Quantcast
Channel: Lync Server 2013 - Management, Planning, and Deployment forum
Viewing all 5984 articles
Browse latest View live

Can't get communication to outside working

August 15, 2018, 10:48 pm
$
0
0

Hello,

I have the honor to "fix"  an exisiting Lync 2013 installation with 1 Edge and 1 Front-End server.

The edge server is located in DMZ and the FE server in the office LAN. The edge has 3 IPs for AV, Conference and Edge

Users can do IM internally, but can't with outside users. Also when I am on the internet and use Skype for Business client, I can start and logon with Sfb Client properly, send IM to Company users, but not to outside users. When I IM to an external user I directly get an error, stating the message could not be send and I should try later. with red cross.

I did some troubleshooting, check the NATs, open ports etc. All looks ok. I checked the Lync config and IM to external users is allowed. There are no errors in the eventlogs on the Lync servers.

I used the Remote Connectivity Analyzer (RCA). Connectivity test is successful when using port 443 and  manually enter the SIP server. When using port 5061 I get an error: The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

When using RCA autodiscover, connectivity fails because there is a wildcard DNS entry. Autodiscovery process successfully resolves the sipinternal.domain.com record and fails. Could the wildcard DNS cause the issue I have? Or the certificate error on port 5061?

Can anyone please help me find and resolve this issue, so that users can do IM and AV with external companies? What steps could I best take to solve this?

I also see the Lync FE and EDGE aren't updated with Lync updates since 2015.

PS. I don't have a lot of knowledge of Lync. So pls. bear with me.

Thanks.




Search

Counter Failed Ucs Subscriptions

August 16, 2018, 1:52 am
$
0
0

Greetings.

We have Lync 2013 Standard pool with several servers.

Suddenly SCOM started to report that monitor: "Performance" - "LS Server Role hosts User Service Category" - "Performance - LS User Service" - "User Service host Presence Focus Component" - "Performance - LS Presence Focus Component" - "Failed Ucs Subscriptions - LS Presence Focus Component" is over threshold.

I have started Performance Monitor with counters:

USrv - Number of failed contact subscriptions to Exchange

USrv - Number of failed contact subscriptions to Exchange to http request time outs

Counters show big count with very low raising. I supposed that it was raised after Oauth certificate expiration and renewal.

All Lync servers and Exchange Servers were IISReseted and rebooted. But still same counts.

Btw, everything works fine. All tests to check UCS done successfully.

How to reset that counts?


P.S.: Strange thing, but I can't find such monitor in S4F 2015 SCOM MP.

Steps for Patching Lync 2013 Edge and Mediation Servers

August 16, 2018, 5:46 am
$
0
0
Could you please help me with patching Lync 2013 edge and mediation servers.

Kumud Raghuwanshi Skype For Business Administrator


Lyncdiscoverinternal.domain.com dns record is published on public dns and is pointing to external web service.

August 16, 2018, 7:31 am
$
0
0

Lyncdiscoverinternal.domain.com dns record is published on public dns and is pointing to external web service, will this create some impact on login request. 

Kumud Raghuwanshi Skype For Business Administrator

An unauthorized delegate operation was attempted.

September 29, 2014, 10:51 am
$
0
0

I am working in a Lync 2013 Enterprise environment, with all updates installed as of today. I have a user who used to be set up with the telephony role 'enterprise voice' enabled. She is now set up as 'PC to PC only', since her job function has changed, and enterprise voice is no longer required. While she was set up with the 'enterprise voice' role, she had 5 people set up as her delegate. 

After she was changed to the 'PC to PC only' role, my LS User Services log is filled with the following error:

An unauthorized delegate operation was attempted.

In the past 1 minutes the server received 5 unauthorized delegation operations. The last attempt was by yyyyyyyy@domain.com trying to act as a delegate for xxxxxxxx@domain.com(user xxxxxxxx is the one who is now PC-PC Only)
Cause: Either the delegate relation is not configured correctly or this is an attacker.
Resolution:
No action needed unless the number of these events is large.

I am getting this error ever 5 minutes or so. SEFAUtil.exe doesn't list anyone as her delegate. I have gone as far as removing her Lync account and re-enabling it, which solved nothing. This leads me to believe the error is coming from the people who used to be her delegate. I looked in the Lync database, but could not identify any tables or columns that would contain these relationships. 

We are a small school district with few technical resources, so any help is greatly appreciated!

