Web.Config modifications due to Join Launcher change

Another new change in CU-277 is a new flag allowCrossDomainRequests=”true” added to the Web.config file as per KB3209567  Unfortunately, they failed to mention which one(s).  As it turns out, there are 60 web.config files in the Skype for Business installation folder, or at least there is in my installation, and all under Web Components.

The following folders contain a web.config file with allowCrossDomainRequests=”true” setting present in it.

Autodiscover\Ext
Autodiscover\Int
Join Launcher\Ext
Join Launcher\Int
UCWA\Ext
UCWA\Int
Web Ticket\Ext
Web Ticket\Int

Now, it seems that it doesn’t modify the file, but replaces the file and what is partially confusing is the last modified date of these file.  Join Launcher has a modified stamp on Dec 22, 2016 and UCWA is modified Oct 12, 2016.  The AutoDiscover and Web Ticket files date back to 2015 so not any recent changes.  It seems that regardless that the Join Launcher web.config is the only newly modified one, others are replaced as well.

Why I bring up the date, is I modify the UCWA web.config files, I change the key value for MobileApplicationExpiryTimeInDays from 15 to 1.  There was an issue with Skype Mobility clients and Call Forwarding would “break” because the server thinks the Mobile Client is still signed in so the Forwarding or SimRing to the mobile number won’t take place.  The setting change kicks the Mobile Client after 1 day, instead of waiting 15 days before timing out the client, and the problem because less noticeable.  Actually I haven’t had a complaint since.  We never could lock down when the issue would start, either the client was being updated when it was already signed in, or moving from internal to external networks, but something would happen that would change the client ID associated with that device, so even signing in and signing out didn’t matter as the registered ID on the server was new.  Why 15 days, no idea.  1 day works great and no negative consequences that I’ve ever detected.

If anyone has any other customization that they made to a web.config file, you may want to review them and see if they’ve been over turned.

That is actually one of my most favorite quotes, and probably from one of the best Futurama episodes, Godfellas.

Skype4b Mobility Push Notifications

So, yes, first off, haven’t we had this since Lync 2010 CU-whatever (Nov 2011) when we had to do all that mcx configuration whatchmajigger…  I thought that too, but in the last couple of Skype for Business Mobility clients, under the Settings I’ve noticed this:

Push Notifications Status
Not Supported. Please contact your system admin for additional information on how to enable Push Notifications.

I went through everything on my Skype for Business 2015 CU-272 deployed system, and everything was set correctly and enabled, which really isn’t much, Get-CsPushNotificationConfiguration, both MS and Apple are set to True.  Even had the good old “push.lync.com” entry in Allowed SIP Federated Domains list.  Yup, this environment has been around since at lease Lync 2010 days.

As most of you may already have noticed, CU-277 was released earlier this week, happened to be BC Family Day, only province/state in North America with a stat holiday, so everyone beat me to posting about it.  Now, I may be the only fool who has deployed it already, twice actually, and so far positive results, or at least none negative.

One of the fixes/features in the February:
3209568 Add Push Notification support for Skype for Business for iOS and Android clients in Skype for Business Server 2015
With as much detail in the KB as the title there.  I will try not to rant about the quality of the KB’s on this round, hopefully they will be updated with useful information soon.

With CU-277, the Set-CsMobilityPolicy has a new line item: EnablePushNotifications which is set to True by default.   Now Settings, under the Android 6.11.0.0 client version shows:

Push Notifications Status
Supported

I’ve also been experimenting on how to disable it.  Oddly enough, all my efforts thus far have been unsuccessful.  Perhaps a service restart was necessary, but alas, back into production

As there were few details with the re-release of Push Notifications, I am unaware of any new features or functionality as a result of this re-enablement.  Historically speaking, the Push Notifications were a way of alerting the Mobile client of new IM’s or Skype/Lync Voicemail’s, while the client itself might be suspended or only running in the background.  As a result, some power savings on the device might be achieved.

 

 

Err ma gerd, SIP ALG

Seriously, I don’t know what has changed, but this SIP ALG is the bane of Skype/Lync existence, and if it isn’t the corporate firewall, then it’s the home based users firewall.  Others have blogged on this, so mostly I’m just spreading the word.

