Browsing the archives for the configuration tag.

Four “Real-World” Updates Now Available for Skype for Business Server

Conferencing, Exchange, Instant Messaging (IM), Skype for Business, Unified Communications, Voice over IP

Microsoft has released a June 2016 Update for Skype for Business Server! It contains 4 new features:

  1. Video Based Screen Sharing
  2. Multiple Emergency Number
  3. Busy Options
  4. Offline Message

All of which struck me as having something in common: They’re all very useful in real-world office scenarios.

Accordingly, I’ll define them using examples of office scenarios today! Let’s dive in and see what Microsoft has given us.


Scenario: “When Beth shares her screen, the meeting gets slow and jerky.”
Solution: Video Based Screen Sharing

How Video Based Screen Sharing Works
When you install the new update, Video based Screen Sharing (VbSS) equips your Skype for Business Server to use UDP in its screen sharing. Previously, screen sharing used RDP. This should give a performance boost and help Meeting quality, even on lower-bandwidth connections.

Video based Screen Sharing for Skype for Business Server 2015 – Microsoft TechNet

Best of all, you don’t have to configure anything! VbSS is enabled by default.


Scenario: “We have people visiting from the UK office this month. They won’t know our phone system.”
Solution: Multiple Emergency Number

How Multiple Emergency Number Works
Just like the name implies, Multiple Emergency Number enables you to set multiple emergency numbers using PowerShell. It’s a location policy update which you control.

The major value here is for larger businesses with international workers moving between locations. Let’s consider a business with 2 offices: one in the U.S., and one in the U.K. Each office has a Site in Skype for Business. Each Site’s location policy has its own local emergency number. For the U.S., emergency is 911. But in the U.K., it’s 999.

Using Multiple Emergency Number, you can add multiple masks for all other site’s emergency numbers. In order to add 999 as a mask in the U.S. Skype location policy, you’d use these cmdlets:

$a = New-CsEmergencyNumber -DialString 911 -DialMask 999
New-CsLocationPolicy -Identity [YourID] -EmergencyNumbers @{add=$a} -EnhancedEmergencyServicesEnabled $True -PstnUsage [emergency PSTN usage]

Saves training time, and makes everyone a little safer.

There’s many other ways you can use Multiple Emergency Number. Have a look at its TechNet page for examples: Multiple emergency numbers can now be set in location policy in Skype for Business Server 2015 – Microsoft TechNet


Scenario: “X is calling. I really can’t (or don’t want to) talk to them right now.”
Solution: Busy Options

How Busy Options Works
Busy Options is a new voice policy. With it installed, you can configure Skype for Business to give callers a busy signal if they call someone who’s already on a call, or send them to voicemail. The person called then receives a notice in their inbox for either a missed call or voicemail.

Some of this functionality already existed in Skype for Business Server. Busy Options expands upon it. Conferencing, Team Calls, and Response Groups all benefit from it. Each gains several options–for example, users in conferences can still new conference invitations. But new peer-to-peer calls are rejected according to their Busy Options settings.

In terms of applicability, the documentation indicates that you can enable Busy Options down to the single-user level. But, doing so for an entire enterprise is more commonly referenced.

Installing & configuring Busy Options is more involved than the other updates listed here. I’ll link to the Deployment page to make things easier: Install and configure Busy Options for Skype for Business Server – Microsoft TechNet


Scenario: “Bob is offline again! I need to send him this.”
Solution: Offline Message

How Offline Message Works
Offline Message leverages Exchange Web Services to send messages from a Skype for Business client to another user’s Exchange mailbox. If the user is offline, the message gets stored with Exchange. Effectively, it allows you to send messages to someone who’s offline.

When you do, you (the sender) will see a notification like this:

Offline Message Alert

Photo courtesy of Microsoft.

They (the recipient) will see an orange dot on their Conversations icon. Just like the red dot on the iPhone’s apps, it means, “Hey! You have missed messages!”

To enable Offline Message:

Open the Skype for Business Server Management Shell.
Run the following cmdlet: Set-CsImConfiguration -EnableOfflineIM $True
To confirm, run: Get-CsImConfiguration
Finally, confirm that the “EnableIMAutoArchiving” property is set to True with Get-CsClientPolicy. Otherwise Offline Message won’t work. (It should be set to True by default, but make sure.)

Enable or Disable Offline Instant Messaging (IM) in Skype for Business Server 2015 – Microsoft TechNet


New Skype4B Tools to Make Everyday Office Work Easier

We’ve installed these on our Skype for Business Server as of this post. Testing has already commenced! So far I’ve received one Offline Message. If any snags come up, I’ll make sure to document them here.

Which of these “real-world” updates do you think will benefit your company the most? Please comment or email your thoughts. And we’ll see you next time!

Facebooktwittergoogle_plusredditlinkedinmail
1 Comment

Listing the Active Users on Skype for Business Server (Plus an iOS App Update)

Office 365, PowerShell, Skype for Business

Two topics today! This past week I responded to a reader question about active users, and continued my testing of the Skype for Business iOS Preview app. Here’s what I’ve come up with from both.

First, a quick update on the iOS Preview app!

iOS Preview App: New Features, Still Very Limited

We had an update come through with some new items:

  • Enhanced Skype Meeting experience: you can now upload a PowerPoint presentation to a meeting and present it right from your phone or tablet, letting you run your meetings on the go
  • Group communication: search for an existing distribution group and initiate an instant message, or an audio/video conversation with the group
  • Directly open your Outlook calendar from the Skype for Business meetings tab
  • General and stability improvements

I tested Tore’s idea for the “Saving phone number disabled” error message. It did work – on one of our phones. The other (mine, unfortunately) still reports the error.

Reader Question: How Can I Find Out the Number of Active Users on Skype for Business?

A reader I’ll call Tom, with whom I’ve spoken a couple times now, had a question on Active Users. He wanted to know if there was a way he could, via the Control Panel or PowerShell, find the number of Lync/Skype4B users who were active right now.

Interesting question! He asked if there was a PowerShell cmdlet to find out – easily the fastest method. However, I don’t know of a cmdlet which displays active users for Skype for Business Server.

