnedArray(PinnedByteArray pfx, Boolean allowSelfSigned) at Microsoft.Rtc.Management.Deployment.Core.Certificate.ReplicateCMSCertificates(IScopeAnchor scope) at Microsoft.Rtc.Internal.Tools.Bootstrapper.Bootstrapper.ReplicateCMSCertificates(). Cause: The certificate provisioned in the central management store is invalid or cannot be handled on the local machine. Resolution: Ensure that certificates provisioned in the central management store are valid, have all needed issuer certificates included or installed on the local machine, and can be used with cryptographic providers available on the local machine.
There was a certificate in place for this previously but this issue was shown when trying to renew the existing certificate. I then removed the existing certificate and tried to add the new one but had the same issue. I also had the same issue when trying to re-import the certificate which was previously in use.
I have tried renewing through the Lync wizard and directly through the CA.
I have tested replication using get-csmanagementstorereplicationstatus which shows no issues.
There is only one front end server in the topology which is on Server 2012. The edge server is not using this certificate.
I have also tried using the domain wildcard certificate which has the same issue.
I'll update this with more detail and clarity if I can.
Thanks in advance!
Matt
If we need to add additional SIP domain to the existing set up will it requires down time?
What are the considerations need to be taken, if we have multiple sites in the Single organization?
Do the certificate need to be updated in all sites? Is there any other action need to be done on other sites?
Hello,
during "publish website" in the topology-builder i receive the following error:
How to fix this?
| Lync Server 2013 Deployment Log | Collapse All Actions |
| Action | Action Information | Time Logged | Execution Result | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
I've been wondering from a scaling perspective, when QOS is being implemented, the ports I know shouldn't overlap, and I see that server side port count is 8K or so, though does that imply that 8K different users can connect to the Front End server? I know that a Front End can support 6600 concurrent users, so is this correlation correct?
Can a client endpoint for audio consume more than one server side port? Lets say the Server Audio starts at 40803 and ends at 49151, so 8349 ports are available. Does a client endpoint consume more server side ports, or is it one client endpoint to one server side audio port?
Many thanks!
Christian
Christian Frank
Hi
I am getting this error on my Skype for busniess 2015 server . Any idea what is causing this and how can I resolve it.
**************************************************************
The delay between a publication and its notifications has reached the specified ERROR threshold.
Measured Publication/notifications delay is 161380967 milliseconds. The error threshold is set to 30000 milliseconds.
Cause: A burst of publications or an overloaded front-end is the likely cause of this alert.
Resolution:
Consider using manual override in order to change settings of the notification Queue worker.
**************************************************************************
Any help is much appreciated.
Lync 2013 environment and was trying to install the latest (Oct. 1) cumulative update. I have installed these updates dozens of times and they are easy with no issues. Last night, I had a failure while installing the web component update only. All the other updates installed correctly. Below is the error:
Product: Microsoft Lync Server 2013, Web Components Server -- Error 25541. Failed to open XML file C:\Windows\system32\inetsrv\config\applicationHost.config, system error: -2147024786
Well, before installing the cumulative update, I did modify the applicationHost.config file to get rid of an annoying error in the Lync Server log, event 41029 related to not being able to contact the web app server. The instructions I was given by someone are below:
UPDATED 09/2014: How to Manually Fix This Issue
Running IIS7.5? Don’t see the Start Mode in IIS, here is the manual method!
All I did was modify one line to include the startMode="AlwsysRunning"
Thinking this was the cause of the install error, I went back and removed what I had added, rebooted and ran the cumulative update install again and this time it worked! So what did I do wrong? Updates are installed but I still have that annoying event ID 41029! Note this is IIS 7.5, not 8 so I cannot just set the mode in the GUI for the Reach service.
Hi,
The IIS ARR 3.0 with hot fixes is installed on Windows 2012 Server to configure Lync External Web Services Only.