It used to be that MS Skype for Business and Lync were so encrypted, that SIP ALG couldn’t touch it, so ALG settings didn’t affect it.  Un-encrypted SIP traffic such as Internet Telephony Services Providers (ITSP’s) SIP Trunks with Intelepeer, ThinkTel, etc, you especially had to make sure SIP ALG was disabled.

Main issue that is showing up, is that Desktop Sharing for home-based Skype for Business users.  Audio quality may also be impacted as well.

AT&T U-Verse:  http://masteringlync.com/2016/05/31/quick-tip-att-u-verse-modem-breaks-skype-for-businesslync/

  • Under Firewall, disable  Flood Limit and SIP ALG

Xfinity: http://communicationsknowledge.blogspot.ca/2017/02/unable-to-share-desktop-using-skype-for.html

  • Under Firewall | IPv4, set Firewall Security Level to Medium

Telus Routers: http://screenshots.portforward.com/routers/Actiontec/T2200H_-_Telus/SIP_ALG.htm

  • Under Advanced Setup | Modem Utilities

Netgear, D-Link, SonicWall, AT&T 2WIRE:  http://www.whichvoip.com/disable-sip-alg.htm

I do not have instructions for other internet providers at this time, but if you do, I’ll add them to the list if you post them in the comments section.

Yealink x.8.0.60 Firmware

Yealink has been on the long journey of developing their phone to work and be supported with Skype for Business.  Feb 9th their x.8.0.60 firmware was released.  Downloads can be found here:  Yealink Downloads  and updates are available for T40, T41, T42, T46 and T48.

Yealink are on the MS Certified list for IP Phones.  Though they haven’t re-certified yet, the integration with Exchange Online has been working for me for a while, but I have not tested at all with Skype Online.

New features include QoE metrics so we can new view the reported network stats, always useful when troubleshooting poor call quality.  Below is an example from a 25 minute call.

BToE works based on IP routing, so your PC doesn’t need to be connected to the port on the back of the phone if you don’t need/want to.  There appears to additionally be VDI support options, but I do not have the means for testing or validating this.

If you happen to have been running any beta firmware’s, or just experiencing any really weird issues such as: BToE not pairing and just flapping, or date stamps in the CDR showing a date of 1970, go through a factory reset through the web console.  With this version, I no longer have to perform any extra steps after a factory reset in order to connect to Skype on Prem with Exchange Online.  🙂

New Features and Functionality added with the x.8.0.60 and x.8.0.50 firmware updates:

  1. Added some new QoE metrics
  2. Optimized Meet Now
  3. Optimized BToE
  4. Added the feature of Yealink Redirection and Provisioning Server (RPS)
  5. Added the feature of Auto Provisioning via Activation Code
  6. Added the feature of Group Call Pickup
  7. Added the feature of Monitoring Skype for Business Contacts for Status Changes
  8. Added the feature of Private Line Ring Tones
  9. Added the feature of Hotline
  10. Added the feature of Music on Hold (MoH)
  11. Added the feature of Quality of Experience (QoE).
  12. Added the feature of Join Calls into a Conference
  13. Added the feature of DHCP Option 160 and Option 161
  14. Added the feature of Skype for Business Status
  15. Added the feature that you can view Outlook Contacts on T48G Skype for Business phone
  16. Added the feature of History Record Contacts Avatar

All in all, the T48G has been a good phone, no issues with the call quality and I like the big screen display it comes with.  Not the greatest touch screen, sometimes I click something twice and its something underneath that gets clicked, so a few accidental calls.

Full on screen keyboard for typing is great to have, especially for searching or authenticating.

Photo display, very nice to have.

Have a great weekend.

VVX Default Codec issues with Skype for Business

For a while now I’ve seen a randomly occurring call issues with clients using VVX phones.  There would sometimes be one way audio, or mostly no audio at all, but the call was connected.  Mainly with Response Group calls, but more recently I’ve encountered it on VVX to VVX Skype calls.