There IS a cmdlet which displays active users for Skype for Business Online. It’s:

Get-CsOnlineUser

Office 365 also has an Active Users Report for Skype for Business Online in its Admin Center.

Active Users Report in Office 365

(I really want one of these in Skype for Business Server, Microsoft…)

Getting a full list of active users on Skype4B Server? That’s a little more complicated.

Option 1: Monitoring Reports

If a certain user is active, you can find out with the Monitoring Reports. Specifically, the User Activity Report

Remember this screenshot? It came from a User Activity Report on our then-Lync Server.

calldiagperuser

With the User Activity Report you can see who’s active during a specific time period, and what peer-to-peer or conferencing sessions they’re in. It does serve to answer Tom’s question, but not in the most direct manner.

What about PowerShell?

Option 2: PowerShell Scripts

I checked several PowerShell cmdlets – Get-CsUser, Get-CsAdUser, etc. None would give me a list of active users on our Front End. I even tried the Get-CsOnlineUser on our server, just in case it did work. No such luck.

So I turned to scripts. Rather quickly I found two script-based options for listing active Skype4B users.

One, the incredibly powerful Get-CsConnections.ps1.
Script: Get-CsConnections.ps1 – See User Connections, Client Versions, Load Balancing in Lync Server: Ehlo World!

Written back in 2011, the author has updated the script multiple times, and it does work with Skype for Business Server.
It requires installation, the steps for which are documented in the post. (EDIT: According to the script’s developer, all you need to do is download and run. All the better!)

Get-CsConnections.ps1 has plenty of parameters to choose from. For instance, running the script to see the number of active users on a Front End Server named DEFAULT is:

Get-CsConnections.ps1 -Server DEFAULT -IncludeUsers

Get-CsConnections.ps1 Script Result

Image courtesy of Ehlo World! Blog.

The same blog also had the second option: a “oneliner” script using the Get-Counter cmdlet.
One Liner – See Number Of Connected Users, Endpoints On A Lync Front End Server: Ehlo World!

In order to use this, you’d need to know the specific counters for active users. They are, according to the post:
LS:USrv – Endpoint Cache\USrv – Active Registered Endpoints
LS:USrv – Endpoint Cache\USrv – Active Registered Users

The full “oneliner” script reads:

Get-Counter “\LS:USrv – Endpoint Cache\USrv – Active Registered Endpoints”,”\LS:USrv – Endpoint Cache\USrv – Active Registered Users” | Select-Object -ExpandProperty CounterSamples | Format-Table Path,CookedValue -Auto

A simple method for finding active users. Fewer steps too. But, not as many options as Get-CsConnections.ps1.

I find the underlying “counter” technology fascinating though…the post is definitely worth a read. I may dig further into it for later posts as well.

Impressive Use of PowerShell for a Deceptively-Thorny Problem

Great question Tom! Set me on a bit of a goose chase, but we wound up with some juicy tidbits as a result. Thank you to the Ehlo World! Blog as well for their stellar work.

What would you use Skype for Business Active User data for? Please email in or comment your thoughts.

Next week I’m honestly not sure what I’ll write about. Another how-to post, or maybe some user experience advice? You’ll have to join us back here to find out!

Facebooktwittergoogle_plusredditlinkedinmail
2 Comments

How to Open Your Skype Meetings to the Public (But You’ll Risk Security)

Conferencing, Skype for Business

At one point or another, we’ve all used the Meet Now tool in Lync/Skype for Business. It’s convenient—one click and you have a ready-and-waiting meeting space. Pull it some co-workers and you can discuss the current project right away.

This is possible because Meet Now is, in a sense, a low-security tool. It bypasses some Skype for Business security, starting up a public meeting that’s open to everyone. No lobby. Come right in.

I bring this up because recently, we had a customer ask us about their Skype Meetings. Essentially, they wanted to take the Meet Now security level and apply it to all of their future Skype Meetings.

No waiting in a virtual Lobby.
No authentication before joining.
Open to everyone.

The first thing we did was tell them two things. One, we could do this. Two, we did not recommend doing it!

Public Meeting Access = Potential for Security Issues

There’s no setting for “totally public” meetings via PowerShell or the Control Panel. But it IS possible to manually configure Skype for Business like this.

The question is, should you?

Allowing anyone to join a meeting, at any time, with no access restrictions introduces all of these security risks.

  • Breach of confidentiality
  • Introduction of dangerous code
  • Theft of intellectual property
  • Compliance violation

We recommend AGAINST this course of action. But if you do want to configure your Skype Meetings as totally public – and you understand the security risk this creates – here’s how to do it.

How to Open Skype Meetings to the Public

If you only want to set an individual Skype Meeting as public, all you need to do is modify its options.

When you create a new Skype Meeting, click the Meeting Options button in the ribbon.

Skype Meeting Options Button

The Options window will open. You’ll see Permissions by default. There are two choices:

  1. A new meeting space (I control permissions), and
  2. My dedicated meeting space (less secure).

Option 2 uses the same meeting space on the server every time. It also grants everyone in the organization Presenter access.
Skype Meeting Options - Less Secure
Note that the option to control who has to wait in the lobby is grayed out.

Option 1 uses a new meeting space on the server. This is more secure, but it also enables you to control who has to wait in the lobby. If you select “Anyone (no restrictions)” then nobody does. Everyone gets in right away, express lane, no waiting.

Skype Meeting Options - More Secure
This is the option we recommend customers use.

Finally, if you want to use the same settings for all of your future Skype Meetings, click the “Remember Settings” button next to the OK.

=====
Remember, this only works for this one Skype Meeting. To make all Skype Meetings totally public by default, you’ll have to modify your Skype for Business Meeting Policy.

First, determine whether you’re changing Meeting Policy Options globally, or by site.

To modify globally, the PowerShell cmdlet to employ is: Set-CsMeetingConfiguration
To modify by site, the cmdlet is: Set-CsMeetingConfiguration -Identity site:[SITENAME]

More on Set-CsMeetingConfiguration from TechNet.

These are the parameters to use.