Failover Issues

August 27, 2018, 7:11 am
$
0
0

So we did some maintenance to our Main on premise Lync Frontend server this weekend adding more drive space. We planned for the worst in that we wanted to failover all users to our second Frontend server. These are the steps we went through:

Invoke-CsManagementServerFailover -BackupSqlServerFqdn LyncFE2.domain.com -BackupSqlInstanceName RTC -Force

Get-CsManagementConnection

Get-CsConfigurationStoreLocation

Set-CsEdgeServer -Identity EdgeServer:lsedgepool01.Domain.com -Registrar Registrar:LyncFE2.Domain.com 

Invoke-CsPoolFailover -PoolFqdn LyncFE1.domain.com

Here is screenshots of our Topology:

My Problem happened on the last command. I did not see the users move from FE1 to FE2 plus I got a"WARNING: Cannot find "RegistrarConfiguration" "Registrar:LyncFE2.domain.com" because it does not exist.

I Also saw some errors that said LyncFE2 did not have permissions to the DCOM to move users. 

The failback work flawlessly but it did not have to move the users. 

  • When you failover should you have to change the login server or should the pool be doing the authentication? I tried to login and had to manually change the login from FE1 to FE2 and I logged in but could not make phone calls.
  • I some research and realized I think is because FE2 is listed in the Mediation Pool it does not have the settings or is it listed in the "Trunks" section. If I try to put it there with FE1 then all calls fail. Can you both servers listed in Trunks?

I am trying to document the complete process of failover.

Lync 2013 Edge Server: Import-CSConfiguration -FileName "C:\Edge.zip" -Verbose -LocalStore Error:cannot open database "xds" requested by the login. The login failed. Login failed for user "workgroup\edgeadmin"

August 30, 2018, 11:48 pm
$
0
0

I have just migrated our Lync 2010 standard server to Lync 2013 Enterprise server but after I moved the CentralMgmtStore to Lync 2013 and Decommissioned the Lync 2010 successfully. I got an error logged in FE ID: 41024 and 41026 states that

"NO connectivity with any of Web Conferencing Edge Servers"

I visit the EDGE server and found out that the Lync services are not running except for Replicator Agent:

I have tried the following but no luck:

  • ReStart the Services
  • Restart the Lync Edge Server

Then I visited the Lync Deployment wizard and found found out that the step 1-3 step is not completed anymore.

  • Step 1: Install Local Configuration Store
  • Step 2: Set-up or Remove Lync Server Components
  • Step 3: Request, Install or Assigned Certificate

I tried to re-RUN Step 1: Install Local Configuration Store and Import the csconfiguration "edge.zip" once again but I encountered below error:

"Import-CSConfiguration -FileName "C:\Edge.zip" -Verbose -LocalStore Error:cannot open database "xds" requested by the login. The login failed. Login failed for user "workgroup\edgeadmin"

Note: Edge Server is not domain joined.

can someone have any idea on how to resolved this issue?

Thanks.

Lync 2013 FE- Local BE Store could not be acquired

August 31, 2018, 9:41 am
$
0
0

Dear Team,

Lync server front end service wont start after cumulative update 10 on Lync 2013. below is the error from events logs 

Local backend store could not be acquired

Sql instance: local\rtclocal database: rtc could not be acquired

cause: connectivity issues with the database or issues with the sql server

I have verified SQL connectivity is fine and Local SQL server is running.

Any suggestions.

Search

TLS 1.2 Questions

September 4, 2018, 11:10 am
$
0
0
So I have an on premise lync 2013 server and I got an email about Office 365 not supporting TLS1.1 after October 31st. Where do I stand in this? I have on premise servers but Voicemail in Office 365. Does that mean they will update Lync and my phones will stop working or voicemail is going to be broken until I get new phones?

Lync Edge DMZ security issue

February 11, 2014, 11:50 pm
$
0
0

hello,


I have standard infrastructure: 2013 Lync FE internally with Lync 2013 edge in DMZ, 3 different ip for sip, av and webconf 

everything was configured in help of technet , everything works perfectly, but I noticed one problem, when I try to reach external ip of sip service without dns, just ip address, I get 

Status: 404 Not Found
Server: RTC/5.0
FQDN: LEDGEOPP01.domain.com
this only working in chrome and firefox, IE just gives 404 error
why it gives domain name? I really dont want anyone to know internal domain name so easy, how can I remove it?