Fortunately it was so very similar to an issue I hit with Telus Cell phones making calls to Skype4b users who were behind and AudioCodes gateway and a Telus SIP trunks, which boiled down to a codec mismatch involving AMR.  Once the AudioCodes was locked down to only negotiate G.711Mu, problem solved. (I might have blogged about this already…)

Here is a screenshot from my VVX 600, with the default list of codec’s, though not in the default order:

Here is the RTP (Realtime Transport Protocol) mapping from a SIP trace, in bold are matching codec’s:

a=rtpmap:115 G7221/32000
a=fmtp:115 bitrate=48000
a=rtpmap:112 G7221/16000
a=fmtp:112 bitrate=24000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:9 G722/8000

And now one from a Skype for Business server for an inbound PSTN call to the same VVX phone:

a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:115 x-msrta/8000
a=fmtp:115 bitrate=11800
a=rtpmap:13 CN/8000
a=rtpmap:118 CN/16000
a=rtpmap:97 RED/8000

Oh, wait, 115 is a matching code, but the codec is all wrong.  This turns out to be G722.1C (48 kbps) from the VVX list.  According to Polycom forums which reference a page not found anymore, this codec is or is related to Siren14, and definitely not msrta/8000 aka Microsoft Realtime Audio Narrow band.

I did blog about this previously, Response Groups and Polycom VVX’s , but I hadn’t the time to dig in and confirm the offending codec, and I believe I now have.  I was also 3/4 the way through writing this when I realized I’ve already brought this subject to light.

Now from VVX600 to Skype for Business User, again bold are matching codecs:

a=rtpmap:115 G7221/32000
a=fmtp:115 bitrate=48000
a=rtpmap:112 G7221/16000
a=fmtp:112 bitrate=24000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:9 G722/8000

From Skype for Business User to VVX 600

a=rtpmap:104 SILK/16000
a=fmtp:104 useinbandfec=1; usedtx=0
a=rtpmap:114 x-msrta/16000
a=fmtp:114 bitrate=29000
a=rtpmap:9 G722/8000
a=rtpmap:112 G7221/16000
a=fmtp:112 bitrate=24000
a=rtpmap:111 SIREN/16000
a=fmtp:111 bitrate=16000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:103 SILK/8000
a=fmtp:103 useinbandfec=1; usedtx=0
a=rtpmap:116 AAL2-G726-32/8000
a=rtpmap:115 x-msrta/8000
a=fmtp:115 bitrate=11800
a=rtpmap:97 RED/8000
a=rtpmap:13 CN/8000
a=rtpmap:118 CN/16000
a=rtpmap:119 CN/24000

In this call, and because of my horrible ordering, I wanted to see if G7221/16000 was actually a viable codec.  Turns out it is, and according to a Jeff Schertz blog post, it’s a Siren 7 variant and nothing to do with G722.

I wasn’t able to test a VVX to VVX Skype call, but I suspect what may be happening in that situation is that the VVX’s are thinking 115 G7221/32000 but the Frontend translates and negotiates 115 x-msrta/8000, but that’s just a theory.

Resolution Time

Clean up time, and I have previously talked about this, but now I have a little bit more backing, and new case scenarios of when it’s impactful.

Siren22, G.722.1C, Siren14 and G.729AB can all be removed.  They’re not going to be used in a Lync/Skype environment, and because of potential cross matching on rtpmap=115 (I don’t know if it’s MS or Polycom issue), G.722.1c has to go.

Order Preference, G.722, G.711Mu (or A depending on your region) and optionally keep G.722.1 (24 kbps).  In the environments where I’ve cleared up the issues, I did remove G.722.1, but it wasn’t till today that I discovered it was actually a viable codec, doesn’t mean I trust it though.

If you happen to have a VVX 600, toast the Video Codecs as well, the camera that came with the phone last worked in a Lync 2010 environment.

If you have a Provisioning server, here is a code snippet to clean up your codec’s:

<WEB video.codecPref.H261=”0″ video.codecPref.H263=”0″ video.codecPref.H2631998=”0″ video.codecPref.H264=”0″ voice.codecPref.G711_A=”3″ voice.codecPref.G711_Mu=”2″ voice.codecPref.G722=”1″ voice.codecPref.G7221.24kbps=”4″ voice.codecPref.G7221_C.48kbps=”0″ voice.codecPref.Siren14.48kbps=”0″ voice.codecPref.Siren22.64kbps=”0″ voice.codecPref.G729_AB=”0″ />

If you still have troubles with VVX to VVX Skype calls, change the 4 to a 0 and get rid of it too.