AssignedConferenceTypeByDefault. True/False. If set to True, scheduled Skype Meetings are set as Public – the conference ID and meeting space URL are the same every time. Just like “My dedicated meeting space” above. If set to False, scheduled Skype Meetings are private, with a new meeting ID & URL each time (just like “A new meeting space” above).

Default is $true. This is a default with which we don’t agree; we prefer (and recommend) customers set to $false and use new meeting spaces each time. But if you want public meetings, you can leave it on default.

Example: Set-CsMeetingConfiguration -AssignedConferenceTypeByDefault $true

PstnCallersBypassLobby. True/False. Should you automatically admit dial-in (PSTN) attendees? No Lobby? If set to True, then attendees calling in go right into the Skype Meeting. If set to False, then PSTN attendees arrive in the Lobby.

Default is $true. Again, a default we recommend changing for security. But if you want the convenience of no lobby waiting, then set to $false.

Example: Set-CsMeetingConfiguration -PstnCallersBypassLobby $true

AdmitAnonymousUsersByDefault. True/False. Will you allow anonymous users into your Skype Meetings? If set to True, then yes, anonymous users can come right in. If set to False, anonymous users are shut out at the door. Default is $true (grumble).

Example: Set-CsMeetingConfiguration -AdmitAnonymousUsersByDefault $false

If you wanted to combine all these parameters, the statement would read like this (assuming a global policy change):
Set-CsMeetingConfiguration -AssignedConferenceTypeByDefault $true -PstnCallersBypassLobby $true -AdmitAnonymousUsersByDefault $true

skypemeetingoptions_cmdlet

Further details on these parameters at Andrew Morpeth’s blog: Lync 2013 Meeting Options Policies – UC Geek

Use Caution When Changing Meeting Policy

Once again, we recommend against opening all Skype Meetings to the public. Sure, doing it occasionally for important discussions is fine. Leaving all Skype Meetings open by default, however, invites security breaches you won’t even know about until it’s too late.

Normally, we change all of these options for customers before finishing deployment. We inform the customer, of course, and if they do choose to re-enable an option in Meeting Policy, we advise them of the security risk. That’s our job.

Have you ever experienced a security issue from your Skype Meetings? If so, please comment or email your experience. I’d like to examine this angle further. See what more we as admins can do.

Facebooktwittergoogle_plusredditlinkedinmail
2 Comments

SQL-Active Directory Mismatch Prevents Skype4B User Login

Reference, Skype for Business

User accounts. They seem like simple things, don’t they? Enter your email and a password, log onto Skype (or your laptop, Outlook, etc.) and start work.

But we know better. In reality, every user account has several moving parts behind it. Server names, Active Directory credentials, database entries…all interconnecting behind the scenes. Making your login process the usual 5-second time-to-get-going routine it is.

Until one of those parts breaks.

An SID Mismatch Lurking Between Database and Active Directory

The other day, our Skype for Business team assisted a customer who couldn’t login to their Skype account. The password was correct. The user account shows as valid in Skype’s Control Panel. Where’s the issue?

Since the user shows up in the Skype4B Control Panel, we went to the logs. Soon we found a telling error:

“Failed to authorize user credentials
User Token SID S-XXXXXX did not match DB SID S-XXXXXXX”

An SID mismatch. What would cause that?

In this case, the most likely reason was old Lync information.

User Replicator Issue in the Database, Maybe From In-Place Upgrade

A few weeks prior, we’d performed an In-Place Upgrade for this customer. Lync Server 2013 on-prem to Skype for Business 2015 on-prem. The upgrade itself went all right – a couple snags with Exchange, which we smoothed out.

However, it appears another error had surfaced. We checked our runbooks; no previous incidents like this. So we searched online. We came across this post from Mostafa, a Lync/Skype for Business consultant in Germany:

Lync/Skype for Business – LS User Replicator Event ID 30020 – The Lync Dude

We tried the PowerShell cmdlet indicated in the post: Update-CsUserDatabase

Sure enough, we got the same error message.

“Event ID 30020, source ‘LS User Replicator’
User URI is already being used by another valid user in the database…”

Error 30020 User URI Duplicate

So what we had was a user account with some conflicting information between Active Directory and SQL Server. Residual information from Lync 2013 days, it appears, got stuck in the server database.

How? Not sure. Possibly a bug in the In-Place Upgrade. We made note to report it to Microsoft. But first, we needed to fix it!

The Solution – Modify SQL Database. Success, But There was a Snag

The blog post indicated a solution. Careful though – it involves directly modifying SQL databases. Chances of breaking the database, and your Skype4B right along with it, are significant. Make a FULL backup before trying this.

  1. Disable and delete the user from your Skype for Business Control Panel. Note down the user’s SIP address.
  2. Login to the Front End Server.
  3. Start SQL Management Studio.
  4. Connect to the RTCLOCAL Instance. (THIS is where it gets risky!)
  5. Run the following query against the RTC database: Execute dbo.RtcDeleteResource ‘[the user’s SIP address]’
  6. Restart the following services on the Front End:
    • Master Replica Agent
    • Replica Replicator Agent
  7. Wait a few minutes.
  8. Recreate the user account in Skype for Business Control Panel.
  9. Wait a few more minutes for full replication.

We hit a snag though – the process didn’t work for us! Even after several tries.

So we called Microsoft Support. We shared the SQL solution. Shouldn’t this work, we asked? Yes, said the Support rep, it should. Let me try it.

We granted the Support rep access. He logged into SQL, tried the query…and it worked.

Everyone blinked at each other for a moment. The same process, the same database, and the same access permissions. Nobody could explain why it worked when the Microsoft Support rep did it, but not when we did. Even the Microsoft rep admitted he wasn’t sure why!

But, no matter how, the fact is that it did work. We recreated the user’s account, and there were no more login issues.

Editing SQL a Last Resort, But for an ID Mismatch Like This One, It Worked

Bit of a mystery, start to finish. We did report the initial issue to Microsoft, of course. The rep said they had a similar bug logged (possibly by Mostafa).

I’m documenting the experience, mysteries and all, for our fellow Skype4B pros. If you do encounter a user account which mysteriously refuses to log in, may this post help you fix it!

