Skype for Business routing group missing both secondary replicas

For some reason Get-CsPoolFabricState reported an error in a routing group after patching the operating system of 4 enterprise pool FE servers. Users were getting limited functionality and there were som “exciting” errors in the Lync server logs in event viewer.

Event 64004 LS Join Launcher Web Service
Event 32083 LS Audio-Video Conferencing Server

Event 32261 LS User Services

 

I’ve had some cases where Front End service wouldn’t start, and the solution would be to run Reset-CsPoolRegistrarState -PoolFqdn serverpool.domain.com -ResetType QuorumLossRecovery , but this time it was different.

Get-CsPoolFabricState reported that all routing groups had their primary, but one of them was missing both secondary (secondary and backup-secondary). As previously mentioned, Reset-CsPoolRegistrarState didn’t do the trick….but there is another command that should be helpful, if there only were a place to get information about it…. Microsoft documentation… but at least in my browser, the attributes isn’t correct and there is no information about what they do. The first line of example in the documentation is also wrong, using the attribute -Type, when it is -ResetType, this have to be one of the worst docs I’ve read. The attribute that is actually interesting here is of course the ResetType, but this is the list from the website:

I see allowed values : Invalid, Permanent, Transient. No explanation…and Invalid? What?

Having spent too much time already I decided to give it a go…..

Reset-CsRoutingGroup -RoutingGroup 1D8E94CB114A5FAFBF03FBA2A781E8E3 -TargetFqdn sfbFE1.domain.com -ResetType Transient

Hmm. Didn’t do me any favors, it just moved the routinggroup primary to another server, but didn’t fix the problem.

Reset-CsRoutingGroup -RoutingGroup 1D8E94CB114A5FAFBF03FBA2A781E8E3 -TargetFqdn sfbFE1.domain.com -ResetType Invalid

Yeah…right. But at least I got an error with some information telling me that Invalid is an Invalid option….I’ve would have been crying if some genious at MS hadn’t included a little more information about what values that was acceptable:  Permanent, Transient and Recreate.

Now, that’s what I’ve been searching for the whole day. A way to recreate the routing group.

Reset-CsRoutingGroup -RoutingGroup 1D8E94CB114A5FAFBF03FBA2A781E8E3 -TargetFqdn sfbFE1.domain.com -ResetType Recreate

BOOM. Fixed in 1 minute.

Hats of to MS for a documentation from “He**” and a smiley to the genious programmer that included the values.

Skype for Business CsRGSHolidaySet

Created RGSHolidaySet for Norway 2018.

$poolname = Read-Host -Prompt “Legg inn Skype-pool navn, full FQDN”
$NyttAar = New-CsRgsHoliday -Name “Nyttårsdag” -StartDate “1/1/2018” -EndDate “2/1/2018”
$SkTo = New-CsRgsHoliday -Name “Skjærtorsdag” -StartDate “29/3/2018” -EndDate “30/3/2018”
$LaFr = New-CsRgsHoliday -Name “Langfredag” -StartDate “30/3/2018” -EndDate “31/3/2018”
$PMan = New-CsRgsHoliday -Name “2. Påskedag” -StartDate “2/4/2018” -EndDate “3/4/2018”
$Arb = New-CsRgsHoliday -Name “Arbeidernes dag” -StartDate “1/5/2018” -EndDate “2/5/2018”
$Himmel = New-CsRgsHoliday -Name “Kristi Himmelfartsdag” -StartDate “10/5/2018” -EndDate “11/5/2018”
$17Mai = New-CsRgsHoliday -Name “Grunnlovsdagen” -StartDate “17/5/2018” -EndDate “18/5/2018”
$2Pinse = New-CsRgsHoliday -Name “2. Pinsedag” -StartDate “21/5/2018” -EndDate “22/5/2018”
$Jul = New-CsRgsHoliday -Name “Julen 2018” -StartDate “25/12/2018” -EndDate “27/12/2018”

New-CsRgsHolidaySet -Parent “ApplicationServer:$poolname” -Name “Holiday 2018” -HolidayList ($NyttAar, $SkTo, $LaFr, $PMan, $Arb, $Himmel, $17Mai, $2Pinse, $Jul)

Network connectivity issues or an incorrectly configured certificate on the destination server

Issued new certificate for internal Front End. The new certificate had SHA256, vs old one had SHA1. There were two FE servers but only one gave this error:

Sending HTTP request failed. Server functionality will be affected if messages are failing consistently.

Sending the message to https://FQDN:444/LiveServer/Replication failed. IP Address is 10.10.0.12. Error code is 0x2EFE. Content-Type is application/replication+xml. Http Error Code is 0x0.
Cause: Network connectivity issues or an incorrectly configured certificate on the destination server. Check the eventlog description for more information.
Resolution:
Check the destination server to see that it is listening on the same URI and it has certificate configured for MTLS. Other reasons might be network connectivity issues between the two servers.

 

Solution: Run local setup on server. Was not necessary on the other for some reason.