VVX IP based Pairing

Hiding in the VVX 5.5.1 and BToE 3.4.x builds is some nifty code allowing for IP based phone pairing.  As it’s not in the released documentation we can assume this may not be meant for production.

Test/try this at your own peril, and certainly do not use with your Receptionist…  I have not encountered any issues, but I’m not a hard core handset user.  My configuration is with two separate LAN drops, one for my tower and one for my VVX 600.  I do not have a VDI environment to test this with and see if it works in that scenario, but I’ve had a few customers who have separate LAN ports for IP phones, with PoE gear, and are very anxious to have IP based BToE pairing become available.

First off, your VVX phone MUST be running 5.5.1.11526 or higher code.  5.5.1.12442 was released yesterday and so far so good with this new version.

Second, you need to have installed the Polycom BToE Connector, 3.4.x.  3.4.1 was released yesterday, so far so good.

Third, modify the Windows Registry.  If you are reading this post, I hope you are proficient enough with editing the registry with out blowing it up.

Close the BToE Connector, if it’s currently running, open up RegEdit and drill down to the following key:  HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Polycom\Polycom BToE Connector  There should be a DWORD value called:  IP_PAIRING_EN, set it to 1.

Forthly, we need to add the following entries to the phone configuration as they are not exposed in the Web GUI.  I set up my own provisioning server, you can optionally Export  Configuration, add the entried, then Import the modified Configuration.
feature.btoe.IPPairing.enabled=”1″
btoe.pairingMode=”IPPairing”

After you phone has rebooted, fire up the Polycom BToE Connector.  Right-click on the BToE icon in the SysTray and select “Pair with Phone”, and you’ll see the following screen.  Enter in the IP address of your phone and click Pair.

You may be prompted in your Skype client for credentials, but otherwise you should be good to go.

Last reminder, not supported at this time by Polycom, test/play at your own peril.

 

Post Skype Installation SQL tasks part 2 – Maintenance

As mentioned in Part 1, not performing SQL maintenance can lead to strange behavior issues when the RTCXDS database hits its size limit of 16 Gb, such as;  login issues, conferencing issue, adding/removing users, modifying groups lists, etc..   I’m not sure if anyone is aware of a reason that there is still a 16 Gb limit on this one Skype database, where the rest are unlimited, however, the rest of the database do not appear to infinitely grow like this one does.  Some Admins suggest removing the limit, problem solved, except much of the used space is reclaimable white space.  So much like and Exchange database needs to have a backup run before whitespace can be reused, so to must SQL.

Discuss with your SQL Admins, if you have them, before checking and or making the following changes.  And it should go without saying, backups are important and below is what is minimally necessary if you do not have a full SQL backup solution, and the backup files created by this method should at least be part of a nightly File backup process, scheduled accordingly.