Have you encountered a user account issue that required editing SQL to fix? Please comment or email. I’m curious what other issues like this (if any) exist out there.

Facebooktwittergoogle_plusredditlinkedinmail
2 Comments

What to Do If Your Skype Meeting Configuration Doesn’t Update

Conferencing, Reference, Skype for Business

We may have found a new bug in Skype for Business Server. It’s located in one of the fields in your Skype Meeting invite.

First, some background:
When we set up our Meeting Invite in Lync Server 2013, it contained three lines under the “Join by phone” section:

  • PlanetMagpie Dialin [link]
  • Our Local Dial-in Access Number
  • “Find a local number” link

The thing is, the “PlanetMagpie Dialin” link didn’t always work. We logged it as an issue, but didn’t fully investigate before moving to Skype for Business.

The other day, we decided to update the Skype Meeting invite. In order to do this you must make changes in the Skype for Business Control Panel:

  1. In Conferencing, under “Meeting Configuration”
  2. In Conferencing, under “Dial-In Access Number”

Meeting Configuration lets you add personalization through a logo & custom text. Dial-In Access Numbers lets you set the phone number with which users can call into the meeting. You also set the number’s display name.

From TechNet:

“When you deploy dial-in conferencing, you need to set up phone numbers that users can dial from the public switched telephone network (PSTN) to join the audio portion of conferences. These dial-in access numbers appear in meeting invitations and on the Dial-in Conferencing Settings webpage.”
Manage dial-in conferencing access numbers in Skype for Business Server 2015 – TechNet

That’s where we noticed something different. We could not change the Display Name.

The ‘Display Name’ field itself had stopped cooperating.

DisplayName Field Not Required

Optional, but not updating

(Likely) Cause: Bug in ‘Display Name’ from Lync Server Days

In Lync Server 2013, under Dial-In Access Numbers, the Display Name field was recommended but not mandatory. This is where we put the “PlanetMagpie Dialin” name referenced above.

When we upgraded, “PlanetMagpie Dialin” remained in the Display Name field. Skype for Business did its job, and preserved our dial plan information during In-Place Upgrade.

We edited the Display Name, as well as the logo & footer text under Meeting Configuration. But the changes didn’t populate to the Outlook meeting invites. Even trying the recommended cmdlet – Set-CsDialInConferencingAccessNumber – didn’t work.

Likely reason? A bug involving the ‘Display Name’ field. When Microsoft built Skype for Business, the upgrade carried dial plan information through. It appears that our upgrade also carried the bug over!

So we had an un-updated meeting invite, despite the server showing all the changes we wanted. How do we fix it?

Solution: Delete & Recreate the Dial-In Access Number

As with many troubleshooting episodes, the old “rip & replace” worked. Here’s what we did.

  • Confirmed the Meeting Configuration has the values you want.
  • Switch to the Dial-In Access Numbers window.
  • Open the dial plan you have in place now. Take a screenshot of it. Click Cancel.
  • Click Edit. Click Delete to delete the dial plan.
  • Now the server needs to refresh. The fastest way to do this is to open Management Shell and enter the following cmdlet:
    Invoke-CsManagementStoreReplication
  • Wait a moment for the changes to replicate. You can check the status with this cmdlet:
    Get-CsManagementStoreReplicationStatus
  • When it displays “True” the changes have replicated. Return to the Control Panel.
  • Still in Dial-In Access Numbers, click New.
  • Using the screenshot you took, re-enter the same dial plan values.
  • Click Commit.
  • Once again, open Management Shell and enter the following cmdlet:
    Invoke-CsManagementStoreReplication
  • As before, you can check the status with:
    Get-CsManagementStoreReplicationStatus
  • Wait for it to display “True.” Then you’ll know the new dial plan is published.
  • If you want to double-check, open Users in Skype for Business Control Panel. Open one or more User accounts and confirm that your dial plan name appears for them.
  • It may take a little longer for the meeting invite to update on all client computers. This took a while for us – long enough to grab lunch, in fact.

Once the updates populated, I checked our meeting invites.

Meeting Invite, No 'DialIn' Text

See? “PlanetMagpie Dialin” vanished, but the call-in number remained.  All other changes appeared too.  Meeting invites up-to-date!

Uncommon Bug, But Deserving of a Skype4B Insider Post!

We aren’t sure this is an official bug. I didn’t locate specific mentions of it in TechNet. We’ll report it, of course, just in case. Even the rarest bug deserves reporting.

In any event, since it IS a Skype for Business issue, we must document it on the blog! Hope it helps you, if you’ve reached this post and have a similar issue messing up your meeting invites.

Have you encountered issues with Meeting Configuration or Dial-In Access Numbers? If so, please comment or email what happened. I’d love to hear about it.

Facebooktwittergoogle_plusredditlinkedinmail
No Comments

Auto Attendant Failing? Your UM Dial Plan Can’t Have Spaces in its Name

Exchange Server 2013, Reference, Skype for Business, Unified Communications

We encountered a tiny issue the other day. It did exactly what tiny issues do – caused a lot of trouble!

Auto Attendant DiagramOur team was finalizing a new customer’s Skype for Business implementation. They set up the servers; all good. They set up user accounts; no problem. They tested connections on user machines; everyone can talk to one another.

Then we did some test calls from outside their network. Exchange’s Auto Attendant should pick up and offer us some departmental choices.

But it’s not picking up.

Ten-second rundown: The Auto Attendant is part of an Exchange Server component called Unified Messaging. Unified Messaging (or UM) gives you access to voicemails in your inbox, and it allows you to create Auto Attendants for managing call transfers. You use an Auto Attendant-type of system whenever you call a business and hear, “Press 1 for Sales, Press 2 for Support…”

In this case, our customer’s Auto Attendant would not activate at all. We checked server logs and found no errors. The customers could still get their voicemails. Everything was configured properly. So what’s causing the problem?

It took us a little time to find the answer. Which, it turns out, was tiny!

Unified Messaging Dial Plans Cannot Use Spaces in Their Names

The issue originated in the UM Dial Plan. Specifically, its name.

