Importance of High Port Range (50,000 – 59,999) between two Edge Pool

December 10, 2014 4 comments

We were working on building of second lync 2013 Edge Pool to achieve HA and Load balancing for our Lync infrastructure and came across with lots of funny and nice things. I cannot highlight all funny things here,But going to explain the most funniest part.

In our environment, we have two edge pool, one pool is for lync 2010 frond end pool media association and new edge pool is for lync 2013 media association. Environment has few mediation pool which is connected with lync 2010 edge server for media association.

If someone call from remote access to desk phone (connected Via Mediation server) using lync 2013 edge server it was getting failed. When we saw the lync traces and netstat logs it was showing that, lync 2013 edge servers and remote client is trying to reach 50k port ranges of Lync 2010 edge server (This is enterprise voice calls and going to use lync 2010 mediation which is associated with lync 2010 edge servers)

So we must have to open 50K port ranges for both of edge pool servers so client can connect and do the enterprise voice calling seamlessly. Below is the technet forum discussion which also helped us to understand more and taking decision to open this high port ranges

https://social.technet.microsoft.com/Forums/office/en-US/faf15263-8950-44e5-af6e-6eaf8b23f0b5/lync-2013-client-still-tries-to-connect-to-lync-edge-on-ports-5000059999?forum=lyncconferencing

Hope, it will help someone else J

Categories: Lync 2013

How to track account locked out in TMG 2010 SP2

November 15, 2014 Leave a comment

Started noticing that few AD accounts are getting locked out within Active Directory where the source, as per the monitoring reports shows that the TMG Servers of your environment, which is working as a reverse proxy for mobile clients.

An account lockout occurs after several failed authentication attempts that are made by incoming web proxy or web publishing requests (for example, an ActiveSync device that has a user’s old password saved).

To track it , go into Log & Reportss in TMG Array and find out failed authentication attempts information below.

  • Run Forefront TMG 2010 console
  • Select Logs & Reports item on the left pane
  • Select Logging tab on the center pane
  • Select Tasks tab on the right pane
  • Select Edit Filter under Logging task

1-1
The TMG logs cannot be used to identify the source of the request hence still you are not able to find any denied connection and device detail which may casing the account locking problem.

3

By default, the change in behavior is not enabled, and the following script should be run to enable the new behavior. After you enable the new behavior, TMG will log the username that is associated with a failed logon attempt in the Username field as follows, instead of being logged as Anonymous:

domain\username (!)

Go thro with the below KB article to enable script for search failed login.

http://support2.microsoft.com/kb/2592929

4-4

Now you can see the below logs report which shows the several denied connection.

2-2

You can also see more information about device expanding “Additional Information” section into one of the log

Disable Video modalitese for certian CSusers in Lync 2013

September 24, 2014 Leave a comment

I have a requirement to disable video for few lync users sitting in remote site dealing with low bandwidth. This whole exercise is to provide good user experience for Audio

To do this, we need to follow below steps

  1. Create a Conferencing policy using below cmdlet

NewCSPolicy2

2. Disable Video by set Boolean value $false for EnableP2PVideo

SetCSpolicy2

I have disabled sharing too, hence you can change other parameter on base of your requirement

See this article for more details about parameter and CS conferencing policy

http://blogs.technet.com/b/csps/archive/2011/08/11/confpoliciesintro.aspx

3. See below CS conferencing policy which shows the EnableP2PVideo & EnableAppDesktopSharing

3.2

Now you can assign this policy for individual users or group of users thru CSV file

Use below cmdlet to assign for single user

Get-CsUser Useralias | Grant-CsConferencingPolicy -PolicyName Policyname

Use below cmdlet for a list thru CSV file (Change location accordingly)

import-csv C:\input.CSV | ForEach-Object {

write-host “Login” $_.login

Get-CsUser $_.login | Grant-CsConferencingPolicy -PolicyName DisableVideoANDSharing }

Hope it will help someone dealing with same need 🙂 !!!

Categories: Lync 2013

Dude, Want to be a Lync Expert ?

September 20, 2014 Leave a comment

During my own learning of lync 2013, I came to know lots of KB’s and Blogs those talk about very nice stuff.

