LS Storage Service 32054, A New Twist

Stop me if you’ve heard this one before…  “A guy walks into a bar, and says ‘Ouch'”.  Also, a Skype administrator reviews the Frontend Event logs and sees LS Storage Service errors, event id 32054, and says ‘ignore’.  Guess what, not today!!!

Log Name:      Lync Server
Source:        LS Storage Service
Date:          12/19/2016 9:32:45 AM
Event ID:      32054
Task Category: (4006)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SFB2015.Company.net
Description:
Storage Service had an EWS Autodiscovery failure.

StoreWebException: code=ErrorEwsAutodiscover, reason=GetUserSettings failed, smtpAddress=Bob@Company.com, Autodiscover Uri=https://autodiscover.Company.com/autodiscover/autodiscover.svc, Autodiscover WebProxy=<NULL>, WebExceptionStatus=ConnectFailure —> System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 40.96.38.248:443

Our environment is a common one now I think, a combination of Exchange Online with Skype for Business On Premises.  And unlike the people who are Both Online, or Both OnPrem, our Skype for Business Mobile client doesn’t get to enjoy server side Conversation History.  The key reason, OAuth.  I’ve gone through the Microsoft process of configuring Onprem with Online, and it’s ugly, MSLink and honestly couldn’t tell if it did anything and it certainly didn’t get my Server-Side Conversation History working for mobile devices.  Fortunately a hero comes along, in this case Aaron Marks, who developed a script to make that step soooo much easier and quicker.  Configure-OAuth.  There are a couple of items you need to install on a Frontend, MS Online Service Sign-in Assistant and AAD PowerShell Download Link.  The key to this script that I keep forgetting, it MUST be run via the Azure Active Directory (AAD) PowerShell (elevated of course).  I keep trying with Skype PowerShell and fails miserably.  You must also be Global Admin on the O365 portal, Exchange and Skype Admin only is not sufficient.  Typical command:

Configure-OAuth_ExOn_Sfb_Server.ps1 -WebExt “webext.company.com”

Works extremely well, but still no conversation history for mobile.

This weekend I completed a pool-to-pool transition and I’m reviewing the logs, damn 32054.  Complaining about the Autodiscover again.  I’m thinking maybe the ExchangeAutodiscoverUrl line of csOAuthConfiguration is maybe supposed to be changed to autodiscover.outlook.com or something equally ridiculous. (damn, still can’t spell rediculus without autocorrect).  Next hero walks in, this time Adam Hand and he nonchalantly mentions to set the ExchangeAutodiscoverUrl with HTTP instead of HTTPS.  I don’t know where he got the divine inspiration for that gem, but a few expletives were emitted on my part.  Maybe all you super Skype Admins knew this, if so, you’re jerks.  :p  MS support certainly didn’t when I had a running conversation for 3 months about this exact scenario not working.

Summery: When Skype Onprem is deployed with Skype Online, the set-csOAuthConfiguration command would be as follows:

Set-CsOAuthConfiguration -Identity Global -ExchangeAutodiscoverUrl http://autodiscover.company.com/autodiscover/autodiscover.svc

Note the HTTP not HTTPS.  Also if you’re checking from you are just getting the URL from your CAS server, change the .xml to .svc.

Within about 5 minutes you should start to see some new entries in your event logs as follows.  Of course this is all assuming you have Autodiscover properly set up in the first place.  The SCRAMBLE’s I added just in case someone got some funny ideas…

And Test-CsExStorageConnectivity now works too.

Log Name:      Lync Server
Source:        LS Storage Service
Date:          12/19/2016 10:22:37 AM
Event ID:      32046
Task Category: (4006)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      SFB2015.Company.net
Description:
A properly configured certificate from the OAuth Token Issuer was found.

#CTX#{ctx:{traceId:184SCRAMBLE9420, activityId:”be6SCRAMBLE-adc”}}#CTX#
Found OAuthTokenIssuer Certificate, serialNumber=44SCRAMBLE00035, issuerName=CN=IRC-DC02, DC=Company, DC=net, thumbprint=6DESCRAMBLECE20
Log Name:      Lync Server
Source:        LS Storage Service
Date:          12/19/2016 10:22:37 AM
Event ID:      32048
Task Category: (4006)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      SFB2015.Company.net
Description:
OAuth was properly configured for Storage Service.

#CTX#{ctx:{traceId:184SCRAMBLE9420, activityId:”be6085f9-SCRAMBLE-f6df8f77badc”}}#CTX#
CsOAuthConfiguration validly configured
Log Name:      Lync Server
Source:        LS Storage Service
Date:          12/19/2016 10:22:37 AM
Event ID:      32052
Task Category: (4006)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      SFB2015.Company.net
Description:
OAuth STS was properly configured for Storage Service.

#CTX#{ctx:{traceId:184SCRAMBLE9420, activityId:”be6085f9-SCRAMBLE-f6df8f77badc”}}#CTX#
GetAppToken succeeded for request with sts=https://accounts.accesscontrol.windows.net/f5e8862b-SCRAMBLE-b67b33a9001a/tokens/OAuth/2

Log Name:      Lync Server
Source:        LS Storage Web Service
Date:          12/19/2016 10:26:15 AM
Event ID:      32001
Task Category: (1307)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      SFB2015.Company.net
Description:
Storage Web Service has been loaded.
Log Name:      Lync Server
Source:        LS Storage Web Service
Date:          12/19/2016 10:26:24 AM
Event ID:      32006
Task Category: (1307)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      SFB2015.Company.net
Description:
Storage Web Service request succeeded.

 

UPDATE Dec 27, 2016:  Well, apparently these event errors don’t disappear with the change, BUT, it does resolve the OAuth issue and I do get to have Server Side conversation history working with the Skype for Business Mobile client for a Skype OnPrem/Exchange Online environment.

Leave a Reply

Your email address will not be published. Required fields are marked *