When we set up the UM Dial Plan for this customer, we called it, “CustomerName UM Dial Plan.” Which, it turns out, is the wrong syntax to use. Because it has spaces in it.

The issue originates in Exchange Server 2013. It prevents Lync (or Skype4B) users from calling an Exchange UM Auto Attendant, if there are spaces in the Auto Attendant’s Dial Plan name.

(Please note: We think this issue is still present in Exchange Server 2016.)

Why such an issue exists, I’m not sure. But it does.

So, simple fix, right? Just rename the Dial Plan?

Unfortunately not. You can’t change a Dial Plan’s name once it’s created. We had to create an all-new one, an exact duplicate of the first (without the spaces in its name!), and then delete the old Dial Plan.

On top of that, we’d have to disable all the users’ Unified Messaging mailboxes, and then re-enable them with the new UM Dial Plan. All for a couple of spaces.

The Fix: Create a New UM Dial Plan, Enable All Users for It, Then Remove Old UM Dial Plan

Naturally, we consulted the Almighty Google and The Most High TechNet for answers. We found them on a couple blogs.

First off, Michael Epping’s post on Concurrency.com titled, Change Users’ Exchange UM Dial Plan. He describes the exact problem we encountered. He also provides a solution.

The quickest and cleanest way to do this is through PowerShell. Creating a new UM Dial Plan, disable all users’ UM mailboxes, re-enable the mailboxes with the new Dial Plan, and then removing the old Dial Plan.

2016-04-07_10-51-34

We followed Michael’s process exactly, and he’s done a good job documenting it in his post, so I won’t copy everything over. He deserves the clicks. What I will do is highlight the steps involved for disabling and re-enabling the UM mailboxes.

NOTE: Make sure you create a new UM Dial Plan before you do this!

  1. Run the “Get-UMMailbox” cmdlet to export primary SMTP addresses, SIP resources and extensions.
  2. Open the exported list in Excel. Select the extensions column. Click Text to Columns in the Data tab.
  3. Select Delimited if it’s not already. Click Next.
  4. Check Semicolon under the Delimiters. Click Next.
  5. You should have a column with SIP addresses and one with extensions. Remove the column with SIP addresses.
  6. Highlight Cell D2. Enter the following text. Replace “UMMailboxPolicy” with the name of your UM Mailbox policy.
    =CONCATENATE(“Enable-UMMailbox -Identity “,A2,” -UMMailboxPolicy Lync -SipResourceIdentifier “,B2,” -Extensions “,C2,””)
  7. Highlight D2 again. Click the lower-right corner square. Drag it down to recreate this command for each user in the list.
  8. You should end up with a list of “Enable-UMMailbox” commands for each user.
  9. Copy all of Column D. Paste into Notepad or another text editor.
  10. Make sure the first line, above all the commands, says this: “Get-UMMailbox | Disable-UMMailbox”
  11. Save the script as a .ps1 file. Michael named his “Redo-UMMailboxes.ps1.” We named ours “UMDialReset.ps1.”
  12. Copy the .ps1 file to your Exchange Server. Run script in PowerShell.

Again, please check Michael’s post for additional details.

I’m also including a PowerShell script we used to remove the old UM Dial Plan. This comes courtesy of Ibrahim Soliman’s Blog.

$UMDialPlan = “”
Get-UMMailboxPolicy | where {$_.UMDialPlan -eq $UMDialPlan} | FL Name, UMDialPlan
Get-UMMailboxPolicy | where {$_.UMDialPlan -eq $UMDialPlan} | Remove-UMMailboxPolicy
Get-UMHuntGroup | where {$_.UMDialPlan -eq $UMDialPlan}
Get-UMHuntGroup | where {$_.UMDialPlan -eq $UMDialPlan} | Remove-UMHuntGroup
Get-UMService | where {$_.DialPlans -contains $UMDialPlan} | FL Name, DialPlans
Get-UMService | where {$_.DialPlans -contains $UMDialPlan} | Set-UMService -DialPlans @{Remove=”$UMDialPlan”}
Get-UMService | Get-UMCallRouterSettings | where {$_.DialPlans -contains $UMDialPlan} | FL Identity, DialPLans
Get-UMService | Get-UMCallRouterSettings | where {$_.DialPlans -contains $UMDialPlan} | Set-UMCallRouterSettings -DialPlans @{Remove=$UMDialPlan}
Remove-UMDialPlan -Identity $UMDialPlan

As with all PowerShell scripts, verify this will work with your current topology before executing it.

Avoid Spaces in Dial Plan Names, and You Won’t Have to Replace Them

The name of a Unified Messaging Dial Plan, stored on an Exchange Server, seems an unlikely place for a space to cause problems.

Yet that’s exactly what happened here. Once we’d removed the old dial plan, added a new one & re-enabled the users’ mailboxes, Auto Attendant behaved perfectly. The customer had their, “Press 1 for Sales, Press 2 for Support.”

It’s always the one thing you didn’t suspect, isn’t it?

If you’re setting up Skype for Business, just as a precaution? Avoid using spaces in your dial plan’s names.

Have you encountered a strange error related to spacing in Skype for Business? Please comment or email in what happened. I always like documenting these errors, in case someone else needs the help later on!

 

Facebooktwittergoogle_plusredditlinkedinmail
No Comments

Can’t Add New Users to Persistent Chat Rooms? Approve Them in the Skype for Business Control Panel

Persistent Chat, Reference, Skype for Business

My manager asked me to add a new user to one of our Persistent Chat rooms. Since we hadn’t used this particular room yet, I was happy to do so. (It meant starting up a new project!)

However I encountered a minor issue…in the form of an “Invalid Member” message.

Persistent Chat Invalid Member

Now this was curious. I had no trouble adding the new user as a contact, or talking with him on Skype. Why would Persistent Chat have any objections?

Time to investigate (and document along the way)!

Check if Users are Enabled for Persistent Chat

The particular person is a new hire. Is their account set up in Active Directory? Yes.
Are they able to use Skype for Business? Yes.
Am I able to add someone ELSE to the Persistent Chat room? Yes.

So is the problem with the user account, or Persistent Chat itself?