Exchange Server 2013 ECP not showing all OU’s

Many blogs have been written about the ECP just showing up to 500 OU’s in “OU picker” when you want to create new mailboxes or distributiongroups. The blogs about this telling us to edit the web.config file found in “C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\ecp\”.
In the appsettings section, add the XML element
<add key=”GetListDefaultResultSize” value=”1000″ />. Some blogs also suggest modifying c:\Program Files\Microsoft\Exchange Server\V15\Frontend\httpProxy\ecp\ with the same value. The difference between the two locations is not always clear however. The first location is the “Backend” website in IIS, and it it this location you need to modify to get all the OU’s showing when you connect to ECP on your exchange server. The other location is for using ECP from a client, like your laptop. There was no need to recycle the app-pool in IIS after modifying the web.config files, but log out and log in again. Last thing that was not stated clearly enough in other blogs (stated clearly enough for me, that is), was the need to change the web.config files on all exchange servers. Even when I connected to https://localhost/ecp on the server I did the modifications, it did not work. Started working right after the modification was made on all my 4 nodes in the DAG-Cluster. So remember to change web.config on all servers.

iPhone 6 plus : Cannot Get Mail – The connection to the server failed

According to this thread, a lot of people have trouble syncing their ios device (primarily iphone 6 or 6 plus) with their exchangeserver at work.

I was one of those myself. Tried every suggestion in the thread regarding, deleting and adding account, reboot device, reset network settings, suggestions about inheritance on account in active directory, deleting mobile device in OWA…… the list continues, but nothing helped.

I was able to set up my email account on a different iphone 6, I had OWA for iphone working, even Outlook for IOS was giving me everything I wanted….but not native email app. Cannot Get Mail – The connection to the server failed. WHY?

After several days of trying and failing….I finally got it right. If you have not found a solution in the thread above, I can add one more suggestion.

When I removed the iphone from mobile device list in OWA, it did what it was supposed to do…disappeared from the list. However, the GUI is not accurate. Powershell is. I finally ran “Get-MobileDevice -Mailbox myalias”  and got a list of devices, including my iphone…even though I had removed it using the GUI.

When I then entered “Get-MobileDevice -Identity xxxxxxxxxxxxx | Remove-MobileDevice” (where xxxxxxxx is the identity of my iphone from “Get-MobileDevice -Mailbox myalias”  in exchange powershell I was able to sync successfully within a minute.

Hope this helps somebody.

Calendar Permissions not updated

Might be a strange behaviour, or by design?…. Whatever the reason, a customer “lost” the ability to use scheduling assistant in outlook when creating new meeting requests. The calendars was not showing any information, and hoovering over the calendars gave me information about not having permissions. Scheduling assistant uses the “Default” permissions, if the user is not assigned as a member of another group with different accessrights. That’s how i ended up with two problems.

I’m not sure why the “Default” accessrights suddenly got “corrupted”. Maybe an Exchange Server 2013 rollup. Migration from Exchange 2010 would have raised this problem a year ago, and I didn’t get any feedback about this issue until some weeks ago, when I installed two new exchangeservers with CU7 out of the box.

Anyway. When running Get-MailboxFolderPermission on the calendars in the organization, it showed Default had “Reviewer” accessrights, but It really hadn’t. I had to “refresh” the permissions of “Default” user, running this script. With english and norwegian outlook, there is a mix of names for the calendar folder. The script checks what the name of the calendar folder is, before it executes.

 

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010

# Get the mailboxes

$Mailboxes = Get-Mailbox -Filter {RecipientTypeDetails -eq “UserMailbox”} -ResultSize Unlimited

# Looping

ForEach ($Mailbox in $Mailboxes) {

# Get the name of the calendar folder

$Calendar = (($Mailbox.PrimarySmtpAddress.ToString())+ “:\” + (Get-MailboxFolderStatistics -Identity $Mailbox.DistinguishedName -FolderScope Calendar | Select-Object -First 1).Name)

# Set the permissions on the folder

Set-MailboxFolderPermission -Identity $Calendar -User Default -AccessRights Reviewer}

 

NOTE: New folderpermissions uses New-MailboxFolderPermission if no permission is already set for a user.

 

Running this updated the default accessrights on the calendars, and scheduling assistant started showing free/busy for people entered in the assistant.

 

All good? No.

People that was assigned to another group with “Author” accessrights to calendars, was still having problems. Running the script again updating the Calendar-authors group fixed the problem for those users.

 

As stated earlier, I don’t know why this was happening, but it’s an easy fix. If anybody can enlighten me about the cause for this accessrights problem, please leave a comment.

Which .admx file have the settings?

Looking for a specific GPO setting, corresponding registry key or corresponding .admx file?

When you work with Group Policy Objects (GPO’s) regularly, or even better, when you don’t work with GPO’s regularly, the following scenario’s will sound familiar.

– I know this GPO setting exists, I know it had the words “Delegating Saved Credentials” in it but where is that specific policy in the GPO tree?

– I have this GPO setting here, but what is the corresponding registry key?

