Skype for Business

In case you missed the announcement, Lync is being rebranded.

In the first half of 2015, Skype for Business will be released. An updated server component, new features for the on-premises, hybrid, and cloud versions will be released, and a new client will be released for business users. It will be an interesting time.

Read more at the Microsoft Office Blog.

For those that are into hash tagging, the unofficial hash tag is #skype4b

Keep an eye out on the Microsoft Office Blog for more information as it is released.

Posted in Uncategorized | Leave a comment

POODLE and the Impact on Lync–The Registry Settings

In case you haven’t heard from the many sources out there, not only does SSL 2.0 have multiple vulnerabilities, but SSL 3.0 is also vulnerable. For more information about POODLE and the impact on Lync, check Richard Brynteson’s blog here.

The key to the madness is that we don’t need SSL 2.0 or SSL 3.0, and we should protect ourselves from known vulnerabilities in SSL.

The easy fix is to make a few changes in the registry in Windows and then restart the servers to make sure that SSL 2.0 and 3.0 are not used.

Take the following text, copy it and save the file as a .reg file, and the import it into the registry. Restart the server, and you are done.

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

Or, just download my file here.

Posted in Uncategorized | 1 Comment

OWAS Configuration and -CertificateName

I downloaded my certificate and was working on configuring an Office Web App Server 2013 Farm. As I was running the New-OfficeWebAppsFarm cmdlet, I received an error as I was using Subject Name of the certificate for the –CertificateName option as shown here, along with the results of the command saying that it doesn’t work.

New-OfficeWebAppsFarm -internalurl “” -externalurl “” –certificatename “”

New-OfficeWebAppsFarm : Office Web Apps was unable to find the specified certificate.

At line:1 char:1

+ New-OfficeWebAppsFarm -internalurl “” -externalurl “ht …

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : ObjectNotFound: (:) [New-OfficeWebAppsFarm], ArgumentException

    + FullyQualifiedErrorId : CertificateNotFound,Microsoft.Office.Web.Apps.Administration.NewFarmCommand

The option wants the Friendly Name for the certificate, but the certificate didn’t have one. In the Friendly Name field, if you looked at the Certificate by using the Certificates MMC, it showed “<None>” in the field.

The installation docs are pretty clear that it is supposed to be the Friendly Name. Hey, clip_image002what can I say other than, I just wanted to try and see if it would accept another method of identifying the certificate in the store if there isn’t a Friendly Name. So, I tried using several different variations for the Friendly Name. I tried leaving it blank, I tried using a space between quotes, and I tried a few other methods, but none of them worked. It was kind of a bit of fun on my part to see if I could make it work.

Finally, I broke down, and selected the properties of the certificate in the MMC and entered OWAS.  Of course, it worked perfectly when I used that Friendly Name.

Yeah, I could have saved a couple of minutes if I had taken this step earlier, but I really enjoy experimenting.

Posted in Lync | Leave a comment

What Computer is Being Used to Connect to Lync?

One of my users came to me complaining that he was logging out of his computer at the end of the day, but when he would come in the next day, he would often have emails showing that others were trying to IM. He did a little digging and found out that he was showing as away, even though he was logged out of his computer.

Well, logic dictates that Lync is awesome and doesn’t screw up. Smile So, that means that he must have been logged in on another computer. The question is, how do you find what computer has his session running.

So, to help this ONE person, I spend a couple of hours and put this script together and tested it. You can just change the $UserName variable, and it will do the rest. The code is below.


# The name information below may need to be changed to include the SIP Suffix.

$UserName = “russ.kaufmann”

$FirstPriority = Get-CsUserPoolInfo $UserName | Select –ExpandProperty PrimaryPoolMachinesInPreferredOrder | Select fqdn -First 1

$ServerName = $FirstPriority.fqdn

$SQLQuery = “Select





From RegistrarEndpoint

WHERE SipHeaderFrom LIKE ‘%$UserName%’”

$connection = New-Object

$Connection.connectionString=”Data Source=$ServerName\RTCLOCAL;Initial Catalog=RTCDyn;Integrated Security=SSPI”


$Command = $Connection.CreateCommand()