Let’s check to make sure the user account is enabled for Persistent Chat. You can do this via the Control Panel or the Management Shell. I like the Control Panel myself, but if you prefer the Management Shell, this is the command you’ll use:
Set-CsPersistentChatRoom
[This configures the settings for an existing room, and lets you assign users or groups to the room.]

In the Skype for Business Control Panel, click Persistent Chat. You’ll see four menu options: Category, Add-In, Persistent Chat Policy, and Persistent Chat Configuration.

Under Persistent Chat Policy, we have a Global policy and a Pool policy. Both have Persistent Chat set to Enabled. Which means new users should have Persistent Chat access. Hmmm.

Over to the Category section. We have one pool. I open the pool.

Ahh, what’s this? We defined membership by individual users! If your account isn’t on the Allowed Members list, you don’t get to use Persistent Chat.

Persistent Chat Category

Let’s see what happens if I add the new user, using the “Add” button. (When you click it, you see this “Select Allowed Members” screen.)

Select Allowed Members

I enter the user’s first name, click Find, and there he is! A quick OK, and he shows up in the Allowed Members list. Click Commit to save. All done in the Control Panel.

Now let’s see if I can add him to the Chat Room. First, I open the Chat Room from Skype4B. Then go to More Options and click “Manage This Room.” (You must log in again, of course.)

Manage Chat Room

Then I see the “Edit a Room” window. Under “Members,” I enter the new user’s name, and then click the Check Names button on the right.

No “Invalid Member” error!

I click Commit Changes, and voila!

Chat Room Updated!

Unable to Add Users to Persistent Chat? Check Your Allowed Members List

I’ve also come across a similar issue, where admins aren’t able to add users to Persistent Chat rooms. It comes from adding “Domain Users” to the Allowed Members list.

I found the solution on Georg Thomas’ blog: Persistent Chat, Unable to resolve names or add Members and Managers: Invalid members – Georg Thomas on Skype for Business, Lync and Universal Communications

If you did use “Domain Users” in the Allowed Members list, user names won’t resolve when you add them to a chat room. You’ll have to add individual users to the Allowed Members list (like we do), or use an OU.

Good catch there Georg.

How’s your experience with Persistent Chat? Great value-add, or do you forget it’s there? Please comment or email your thoughts.

 

Facebooktwittergoogle_plusredditlinkedinmail
No Comments

Hardware Review: Polycom RealPresence Trio 8800 (Part 2)

Skype for Business

“It makes audio conferencing a visual experience.”

That’s what my colleague Stephen had to say when I asked him about the RealPresence Trio. He, along with the rest of the Lync/Skype4B team, spent some time working with the Trio these past couple weeks.

We’ve gathered our experiences for this blog post. There were a few surprises and snags. But overall, we all came away with the same impression – the Trio 8800 is a powerful conferencing system that works with Skype for Business very well.

Trio 8800

The Trio 8800 Hub.

Audio/Video Quality: Awesome!

As I mentioned last week, we have plenty of bandwidth in the office to test the RealPresence Trio. And test we did – running several conferences internally, with remote participants, audio-only, video-only and audio/video.

The audio quality? “Phenomenal.” Careful not to tap on the table; the hub picks it up! No configuration is needed either.

Video Quality: In JB’s comment last week, he mentioned that he’d occasionally see remote meeting participants’ video freeze up. But only on the Trio – when viewing on a laptop, no freezes occurred. We tested this with two remote participants, but didn’t encounter any freezing.

Now, freezing could occur from any number of factors. I’m not discounting JB’s experience at all; we just didn’t see it ourselves. One remote participant did lose audio once. But their video just kept on going!

One final note here: I’ve written about Music on Hold in the past. With the RealPresence Trio, you can turn it off with a toggle! It’s under Features in the Settings menu. If you’d prefer changing the music, you can do that from the same menu.

Setup: Couple Hurdles, Easy Afterward

I will limit my descriptions here, out of respect for Polycom’s ongoing development. Suffice to say that initial setup was easy. “Straightforward and clean,” as another colleague described. The webcam didn’t even need configuration – we just stuck it to the top of the TV, plugged it into the Visual+, and done.

First off: Update the Trio 8800 to the latest firmware as soon as possible. As of this post, the latest update was released 1-29-16. Jeff Schertz has a blog post on how update the firmware: Updating Trio 8800 Firmware – Jeff Schertz’s Blog. You’ll use the USB ports on the hub to administer the update. CAB files are also listed for download on the post.

Secondly, it’s critical to change the Trio’s base profile to Lync Mode.

Why? The Trio 8800 is set to “Generic” by default. This works only by plugging in a phone. You must enable it for Lync/Skype. The best way to do this, we found, was to use the Trio’s setup webpage.

This is accessible by getting the hub’s IP from your network, and loading it in a web browser. Like you’d do to configure a wireless router.

(This step is NOT in the documentation right now, as far as we could tell. If it is in there and we missed it, please let us know!)

After we updated the setup webpage, we discovered that the Base Profile setting is also buried in the hub’s Settings menu. You’ll find it here:
Advanced Settings/Administration Settings/Network Configuration/Base Profile

The Base Profile has only two choices – “Generic” and “Lync.” You must select “Lync” to use the full Lync/Skype for Business conferencing feature set.

Advanced Settings: Now here’s something very interesting. The Trio 8800 has TWO levels of advanced settings. Which you get depends on the password you enter.

The “initial” level only gives options like Change User Password and Reboot Device. I thought this was a great way to enforce security – users have some control over the Trio’s functionality, in case they get locked out. But they’re prevented from accessing (or even seeing) the “deep” advanced settings, so they can’t break its configuration.

The Base Profile settings are only visible in the “deep” advanced settings.

Ease of Use: As Simple as Skype for Business

I’ll start here by talking about connectivity. The Trio 8800 has USB ports for sharing content, Ethernet for network audio/video, and Bluetooth for device pairing.

Trio 8800 Hub Screen in Icons Mode

I paired my phone to the hub with two taps on the LCD. One to Search Devices, the next to pair the phone. Then I played some music and heard it loud & clear through the hub speakers. The quality was just as good as expected.