Lync 2013 mobility stopped working after server patching

September 9, 2018, 1:36 am
$
0
0

Hello,

yesterday a performed OS patching of our Lync 2013 standard edition server through Windows update service. Everything went okay, server was restarted after patching and went up fine with all Lync services, but access through mobile ceased to work. Now when I am trying to sign in, I get the notice "We cant connect you to the server, check network connection". I had mobility configured properly before, and I have no issues connecting to mobile SfB client with account residing on site that I havent patched yet.

So, my question is - is there any known KB/update that would cause problems with mobility? 

Or is there anything that you would suggest to check in order to troubleshoot?

Thanks for any advice,

Tomas

EDIT: lyncweb and lyncdiscover websites are reachable from outside normally, connection to frontend over 443 seems to be okay...


Unable to assign Lync OAuth Certificate

March 27, 2014, 8:10 am
$
0
0

I am currently unable to renew my Lync Server 2013 OAuth certificate.

Assigning this through the wizard or shell completes without any errors but the new certificate is not shown in the wizard or shell and an event is logged under the replication service to say that the replication failed.

This appears to be the same error reported in http://social.technet.microsoft.com/Forums/lync/en-US/6e4b15f7-16a2-48d9-9cbe-1fc3ff8cf432/lync-server-2013-rtm-cannot-assign-oauth-certificate?forum=lyncdeploy and I've copied this in below.

The replication of certificates from the central management store to the local machine failed due to a problem with certificate processing or installation on the local machine Microsoft Lync Server 2013, Replica Replicator Agent will continuously attempt to retry the replication. While this condition persists, the certificates on the local machine will not be updated.

Exception: Microsoft.Rtc.Management.Common.Certificates.CertificateException: Keyset does not exist
 ---> System.Security.Cryptography.CryptographicException: Keyset does not exist

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
   at Microsoft.Rtc.Management.Common.Certificates.CertAccessRule.CAPIModifyAccessRule(X509Certificate2 certificate, AccessRule rule, Boolean addRule)
   --- End of inner exception stack trace ---
   at Microsoft.Rtc.Management.Common.Certificates.CertAccessRule.CAPIModifyAccessRule(X509Certificate2 certificate, AccessRule rule, Boolean addRule)
   at Microsoft.Rtc.Management.Common.Certificates.CertAccessRule.ModifyAccessRule(X509Certificate2 certificate, AccessRule rule, Boolean addRule)
   at Microsoft.Rtc.Management.Common.Certificates.CertUtils.AddCertificateToStore(X509Certificate2 cert, StoreName storeName, IManagementReporter reporter)
   at Microsoft.Rtc.Management.Deployment.Core.Certificate.ImportFromPinnedArray(PinnedByteArray pfx, Boolean allowSelfSigned)
   at Microsoft.Rtc.Management.Deployment.Core.Certificate.ReplicateCMSCertificates(IScopeAnchor scope)
   at Microsoft.Rtc.Internal.Tools.Bootstrapper.Bootstrapper.ReplicateCMSCertificates().
Cause: The certificate provisioned in the central management store is invalid or cannot be handled on the local machine.
Resolution:
Ensure that certificates provisioned in the central management store are valid, have all needed issuer certificates included or installed on the local machine, and can be used with cryptographic providers available on the local machine.

There was a certificate in place for this previously but this issue was shown when trying to renew the existing certificate. I then removed the existing certificate and tried to add the new one but had the same issue. I also had the same issue when trying to re-import the certificate which was previously in use.

I have tried renewing through the Lync wizard and directly through the CA.

I have tested replication using get-csmanagementstorereplicationstatus which shows no issues.

There is only one front end server in the topology which is on Server 2012. The edge server is not using this certificate.

I have also tried using the domain wildcard certificate which has the same issue.

I'll update this with more detail and clarity if I can.

Thanks in advance!

Matt

Skype for Business Online issue

September 16, 2018, 8:51 am
$
0
0

we have 2 sip domains and hybrid with Skype for business online. Onprem has SFB 2015 FE servers and Lync 2010 edge servers. Everything is working fine in Hybrid mode. Now we need to remove Lync 2010 edge  servers with SFB 2015 edge servers. After doing this change to SFB 2015 edge servers, users in our one SIP domain are not able to ping, see presence with SFB online users. For other domain everythig is working fine.  Client side SIP logs shows : ms-diagnostics: 1017;reason="Cannot route From and To domains in this combination";summary="Domain type analysis indicates that the ms-split-domain-info header in the message is the wrong type.

Can someone guide to troubleshoot this in which direction? 

 

Topology builder encountered an issue and cannot publish the topology.