$Command.Commandtext = $SqlQuery

$DataAdapter = New-Object System.Data.SqlClient.SqlDataAdapter $Command

$Dataset = New-Object System.Data.Dataset


# $Dataset.Tables[0] | Export-CSV UserIP.csv -notype


$connection = $null

$Results = $dataset.tables[0].rows

ForEach ($r in $Results){

                if ($r.IsServerSource -ne “False”){

                                  $ClientApp = $r.ClientApp

                                 $ContactInfo = $r.ContactInfo

                                $SipHeaderFrom = $r.SipHeaderFrom

                                $EncodingType = “System.Text.ASCIIEncoding”

                                $Encode = new-object $EncodingType

                                $ClientApp = $Encode.GetString($ClientApp)

                                $ContactInfo = $encode.getstring($ContactInfo)

                                $SipHeaderFrom = $encode.getstring($SipHeaderFrom)

                                # Strip garbage from $ContactInfo to get IP

                                                $CI = $ContactInfo.split(‘;’)

                                                $CI2 = $CI[0]

                                                $CI3 = $CI2.split(‘:’)

                                                $ClientIp = $CI3[1]

                                #Strip garbage from $Sip User to get SIP address in SMTP format

                                                $Sip = $SipHeaderFrom.split(‘:’)

                                                $Sip2 = $Sip[1]

                                                $Sip3 = $Sip2.split(‘>’)

                                                $SipAddress = $Sip3[0]

                                write-host $SipAddress

                                write-host $ClientIp    

                                write-host $ClientApp 



What you will get is a result something like here:


UCCAPI/15.0.4641.1000 OC/15.0.4641.1000 (Microsoft Lync)                                          

UCCAPI/15.0.4641.1000 OC/15.0.4641.1000 (Microsoft Lync)PS D:\ece_scripts>                                     

The “2” is the number of incidents found., then the output from the script is provided in the form of the SIP address, the IP address, and the client application information.

Posted in Uncategorized | 4 Comments

Lync Server Issue – Certificate Status: Missing

Symptom: Yesterday, one of the Lync Front-End servers failed. Almost all of the Lync services were not running, and the services would not start manually. Reviewing the Event Logs, which is something that none of us do until we are well into our troubleshooting, I found the following Event Log errors:

Event 32014, LS Application Server

The application threw an exception while starting.

The application urn:application:testbot threw the following exception when starting: Exception: System.Runtime.Serialization.SerializationException

> Message: The constructor to deserialize an object of type ‘Microsoft.Rtc.Internal.Sip.LocalCertificateNotFoundException’ was not found.

> TargetSite: Void CallStartAsync()

> StackTrace:    at Microsoft.Rtc.ApplicationServerCore.ApplicationLoader.CallStartAsync()

> Source: Microsoft.Rtc.ApplicationServerCore

Cause: Startup errors.


Check the events prior to this to resolve the service startup issue.


Event 61002, LS MCU Infrastructure.

No certificate has been configured for secure transport.

The certificate assigned to process ReplicationApp(3756) was not found. 

Certificate serial number: 46ae547f00000000fcda

Certificate issuer name: CN=IHelp CA, DC=infrastructurehelp, DC=com.

Cause: Incorrect configuration of the server or the certificate assigned to the server was deleted from the certificate store


Verify that a valid certificate has been configured.


Event 48005, LS Routing Data Sync Agent

The Routing Data Sync Agent has encountered an unexpected Exception: [Operation is not valid due to the current state of the object.], Trace: [   at Microsoft.Rtc.Server.McuInfrastructure.HttpTransport.LoadCertificate(CertificateInfo certificate)

   at Microsoft.Rtc.Server.McuInfrastructure.HttpTransport.LoadCertificate()

   at Microsoft.Rtc.Server.McuInfrastructure.HttpTransport..ctor(String listeningUrl, ICccpConfigurationProvider config, XmlWriterSettings writerSettings)

   at Microsoft.Rtc.Server.Replication.Http.ReplicationHttpAdapter..ctor(String listenerUri, ICccpConfigurationProvider config)

   at Microsoft.Rtc.Server.Replication.Http.ReplicationHttpAdapter..ctor(String listenerUri, ServiceConsumer serviceConsumer, StoreAccessor regStoreAccessor, StoreAccessor uscStoreAccessor)

   at Microsoft.Rtc.Server.Replication.ReplicationApp.Initialize(AutoResetEvent workerStartedEvent, ManualResetEvent serverProcessDiedEvent, ManualResetEvent shutdownEvent, ManualResetEvent updateMasterStateEvent)

   at Microsoft.Rtc.Server.Replication.ReplicationApp.Main(String[] args)]