Next, let’s talk about the hub itself.

The hub’s LCD screen defaults to a keypad, but you can change it to icons. We kept it on the icons menu; making choices takes less time. Starting a meeting & adding users only takes a couple icon taps.

At all times the hub LCD indicates the Skype user account on the icon menu. If you need the Trio’s conference number, it’s displays on the connected screen (as well as its IP and user account name).

JB from the last post was correct – the hub boots up in a couple minutes, and does maintain its settings. Meaning CypherBit’s desire to “keep it in a drawer and place it on the table a couple minutes before the meetings” is totally doable!

However, the hub does not support touch screens. You can connect a screen to the RealPresence Trio, but it won’t recognize touch. I found this out with my touchscreen laptop.

Privacy Screen: The Logitech cam has a fun little feature – a flip-down privacy screen.

Logitech Cam Privacy Screen

Behold, the privacy screen!

If you’re installing the Trio 8800, make sure all its users know about the screen! Someone who doesn’t know about it may think the cam’s not working when it’s down. Stephen had a good suggestion – put a colored sticker on each side of the screen. Instant recognition of open screen/closed screen.

(If you don’t need or want the privacy screen, you can remove it by unsnapping it from the bottom.)

Visual+ Unit: The Visual+ is basically an HDMI output. It operates separately from the hub, with its own IP. You must pair the hub with it to display on the screen, and connect the cam to it for the video. After setup, we stuffed it behind the TV and that was pretty much it.

Skype for Business/Exchange Integration: Acts Like Another Client (On Steroids)

The Trio’s integration works excellently! The Trio hubs acts as a virtual attendee for joining or managing a conference. You can even set it up as a resource you can book. I’d argue that this is the most efficient way of managing a large meeting.

The LCD has a Contacts list, just like the Skype for Business client. Contacts display their Presence status. Groups do too.

Content Sharing: You can share content a few ways – share from an attendee’s computer, or plug a USB drive directly into the hub. We found it’s best to use a PC for sharing. It’s easier to control the application shown.

Issues: Early-Version Snags

So far, we saw 3 snags with the device.

  1. Sparse documentation. Some data sheets, a FAQ, and some Knowledge Base articles are what’s available. Made setup a little time-consuming. But in fairness, this is a very new product. More documentation will come with time.
  2. Early-version software. Most of the issues we encountered appear like simple bugs. Things you’d expect from an initial software release. Minor frustrations, but that’s all.
  3. Video is limited to the Logitech C390e cam. I understand the limitation here–you’ve got to make sure the hub works with at least one cam, before you can make others work. I note it here just for everyone’s reference. It’s very likely Polycom will add compatibility for additional webcams in future firmware updates.

Verdict: Great Conferencing System with Lots of Usefulness

Our testing experience? Great! Polycom did a solid job with the RealPresence Trio. The audio quality alone makes it worth a look.

For the capabilities you get, the price point is very good too. (You can get pricing on request from Polycom here.) No, we weren’t paid for this post. But I do know some good folks at Polycom (hey Adam!) and appreciate their work.

It IS a new product. You expect a couple rough edges. We expect improvements to come soon – added functionality, support for more webcams, etc. That said, there’s no reason you couldn’t put this in your conference room right now.

I’ll end with an anecdote. We had the Trio 8800 hub on the conference room table yesterday, and another customer came in for a meeting. He asked about the device, so I told him what it did. 2-minute intro kind of deal. I wasn’t actually trying to sell it to him.

Afterward he asked where he could get one. Two minutes was all it took!

We hope this information helps anyone considering the Polycom RealPresence Trio 8800. If you have more questions about the device, or are interested in help configuring it, please comment or email me.

And don’t forget to join us next time!

 

Facebooktwittergoogle_plusredditlinkedinmail
8 Comments

Can You Remove the PIN from Skype for Business Dial-In Conferencing?

Conferencing, Skype for Business

One reader entered the following line on our December poll:

“Remove PIN requirement for audio only conferences”

Hmmm. Removing the PIN entirely? I’d never considered this before. Was it even possible?

Time to find out!

First: How to Control PINs in Skype for Business

You enter a PIN when joining a Skype Meeting via Dial-In Conferencing.  It’s your authentication – letting you “in the door.”

Like most Skype for Business functions, PINs are controlled by policies. You can modify the global PIN policy through the Skype4B Control Panel, like this:

  • On a computer that’s a member of your domain, open the Skype for Business Server Control Panel.
  • In the left navigation bar, click “Conferencing”, and then click “PIN Policy”.
  • On the PIN Policy page, click the “Global” policy.
  • Click “Edit”, and then click “Show details”.
  • Here you can edit several PIN characteristics:
    • Minimum PIN Length (default is 5 digits)
    • Maximum Logon Attempts (a check box, automatically determined by default). If you select the check box, you can enter a maximum number.
    • Should PINs expire? A check box for enabling of disabling PIN expiration lets you decide. You can also select the number of days after which PINs expire.
    • PIN History – should users reuse their PINs?
    • A check box for allowing Common Patterns of digits. If you don’t select this, you’re preventing common patterns like “12345” or “44444”. IF you do select this, users can use common patterns for PINs.
  • When you’re done modifying, click “Commit”.
PowerShell PIN Policy

PowerShell warning when changing the PIN length

Or you can use one of the following PowerShell cmdlets.

Get-CsPinPolicy: Returns information about the client PIN.
Grant-CsPinPolicy: Assigns a client PIN policy to a user or group.
New-CsPinPolicy: Creates a new PIN policy.
Remove-CsPinPolicy: Removes an indicated PIN policy.
Set-CsPinPolicy: Modifies an existing PIN policy.

Next: Any Help from TechNet? How about Blogs?

All of this material you’ll find referenced in the Skype for Business section of Microsoft TechNet. Naturally, that’s where I went to look first.