  1. Log onto the SQL server, recommended with an account that has SYSADMIN privileges.
  2. Expand the Management container and Maintenance Plans.  If none exist, then we have some work to do.  If there are some present, then investigate before continuing.
  3. Right-click on Maintenance Plans and select New Maintenance Plan Wizard, click Next.
  4. Pick a Name of your choosing or leave as default, but a little information is always helpful.  Click on the Change button to create a schedule for this Plan.  Pick a Daily, non-busy time of day for this Recurring Activity.  Click Ok. Click Next.
  5. Under Select Maintenance Tasks, we want the following; Shrink Database, Back Up Database (Full), Back Up Database (Transaction Log), and Maintenance Cleanup Task.  Some get adventurous and also work on the Indexes; I do not.  Click Next.
  6. Task order: 1-Backup Full, 2-Backup TransLog, 3-Shrink DB, 4-Maintenance cleanup.  Click Next.
  7. Full Backup Database Task.
    • Databases:  All User Databases
    • Backup Set will expire:  After 2 days
    • Back up to:  Disk
    • Create a backup file for every database:
      • Folder: E:\MSSQL\Backup
      • Backup file extension:  BAK
  8. Transaction Log Backup
    • Databases:  All User Databases
    • Backup Set will expire:  After 2 days
    • Back up to:  Disk
    • Create a backup file for every database:
      • Folder: E:\MSSQL\Backup
      • Backup file extension:  TRN
  9. Shrink Database.  The debate is open on free space to keep.  There is overhead when the database has to expand again, this should hopefully find a good balance.
    • Databases:  All User Databases
    • Shrink database when it grows beyond: 250 MB
    • Amount of free Space to remain after shrink: 20%
    • Return freed space to operating system
  10. Maintenance Cleanup Task
    • Delete files of the following type:  Backup files
    • Search folder and delete files based on an extension:
      • Folder:  E:\MSSQL\Backup
      • File extension: *.*
      • Delete files based on the age of the file at task run time: 3 days
  11. Select Report Options
    • Write a report to a text file:  E:\MSSQL\Backup
  12. Click Next and Click Finish.  Assuming success on the task creation process, click Close.
  13. Test the new plan by right-click the DatabaseMaintenancePlan and select Execute.
  14. Assuming Success, check out your backup folder.  IF you are performing these above tasks because you have maxed out your RTCXDS database, you may need to Execute 2 or 3 time before you gain significant space returns.

The RTCXDS databases do have minimum database sizes, so do not be alarmed when the backup files are a fraction of the database and transaction log size.

Check the backup folders after a couple of days to confirm that clean up is happening.  You do not want to inadvertently fill up a drive due to a typo or missed setting.

If you have Mirrored SQL server, you should create the above tasks on both the primary and mirror, but not at the same scheduled time.  Only the server running as Principal for that Database will actually backup, but if you have an unknown failover to the mirror node, maintenance will still continue.

Additional relevant information on the topic:  http://www.confusedamused.com/notebook/lync-2013-and-the-rtcxds-16-gb-transaction-log-limit

Post Skype/Lync Installation SQL tasks Part 1 – Permissions

SQL, the Skype/Lync “Backend” server that can perform many or few functions for Skype depending on Enterprise or Standard type deployments.  Often times it’s left as “can someone else take care of it?”.  Then I get called because someone’s implementation can’t create new meetings, users can’t be added, or any number of oddness starts happening when the RTCXDS database is maxed out.  The other lovely issue is when someone deletes the account that was used to install Skype/Lync, and proper preparations haven’t been made to the SQL permissions and the SA account wasn’t enabled, or the password forgotten…  Real good times.

Permissions

If you do not have a dedicated SQL resource, who typically would be doing this anyway, I suggest setting up a SQL Admin group.  For this demonstration I will create one called “Skype SQL Admin”, for an environment that has two Skype Enterprise Pools, with two pairs of SQL 2012 Mirrored servers with a SQL 2012 Express for Witness.  Some environments I’ve known set up a SQL group for each SQL server, but as these servers are all dedicated to one purpose, one group will suffice.

  1. Create one Universal Security Group, e.g. Skype SQL Admin
  2. Add relevant users to this group, or add CSAdministrators/RTCUniversalServerAdmins groups.
  3. On each Skype SQL server, add the above group to the local Administrators group.  This should allow members of that group to log onto the server, but access to SQL will be very limited, to the point you may only see 3 or 4 logins under Security | Logins.
  4. With an account that does have SysAdmin to the SQL server, open up the SQL Server Management Studio and Connect.  If you look under that same Logins container, you should see 12+ users and groups listed, include several more RTC Universal groups.
  5. Right-click Logins, select New Login.
  6. Click Search
  7. Click Object Types button and check Groups
  8. Click Locations button and select either Entire Directory or the specific domain
  9. Enter Skype SQL Admin, click Check Names, click OK.
  10. In the upper left pane, select the Server Roles page.
  11. Add checkmark to SysAdmin.  Click Ok
  12. Done.  Log in with account that was added to the selected group.

Be sure to discuss any changes with your SQL admins, if you have them, as well as to confirm that there is another account to Sysadmin access the databases.