OK, the errors make it sound like a certificate error. Actually, it was pretty clear that it was a certificate error.. So, I opened up the Certificates MMC and verified that the cert was still there. It wasn’t accidentally deleted or anything like that. In fact, the cert still has almost a year before it expires. I started the Deployment Wizard and found the following:


The Certificate Wizard shows the certificate, shows that it is not expired ( today is September 30th, 2014), and that it is “partially” assigned in that the Web services internal shows assigned while the other services show the certificate is missing.

Resolution: I found that I could either replace the existing certificate with a new one, or I could just use the Assign option and re-assign the same certificate. In both cases, the Status became Assigned for all of the services, and the Lync services all started back up properly.

Cause: I am not sure. I know that some patching has been done recently, but I have no idea what patch might have caused this issue. BTW, I also found this issue existing on almost all of the Front-End servers, but only the one server had the services stopped. I am betting that if any of the other Front-End servers were restarted, they would have failed in exactly the same way.

Posted in Uncategorized | Leave a comment

Cleaning up Federation in Lync

I had a recent situation where I had to enable Federation for most of the company’s users because of an acquisition. It made perfect sense to enable Federation for them as they had the need to engage the newly acquired company’s staff on a very regular basis.

Now that the acquired company has been completely merged into the same Lync environment, it is time to clean up Federation. Actually, a month had passed before anyone realized that Federation should be cleaned up. I will take the blame for that. Smile

There are two steps to this process.

  • First, I needed to identify which users were still using Federation to collaborate with other companies. Then I took the list and vetted it to make sure that only those that needed Federation were still using it.
  • Second, I needed to remove Federation from all remaining users.

To meet the needs, I created a script to identify those that were still using Federation.


$SQLQuery = “Select





       U.UserUri ‘User1URI’,

       UU.UserUri ‘User2URI’,


From SessionDetails S

Inner join Users U on S.User1Id = U.UserId

Inner join Users UU on S.User2Id = UU.UserId

WHERE S.IsUser1Internal = 0 OR S.IsUser2Internal = 0

Group by








$connection = new-object

$Connection.connectionString=”Data Source=SQLServerName\InstanceName;Initial Catalog=LcsCDR;Integrated Security=SSPI”


$Command = $Connection.CreateCommand()

$Command.Commandtext = $SqlQuery

$DataAdapter = New-Object System.Data.SqlClient.SqlDataAdapter $Command

$Dataset = New-Object System.Data.Dataset


$Dataset.Tables[0] | Export-CSV FederationActivity.csv -notype


$connection = $null

$File = Get-Content FederationActivity.csv

$Null | Out-File FederationActivity.csv

ForEach ($f in $File) {

                $f | Out-File FederationActivity.csv -append


$Results = Import-Csv FederationActivity.csv

ForEach ($r in $Results){

                $FU = Get-Content FederationUsers.txt

                $User1 = $r.User1URI

                $User2 = $r.User2URI

                If($User1 -imatch “”){

                                $Test = $FU -contains $User1

                                If($Test -eq $False){

                                                $User1 | Out-File FederationUsers.txt -Append



                If($User2 -imatch “”){

                                $Test = $FU -contains $User2

                                # Write-Host $Test is the test value

                                If($Test -eq $False){

                                                $User2 | Out-File FederationUsers.txt -Append





The first script creates a nice file of the users. You can run it multiple times, and it will just add the names to the existing file. The FederationUsers.txt file is used in the second script to test whether the person should have Federation removed.


$Users = Get-CsUser -resultsize unlimited

$FU = Get-Content FederationUsers.txt

$Null | Out-File FederationRemoval.txt

ForEach ($u in $Users){

               $u1 = $u.SamAccountName

                $u1 = $u1 + “”

                $Test = $FU -contains $u1

                If($Test -eq $False){

                                $Test1 = $u.externalaccesspolicy.friendlyname

                                If ($Test1){

                                                Grant-CsExternalAccessPolicy $u1 -policyname $null

                                                $u1 | Out-File -append FederationRemoval.txt





While others may not have the same needs, these scripts might help. Good luck.