TechNet is a maze sometimes. This search was no different. But I did find several useful resources which detailed working with PINs:
Manage dial-in conferencing in Skype for Business Server 2015
Manage PIN policies for dial-in conferencing in Skype for Business Server 2015
Set a user’s dial-in conferencing PIN in Skype for Business Server 2015

I saw a couple potential loopholes in PIN policy you could exploit, to make PIN use simpler. For instance, setting the global PIN policy to a small number of digits, and not setting user- or site-level policies. Or enter the same PIN for everyone and distribute it.

PINs as a Point of Security – Disable It? Not Likely.

Lock Tumbler NumbersHowever, trying to “cripple” PIN policy undermines a point of security. A PIN is there to protect something – whether that’s your ATM card or your weekly Skype Meeting. As such, I don’t recommend trying to avoid PIN use.

Besides, I found nothing in these TechNet docs which indicated you could turn PINs off. Subsequent Google searches yielded nothing helpful.

What about an add-on? I’ve reviewed a few Lync/Skype for Business add-ons here in the past. Maybe an add-on exists which could modify PIN use on conferencing.

Alas, several frustrated searches later, I was forced to concede. I pored through Office 365 documentation, support threads, and blog posts. Nothing.

So far as I can tell, it is not possible to completely disable PINs from use during dial-in conferencing.

Now, again, that’s not a bad thing. It provides extra security for everything from voicemail access to Skype Meetings. And it is faster than typing in an email & password on your phone!

Other Authentication Standards Growing – Which Will Win Out?

I was left to ponder the original request. What motivated the reader? The convenience of skipping a step? Did they use another authentication method instead?

People are getting used to other authentication methods, both in the office and when mobile. Fingerprint scanning, biometrics, “invisible” backend authentication processes like certificates, etc. More are on the horizon—driven by hackers and malware and the increasing need for securing personal information.

It’s entirely possible that future Skype for Business updates will offer alternate authentication. We’ll just have to wait and see!

Thanks for the poll response! It was an interesting line of thought to pursue. What do you think? If you could remove the PIN requirement from Dial-In Conferencing, would you? Would you prefer replacing it with another authentication method? Please comment or email your thoughts. And join us again next time!

 

Facebooktwittergoogle_plusredditlinkedinmail
No Comments

Lync Doesn’t Like a Recreated Active Directory User? How to Fix It

Lync Server 2013

A reader sent in a Lync Server/Active Directory support request the other day. I responded, but they solved it without much input from us (a credit to their fast troubleshooting skills!).

Afterward, we discussed their solution, and I asked if I could publish the issue. They said yes. So here it is!

Deleted a User from Active Directory & Recreated – Now Lync Won’t Accept

Alex’s email started with:

“I’m having an issue with a Lync 2013 server. I hope you can help me with it.”

“I had to delete a user account from the AD and my Exchange 2010. After that I made a new account for the user with the same login ID and email address. After that I’m not able to enter the user into the Lync 2013 server. Is there anywhere in the Lync 2013 I have to remove the user, or what can I do?”

Image courtesy of khunaspix at FreeDigitalPhotos.net

Image courtesy of khunaspix at FreeDigitalPhotos.net

My initial thought was that both Lync and Active Directory had “ghost” user accounts now. The deleted user account still existed someplace, possibly within the Lync Front End server.

I asked Alex: “Did you remove the user from Lync, as well as AD? It’s possible that Lync retained a record of the user account from before, which it doesn’t now match up to the new account.”

“Look in Control Panel under Users. Remove this user, and recreate the user account. If that doesn’t work, you might try removing the user account from AD, Exchange and Lync in that order and re-creating it again. Tedious, I know, but that way Lync can re-establish its AD integration for the user.”

At this point Alex indicated that he’d resolved the issue. He’d done so “by changing the security settings on the AD account, so it is inheriting all security settings.”

Naturally I was curious for more details. How did he make the security change? Which specific permissions did he modify? Did he remove/recreate the user account first?

A Matter of Domain Administration

Alex was happy to provide. I’ve edited & reformatted his response slightly, below.

“On the domain controller, select the user’s profile. Select the Advanced view. Then I selected the Security tab, and could see that the group “Domain Admins” didn’t have any access to the account. I added the Domain Admins group, and then I made sure that all rights were inherited from the parent folder.”

“After this all my problem with Lync was solved. It also solved the problem we had with ActiveSync to Android Phones. ActiveSync to iPhone was working all the time, but not to Android before this operation.”

Makes sense. If the Domain Admins have no access to an account, they can’t authorize it for access to other services—like the Lync Server.

To check this myself, I went into our Active Directory through Active Directory Users and Computers. (This is not the exact way Alex indicated; I wanted to see if I could achieve the same end from another route.)

I made sure to select “Advanced Features” under the View menu. Then located a user, and opened the Properties window.

Sure enough, there’s a Security tab in this window. Click it, and you should see something like this:

userindomainadmin

(The login I used for this screenshot did not have full admin privileges; accordingly, it has grayed-out elements.)

This particular user is a member of Domain Admins, and has Full Control. Which means they are configured properly. If they were not, the highlighted line would not be present. Then I’d have to click the “Add” button and add permissions.

Unfortunately, I didn’t have an Android phone on hand to test the sync. But it’s always nice when a fix for one issue resolves another too!

If you do face a situation where you need to delete a user & re-enter them, I’d suggest creating a slightly different AD username first. That way you’re sure the new account has no “ghosts” lurking amid the servers. But if you do need to recreate the exact user account, I hope Alex’s quick fix helps you!

Thanks to Alex for agreeing to share his issue with us.

Have you encountered a similar issue between Active Directory and Lync Server/Skype for Business Server? If so, please comment or email. We’d love to hear the details!

Facebooktwittergoogle_plusredditlinkedinmail
1 Comment
« Older Posts


  • Skype4B Insider Email Updates

    Skip the visit - get Skype for Business Insider posts in your inbox! Emails delivered every Friday.

  • About the Skype for Business Insider Blog

    The Skype4B Insider is a blog about the technology we use to communicate in business today. Here we talk about Microsoft's Skype for Business Server 2015, Lync Server 2013, Unified Communications, Voice over IP and related technologies like Exchange Server. Written by Chris W., MCSE in Communication and PlanetMagpie IT Consulting's Tech Writer.
  • Categories

  • Archives