– I have this GPO setting here, but what is the corresponding .admx file?

– I have this GPO setting here, but is a logoff required

Save yourself some time searching the net and bookmark the following page:
http://www.microsoft.com/download/en/details.aspx?id=25250

It contains several fully searchable Excel sheets, which contain GPO settings with columns like policy setting name, scope, admx file, registry key etc!

These sheets have been around for some time, but I thought it might be useful information to give it some extra attention.

There also is a online variant here: http://gps.cloudapp.net/

 

Copy in full from http://microsoftplatform.blogspot.no/2011/11/looking-for-specific-gpo-setting.html

 

 

PSTN to Lync 2013 Unassigned Number failure

A sidenote: if upgrading from lync server 2010, it may not be sufficient to redirect the gateways to the new 2013 pool. you will then have to delete the gateway(s) and trunks, publish topology, then re-add them to topology with 2013 pool, and publish again. Be sure to update the “Associated trunk” on the voice route configuration. Thanks to Michael for sharing this unassigned number failure solution.

D(one) IT

Incoming calls from the PSTN to an unassigned number within the unassigned number range on Lync 2013, the call fails. The same number called from the Lync client completes successfully, and is routed to either the Announcement service or Exchange Attendant depending on configuration. In Snooper the call trace shows a “486 Busy Here” or “403 forbidden” or “404 not found” depending on your Gateway/PSTN provider.

Looking into the 403 forbidden message, I came across VOIPNorm’s Call Park Retrieval Issues From CUCM 8.x. It seems as though both the Call Park Service and the Unassigned Numbers are skipped for external inbound calls.

The fix is to create a trunk that has no PSTN usage records.

View original post

Exchange server 2013 /PrepareAD fails when installing SP1

Had an error message when installing SP1, so i came over to this site : http://blogs.technet.com/b/manjubn/archive/2013/09/02/1-exchange-server-2013-preparead-or-cumultive-update-installation-fails.aspx

Exchange server 2013 /PrepareAD or installing Cumulative Updates [ CUxx ] fail with the error,

while running Organization Preparation

The following error was generated when “$error.Clear();
install-AdministrativeGroup -DomainController $RoleDomainController

” was run: “Active Directory operation failed on Servername.domain.com. The object

‘CN=Folder Hierarchies,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),

CN=Administrative Groups,CN=Exchange Organization,CN=Microsoft Exchange,

CN=Services,CN=Configuration,DC=Domain,DC=Com’ already exists.”

The Exchange Server setup operation didn’t complete. More details can be found in ExchangeSetup.log

located in the <SystemDrive>:\ExchangeSetupLogs folder. Exchange Server setup encountered an error.

This error occur when the “CN=Public Folders” container underneath ‘CN=Folder Hierarchies has been

deleted from Active Directory. use the ADSI Edit, or a similar tool (LDP), to determine whether the Public

Folders container exists. The Public folder object can be found at:

CN=Configuration,CN=Services,CN=Microsoft Exchange,CN=Your Exchange Organization,

CN=Administrative Groups,CN=Administrative group,CN=Exchange Administrative Group

(FYDIBOHF23SPDLT),CN=Folder Hierarchies

There are multiple methods to fix this issue , Here is the recommended method

by Recreating Public Folders containers.

Use ADSI Edit or a similar tool to locate and expand Exchange Administrative Group (FYDIBOHF23SPDLT).

The Public Folders object can be found at:

CN=Configuration,CN=Services,CN=Microsoft Exchange,CN=Organization,CN=Administrative Groups,

CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Folder Hierarchies

1. Right-click the Folder Hierarchies object, click New, and then click Object.
2. In the Select a class list, select msExchPFTree, and then click Next.
3. In the Value box, type Public Folders, and then click Next.
4. Click More Attributes.
5. In the Select a class list, select msExchPFTreeType, and then click Next.
6. In the Edit Attribute box, type 1, click Set, click OK, and then click Finish

I actually had an item in the “Folder Hierarchies” folder called CN=Recover data.

I changed the msExchFPTreeType attribute from 0 to 1, and the /PrepareAD completed successfully.

Exchange 2013 UM, Event ID 1423

Users not receiving UM notifications. Event ID 1423, MSExchange Unified Messaging.

The Microsoft Exchange Unified Messaging service on the Mailbox server encountered an error while trying to process the message with header file “C:\Program Files\Microsoft\Exchange Server\V15\UnifiedMessaging\voicemail2dfd9a9-328e-4b45-a828-08c1461ac615.txt”. Error details: “Microsoft.Exchange.UM.UMCore.SmtpSubmissionException: Submission to the Hub Transport server failed. The operation will be retried. —> Microsoft.Exchange.Net.ExSmtpClient.UnexpectedSmtpServerResponseException: Unexpected SMTP server response. Expected: 220, actual: 500, whole response: 500 5.3.3 Unrecognized command

 

Found that the problem was a receive connector. The “server relay” connector had the ip of the exchangeserver in the scope for testing the connector. When I removed the ip from the connector, all UM notifications arrived.