Posted in Uncategorized | 1 Comment

Custom Presence in Lync 2013–Where did my Custom Presence States Go After I Upgraded?

Consider this post a follow-up to my previous post a few years ago for Lync 2010.

I have heard a few complaints lately about people losing their Custom Presence States when they upgrade the Lync 2010 client to the Lync 2013 client. No problem, we can do it again, and do it for Lync 2013.

imageCustom Presence has always been a hot topic for many users as they want to have something that just isn’t in the box. The basics just don’t give enough information in many cases. After all, it is much nicer to show that you are not just Away, but you are at Lunch, so that everyone knows you are working today, and that you will be back soon.

Custom Presence requires:

  • Permission to edit the registry of the computer, or the ability to deploy the Registry settings via a Group Policy object
  • The actual Registry entries
  • An XML file that contains the settings for your Custom Presence States

The process is covered really well on many blogs, and is also covered here on the TechNet site. However, I already have your attention, so I will cover the basics here.

1. Create the .XML file.

The XML is pretty simple to write, but if you need help, you can use the file that I have here and then copy and paste it into a file named something really creative, like, custompresence.xml. Note: Doing a direct copy of the XML code below will add some strange characters, so make sure you paste it as straight text. Again, feel free to right click the link in the first part of this step and then save the file. It is easier to edit what works than to write something new.

<?xml version=”1.0″ encoding=”utf-8″?>
  <customState ID=”1″ availability=”Online”>
    <activity LCID=”1033″>Working from home</activity>
  <customState ID=”2″ availability=”Online”>
    <activity LCID=”1033″>I am a happy camper</activity>
  <customState ID=”3″ availability=”do-not-disturb”>
    <activity LCID=”1033″>In a conference call</activity>
  <customState ID=”4″ availability=”do-not-disturb”>
    <activity LCID=”1033″>Wrapping up for the day</activity>
< /customStates>

If you double-click the XML file, it will pop up in Internet Explorer and look just like this image to the right. My XML file is available right here at this link: imageYou can access the file from a Web server or a file server. I bounce around between computers and networks, so I use my website to host the file so I can get to it anywhere.

Some restrictions exist:

  • You can only have up to four different Presence states
  • Your text in the Presence state is limited to 64 characters. I really doubt you need anything near that long, though.
  • You can only use one of the following availability states: Online, Busy, or Do-Not-Disturb. You can’t use Away or Offline.
2. Configure the Registry.

While you can create the Registry entries and use a .reg file to deploy the settings, I prefer to manually edit the Registry. It really is easy.

Run regedit.exe to open the registry editor. In the registry editor, navigate to one of the following:

  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Office\15.0\Lync
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Lync image

Notice that the location for the Registry settings are different? Yep, that might explain why the Custom Presence States are not there anymore after upgrading the client.

HKLM settings take priority over the HKCU settings, but you can configure the settings in either location. In either case, you will probably have to create the Office key, the 15.0 key, and the Lync key so it looks like the image to the right.

Next, you need to take two steps, which are shown in the Registry Editor to the right.

  1. You need to create a DWORD for for EnableSIPHighSecurityMode and set it to 0. If you are storing the XML file on a Web server that is configured with a certificate, you can use HTTPS instead of HTTP and not need to disable the setting.
  2. Next, you need to create a String Value for the CustomStateURL value. In my case, I use for the value. If you want, you can store your custompresence.xml file on the local hard drive. If it is on the local drive, you can just enter file:///c:/FolderName/custompresence.xml instead of using a Web url.

3. Sign out of Lync 2013 and then sign back in again.

In the notification area in the task bar, right-click the Lync 2013 icon and select Sign Out, imagethen start up Lync 2013 again.

If all went according to plan, you should see the custom presence states as shown here.

Note: Custom presence states will not be visible to Federated users that view your presence. In order for them to see your new custom presence states, you will need to add them to your Colleagues container in the Lync client.
Posted in Uncategorized | 1 Comment