LS Storage Service 32054, A New Twist

Stop me if you’ve heard this one before…  “A guy walks into a bar, and says ‘Ouch'”.  Also, a Skype administrator reviews the Frontend Event logs and sees LS Storage Service errors, event id 32054, and says ‘ignore’.  Guess what, not today!!!

Log Name:      Lync Server
Source:        LS Storage Service
Date:          12/19/2016 9:32:45 AM
Event ID:      32054
Task Category: (4006)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SFB2015.Company.net
Description:
Storage Service had an EWS Autodiscovery failure.

StoreWebException: code=ErrorEwsAutodiscover, reason=GetUserSettings failed, smtpAddress=Bob@Company.com, Autodiscover Uri=https://autodiscover.Company.com/autodiscover/autodiscover.svc, Autodiscover WebProxy=<NULL>, WebExceptionStatus=ConnectFailure —> System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 40.96.38.248:443

Our environment is a common one now I think, a combination of Exchange Online with Skype for Business On Premises.  And unlike the people who are Both Online, or Both OnPrem, our Skype for Business Mobile client doesn’t get to enjoy server side Conversation History.  The key reason, OAuth.  I’ve gone through the Microsoft process of configuring Onprem with Online, and it’s ugly, MSLink and honestly couldn’t tell if it did anything and it certainly didn’t get my Server-Side Conversation History working for mobile devices.  Fortunately a hero comes along, in this case Aaron Marks, who developed a script to make that step soooo much easier and quicker.  Configure-OAuth.  There are a couple of items you need to install on a Frontend, MS Online Service Sign-in Assistant and AAD PowerShell Download Link.  The key to this script that I keep forgetting, it MUST be run via the Azure Active Directory (AAD) PowerShell (elevated of course).  I keep trying with Skype PowerShell and fails miserably.  You must also be Global Admin on the O365 portal, Exchange and Skype Admin only is not sufficient.  Typical command:

Configure-OAuth_ExOn_Sfb_Server.ps1 -WebExt “webext.company.com”

Works extremely well, but still no conversation history for mobile.

This weekend I completed a pool-to-pool transition and I’m reviewing the logs, damn 32054.  Complaining about the Autodiscover again.  I’m thinking maybe the ExchangeAutodiscoverUrl line of csOAuthConfiguration is maybe supposed to be changed to autodiscover.outlook.com or something equally ridiculous. (damn, still can’t spell rediculus without autocorrect).  Next hero walks in, this time Adam Hand and he nonchalantly mentions to set the ExchangeAutodiscoverUrl with HTTP instead of HTTPS.  I don’t know where he got the divine inspiration for that gem, but a few expletives were emitted on my part.  Maybe all you super Skype Admins knew this, if so, you’re jerks.  :p  MS support certainly didn’t when I had a running conversation for 3 months about this exact scenario not working.

Summery: When Skype Onprem is deployed with Skype Online, the set-csOAuthConfiguration command would be as follows:

Set-CsOAuthConfiguration -Identity Global -ExchangeAutodiscoverUrl http://autodiscover.company.com/autodiscover/autodiscover.svc

Note the HTTP not HTTPS.  Also if you’re checking from you are just getting the URL from your CAS server, change the .xml to .svc.

Within about 5 minutes you should start to see some new entries in your event logs as follows.  Of course this is all assuming you have Autodiscover properly set up in the first place.  The SCRAMBLE’s I added just in case someone got some funny ideas…

And Test-CsExStorageConnectivity now works too.

Log Name:      Lync Server
Source:        LS Storage Service
Date:          12/19/2016 10:22:37 AM
Event ID:      32046
Task Category: (4006)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      SFB2015.Company.net
Description:
A properly configured certificate from the OAuth Token Issuer was found.

#CTX#{ctx:{traceId:184SCRAMBLE9420, activityId:”be6SCRAMBLE-adc”}}#CTX#
Found OAuthTokenIssuer Certificate, serialNumber=44SCRAMBLE00035, issuerName=CN=IRC-DC02, DC=Company, DC=net, thumbprint=6DESCRAMBLECE20
Log Name:      Lync Server
Source:        LS Storage Service
Date:          12/19/2016 10:22:37 AM
Event ID:      32048
Task Category: (4006)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      SFB2015.Company.net
Description:
OAuth was properly configured for Storage Service.