Lync Pool Name: lyncpool.mydomain.local
Internal Lync Web Services: lyncpool-web.mydomain.local (VIP on HLB)
External Lync Web Services: Lyncextweb.mydomain.com
- Public Cert Binding - Done
- Local Root CA - Done
- Server Farm
Name: LyncExtWeb
Server Name: lyncpool-web.mydomain.local (Internal Web Services URL)
with 8080 and 4443
URL Re-write
- Condition
{HTTP_HOST} - Matches the Pattern Pattern: LyncExtWeb.*
While trying to request URL https://LyncExtWeb.mydomain.com:443/abs/handler
it is failing and showing
Requested URL https://LyncExtWeb.mydomain.com:443/abs/handlerWhy the Physical path is getting \abs\handler from requested URL?
Different conditions has been tried but no luck.
Can any one suggest if the Server Name in Server Farm is OK and what should be the condition?
Cheers,
H.
Hello!
In order to get LRS Lync Room Systems online one must issue
Enable-CsMeetingRoom (and similar)
What does this command actually do, i.e. what settings in Lync Server are changed for this client type?
Thanks in advance!
HST
Hi,
When looking for the snooper logs I can see the following on the tracing section:
TL_WARN(TF_COMPONENT) [12]226C.25E8::11/23/2015-12:29:07.510.005925cd (S4,SipMessage.CheckNonAscii:sipmessage.cs(810))
The string with illegal characters:[0x0017][0x0003][0x0001][0x0001][0xFFFD]SIP/2.0 202 OK
Content-Length: 0
Has anybody success to dig in what is all about? I have seen some traces when the display name contains Scandinavian characters this seems to appear also.
Here is an example of the name problem:
TL_WARN(TF_COMPONENT) [10]226C.0E90::11/23/2015-12:29:09.623.00592e18 (S4,SipMessage.CheckNonAscii:sipmessage.cs(810))
The string with illegal characters:SIP/2.0 200 OK
FROM: "Test[0x00E4]l[0x00E4]n, User"<sip:+358123456789@company.com;user=phone>;epid=F39273BF4A;tag=5396b44e7c
TO: <sip:+358876543210@operatorSBC.domain.com;user=phone>;tag=SDniff899-_2A4X_7283d426g9
Display name was: "Testään, User". I wish there is a fix for the Snooper...
Other question is, is this problem really in the Snooper or with the process making the temporary file into Temp from the Tracing folder. The snooper in my mind is only reading and rendering the "OCSLogger_2015_11_23_14_55.txt" file from the %temp%\2 folder.
Petri
I am preparing to upgrade a very small Lync 2013 Standard Edition deployment to Skype for Business. I have run the topology builder, upgraded the front end server and published the topology. It run successfully, but shows this error:
Warning: Unable to check the security for the Deleted Objects
container. Only users who are listed as owners on the Deleted Objects security
descriptor are able to check the security on this container.
I am a member of Enterprise Admins and I have taken ownership of the Deleted Objects folder. Any other suggestions?
Similar case with no noted resolution: http://www.networksteve.com/windows/topic.php/Active_Directory_Deleted_objects_waning/?TopicId=70269&Posts=5
Daryl Sensenig Tents For Rent
Hi,
We had pure Lync 2013 environment. I checked that Lync Hybrid deployment in Technet page had an "Important" notice.
"The administrative tools should be installed on a separate server that has access to connect to the existing on-premises deployment. The Move-CsUser cmdlet to move users from your on-premises deployment to Skype for Business Online must be run from the administrative tools connected to your on-premises deployment."
https://technet.microsoft.com/en-us/library/jj205403.aspx
Does anyone know this notice is for all topology or only for pure Lync 2010?
Is it we can use existing front end Lync 2013 server to migrate user form on-perm to online?
Thanks.
Hi there,
I was reading this: "Changing the Edge pool associated with a Front End pool in Lync Server 2013" on the Technet and started to wonder how many next hops we do
have in Lync:
- Edge pool
- Persistent chat
- Mediation Pool
- Trusted application pools
If the FE pool where they have associated is lost, those pools becomes unavalable until administrator come and configure new next hop for them. With hope that the FE pool was not the same which hosted the CMS.
Did I understood correctly, isn't that slighly vulnerability for troubles? Why we just cannot have two next hops, like primary and secondary? :)
Petri