February 17, 2014, 11:46 pm
$
0
0

Hi all,

Initially I have created a topology and with central management store in the domain controller.
DC\rtc
Then i deleted the existing topology and created a new one in the server where i'm running Lync deployment wizard.
memberserver\rtc.
But, now i'm getting some error while publishing the topology.

Edge pool servers CMS replication showing as False

September 17, 2018, 11:24 pm
$
0
0

I have a newly deployed Edge pool with two servers in SFB. The internal certificate installed in Edge servers only contains edge pool fqdn in CN and SAN entry.

I am trying to invoke the CMS, but it always shows as False. While browsing url https//<edge server fqdn>:4443/replicationwebservice/ I get certificate error. After clicking on Non Recommended, I get XML page.

However, while browsing https://<edge pool fqdn>:4443/replicationwebservice/, no error comes.

I have read articles, that there is no requirement to include edge server fqdns as SAN in internal certificate, which is what I followed. But the CMS replication is showing as False.

Please help to resolve this.


Search

Bug on the Skype documents?

September 19, 2018, 11:41 pm
$
0
0

Hi,

The documents of New-CsNetworkRegions says that mandatory parameters are:

    -CentralSite <String>
        Required?                    true

    -Identity <XdsGlobalRelativeIdentity>
        Required?                    true

    -NetworkRegionID <String>
        Required?                    true

But e.g. the examples on there are without "NetworkRegionID", and when I tested, I really can set the NetworkRegion without NetworkReqion ID. And this gets funny when testing it as they requires:

New-CsNetworkRegion -Identity EMEA -CentralSite centSite -NetworkRegionID EMEA

I get the following error:

New-CsNetworkRegion : Parameter set cannot be resolved using the specified named parameters.

Is this a problem on document and help, or do I misunderstood that?

Petri

Move federation and xmpp to new Skype for business edge pool

September 20, 2018, 2:09 am
$
0
0

I have recently added a new SFB 2015 FE and Edge pool in existing Lync 2013 topology. The federation and xmpp is currently enabled in Lync 2013 edge pool. I have to move this to SFB 2015 Edge pool and change required DNS records. And decommission Lync Edge.

The Lync Edge pool (2 servers within) uses same IP for all three services, but SFB 2015 Edge pool (2 servers) uses 3 different IPs.

Anyone please suggest the complete steps to do this with minimal downtime or any reference article.

Thanks

Oauth certificate renewal

September 20, 2018, 3:06 am
$
0
0
We are going to replace the Oauth certifcate used by our Skype for business 2015 servers. We have two pools. My query is do I need to restart both the Pools once I assign the new Oauth Certificate? and also If I assign it  to one server will it be replicated to the servers in both the pools and also on edge servers ?

SIP domain name change gets presence unknown

September 20, 2018, 9:44 am
$
0
0

Hello,

We are having issues with some users that show presence unknown with some people in their Skype contact list. We have tried the options below. Sometimes it starts showing presence correctly, sometimes it doesn't. It also, will work one day and then stop working the next day. MS says it could take 24 to 48 hours to sync. It's been over 48 hours. Do you know why it sometimes works and sometimes it doesn't? Or is there something else we should be doing? TIA

1. Remove contact from users Skype

2. Search again with full email address (shows two contacts, one available and one presence unknown) 

3. Save the contact that shows the correct presence to Skype<u5:p> </u5:p>

And

1. Completely close Outlook and Lync

2. Go to C:\Users\”user_profile”\AppData\Local\Microsoft\Office\16.0\Lync

3. Delete the folder sip_”email_address”

4. Open the Tracing folder and then delete all folders and files.

5. Open Lync and Outlook

6. Wait 15 minutes and search for user

<u5:p>and </u5:p>

  1. Remove any contacts in Outlook for user
  2. Add contact back to Outlook
  3. Verify IM in contact is the new address

Regards,Mitch

Simple URL HTTP 500 error

September 24, 2018, 12:24 am
$
0
0

Hello.

We have Lync Server 2013 Enterprise. There is one Front End server in pool. Also we have EDGE, ADFS and Web Application proxy servers. Simple URLs for meet.domain.com and dialin.domain.com published on WAP server. From external network meet link works fine. But dialin  show HTTP 500 error. But from internal network both links work fine. I found article about same problem. Solution was check authentication methods on FE servers. Both sites (External and Internal) on Windows Authentication must have first provider NTLM, and then Negotiate. I did this configurations. And dialin link also start working from external network. But later it stopped working again. No changes was made. Has anyone encountered a similar problem?

Viewing all 5984 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>