Jeff Schertz is very famous name and publisher of many documents for lync 2010/2013 and OCS. I have filtered few nice article for lync 2013 which I strongly recommend to read all UC folks learning lync 2013 

Note: There articles are approximately of level 400, So you must have a basic understanding of lync infrastructure and concepts before you start reading them. Good Luck !!! J J

Lync Edge Server Best Practices:

Lync Server 2013 Deployment (Read all part 1/2/3):

Media Codecs in Lync 2013:

Understanding Lync 2013 Mobility:

Understanding Lync Video Quality Reports:

Video Interoperability in Lync 2013:

Understanding Lync Modalities:

Planning for Video in Lync:

Video Temporal Scaling Behavior in Lync 2013:

Lync Edge STUN versus TURN:

Stay tune for next post !!!!

Categories: Lync 2013

Failed to save Web Ticket Signing certificate to the file store

Issue : Lync mobile client can not sign-in .

During my troubleshooting on my lync director server, I see Event 4101 which indicating “Certificate file path” can not be  found. I tried to browse the File store asscitae with DIR servers and can not browse. So its confirm that problem is occurring due to store only. You can also see this event if you have permission problem on lync store directory.

WebTicket

Worked with Storage admin to enable the lyncShare directory with old data which resolved the issue.

Categories: Lync 2013, Uncategorized

Lync 2013 Client crashing after sign-in

I have got an issue with one particular user, whenever he sign into the Lync 2013 desktop client it signs in but then the Lync client locks up and crashes with the error below. If any other user logs into the same computer it works perfectly. I can recreate the issue by logging the user into Lync from any Lync 2013 desktop client we have deployed.

 Error : Faulting application name: lync.exe, version: X.X.X.(x.x.x.x), time stamp: 0x52714a81

Solution:

1. Check the latest CU update for lync client has, if not then update lync 2013 with latest CU and check the issue. Refer below link.

Updated: Lync 2013 Cumulative Updates List

2. Disable user from lync control panel wait for 10 minutes and re-enable back and check the issue

3. Remove lync account and recreate from scratch, Follow below steps

  • Log onto FE server, open Lync Control Panel, Remove troubled user
  • Log into an AD server or use the AD snap in > View > Advanced Features > open trouble user account > Attribute Editor Tab > Verify ALL msRTCSIP info is gone
  • Clear some manually records of msRTCSIP  if still any stale records there
  • Open the Lync Powershell, and Run

Update-CSUserDatabase – wait 15 minutes at least (This updates the FE DB with the info in AD)

Update-CSAddressBook – wait 15 minutes (This updates the FE address book with the FE database)

  • Double Check AD msRTCSIP info on user
  • Add user using Lync Control Panel
  • Rerun Update-CSUserDatabase and wait for some time
  •  Update-CSAddressBook, wait for some time
  • Then try to log in again with troubled user account an test
Categories: Exchange 2013

Message Tracking log with multiple Transport Server

There several blog says about how to track email message for multiple HUB transport servers placed after HW LB like F5.

I was doing same and thoug to put here for my reference 🙂 !!!

1: Tracking of message for a subject “”WHAT’S NEW” on a single HUB transport server.

Get-MessageTrackingLog -start “5/8/2014 12:00 AM” -MessageSubject “WHAT’S NEW”-EventID Receive | Select ServerHostName,Timestamp,Recipients

2: Tracking of message for a subject “”WHAT’S NEW” on a multiple HUB transport server.
Get-transportserver HUBSevrer* | Get-MessageTrackingLog -start “5/8/2014 12:00 AM” -MessageSubject “WHAT’S NEW”-EventID Receive | Select ServerHostName,Timestamp,Recipients

2: Tracking of message for a subject “”WHAT’S NEW” on a multiple HUB transport server with ascending timestamp order.
Get-transportserver HUBServer* | Get-MessageTrackingLog -start “5/8/2014 12:00 AM” -MessageSubject “WHAT’S NEW”-EventID Receive | Sort Timestamp | Select ServerHostName,Timestamp,Recipients

Note : Please change HUB server name and time according to your environment.