#CTX#{ctx:{traceId:184SCRAMBLE9420, activityId:”be6085f9-SCRAMBLE-f6df8f77badc”}}#CTX#
CsOAuthConfiguration validly configured
Log Name:      Lync Server
Source:        LS Storage Service
Date:          12/19/2016 10:22:37 AM
Event ID:      32052
Task Category: (4006)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      SFB2015.Company.net
Description:
OAuth STS was properly configured for Storage Service.

#CTX#{ctx:{traceId:184SCRAMBLE9420, activityId:”be6085f9-SCRAMBLE-f6df8f77badc”}}#CTX#
GetAppToken succeeded for request with sts=https://accounts.accesscontrol.windows.net/f5e8862b-SCRAMBLE-b67b33a9001a/tokens/OAuth/2

Log Name:      Lync Server
Source:        LS Storage Web Service
Date:          12/19/2016 10:26:15 AM
Event ID:      32001
Task Category: (1307)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      SFB2015.Company.net
Description:
Storage Web Service has been loaded.
Log Name:      Lync Server
Source:        LS Storage Web Service
Date:          12/19/2016 10:26:24 AM
Event ID:      32006
Task Category: (1307)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      SFB2015.Company.net
Description:
Storage Web Service request succeeded.

 

UPDATE Dec 27, 2016:  Well, apparently these event errors don’t disappear with the change, BUT, it does resolve the OAuth issue and I do get to have Server Side conversation history working with the Skype for Business Mobile client for a Skype OnPrem/Exchange Online environment.

tLDN, 127.0.53.53 and Edge servers

It’s hard to believe in coincidences in IT, but they do sometimes happens.  Last night a client made a firewall change over to newer, bigger hardware, but due to some glitch this morning they had to switch back.  BUT, they can no longer Federate to their sister companies.  Fun scenario, they’re companyA.ca, but they federate with companyA.com and companyA.de, and so on.  To make matters more interesting, they have stub zones on the internal DNS.  No biggie, using public DNS for name resolution anyway.

Suddenly name lookups started resolving everything to 127.0.53.53, which according to ICANN is the code word for name conflict.  It would seem that they brought online some new Top Level Domain Names last night, including .ADS.  Guess what the company is using for their internal domain name space… eyuup, companyA.ads.

You’re thinking, “Ok smart guy, why do I care?”.  Well, my experience and training goes back to OCS (some LCS) and I was mentored by a guru at Microsoft, thank you CG.  I was taught to not ever join the Edge to the domain, and you modify the Primary DNS Suffix of the Edge.  Now, I was taught to use the Internal DNS Namespace, you know the same as the FE’s and all that good stuff.  My good buddy, ML had the foresight when seeing all these new tLDN’s coming, to start using the same namespace as the company SIP domain.  Gee, wish I had.

For some very strange reason, on the Windows 2012 R2 Edge deployed server, all NSLOOKUP’s were appended with companyA.ads, resulting in a failed resolution of 127.0.53.53 for CompanyB.com.companyA.ads.  No suffixes on the NIC’s, in case anyone is wondering.

Resolution Time:  Easy, rename the edge server…  In my training, I always deploy an Edge Pool, even with a single edge being deployed, luckily I did that.  I was able to:

  1. add a “New” edge server with the valid tLDN, same IP addresses and everything.  Publish.
  2. Removed “Old” edge server. Publish. (changes replicate up to edge).
  3. On the Edge, run the Deployment Wizard.  Edge services are removed as a result.
  4. Update Primary DNS Suffix.  Reboot.
  5. Retest NSLOOKUP, yea Success.
  6. run Export-CsConfiguration, copy files up to Edge.
  7. Run the Deployment Wizard again, need to rerun Step 1: Install Local Configuration Store, using the new configuration file.
  8. Run Step 2 and reinstall the Server components.
  9. Double check the Certificate assignments.
  10. Start-CsWindowServices or Reboot.
  11. Bob’s your Uncle.

Practice going forward, using the SIP domain name space for the Edge Server name/suffix.

FYI, .CORP is coming down the pipe, and I believe .DEV is already available.