Sep 17

Presence Lying, Like a Pro

One of the great things about Skype for Business is you can see if a remote person is available for a chat or if they are busy in a meeting. Taking advantage of the presence capabilities is a very useful tool.

However, some people try to game the system and artificially set their presence. They may set their presence to “Away” when they are actually available just because they don’t want to be bothered by anyone. Yet those same people are more than happy to send you an IM while they are “Away”.

You've been Away 18 hours yet still sent me an IM?

You’ve been Away 18 hours yet still sent me an IM?

 

I’m no fan of being a Presence Liar, but there are some decent reasons to do it.

Some people schedule “meetings” so that they can have time to get actual work done.

But what if you work remotely and, you know, screw around a bunch. You don’t want your boss to look at your status all the time and see “Away” because you aren’t using your PC much while napping.

How can you game the system?

By default, your status changes from Available to Away after 5 minutes of not using your mouse or PC. Having to touch your PC once every 5 minutes is totally preventing me from napping during the workday.

One solution is to download a little bit of software to take this pain away from you. Caffeine is one option (I haven’t tried it). Apparently this utility simulates pressing the F15 (not a typo) key every 59 seconds. This one fakes mouse movements every so often.

So that’s an easy and free fix. But what if you work in an environment where you can’t install any software on your computer? Or what if your company scans your PC for software like this and you end up on a report and a call form your boss?

Is there a stealthier way to stay “available” while napping?

Yes, yes there is.

Welcome to the world of Mouse Jiggler.

jiggler

This little bad boy is the answer to all your napping-during-work-while-still-being-“available” dreams. As far as Windows is concerned, you just plugged in a generic HID-compliant mouse. As far as you are concerned, you are now moving the mouse every so often – just enough to keep the screen awake and your status as Available.

So how does Windows see this? Generic Mouseville, Population one.

I ran a Belarc Advisor report against my PC and all it did was report this:

HID-compliant mouse (4x)

I actually have 2 real mice connected plus the Mouse Jiggler. Not sure what that fourth one is!

I also downloaded some random USB reporting tool and I found the Mouse Jiggler in my list of USB devices.

usb

 

So how much and how often does the mouse get moved?

Excellent question.

I used a mouse recording utility, set it to start, then left the room to watch some football. I came back and saw the below output.

mouse-recorder

 

The very first entry is me clicking “record” with my mouse so we can ignore that entry. Thereafter, everything is being input by the Mouse Jiggler.

The second column is the X-Axis, the third column the Y-Axis, and the 4th column is elapsed milliseconds since last movement.

The first action happened after almost 6 minutes. The Jiggler moved the mouse 1 pixel. Three minutes later, the mouse was moved 7 pixels. And then after about the same delay, the mouse was moved 8 pixels.

This is enough movement to keep my Skype for Business client listed as Available.

It also keeps the screensaver off. This is useful if you work somewhere that sets the screensaver lockout duration to 1 minute.

According to the Mouse Jiggler website, there are plenty of reasons other then napping while “available”:

Presenters use Mouse Jiggler because it allows them to present without the screensaver popping up in the middle of the presentation. Employees who are unable to change their system sleep settings or install unapproved software on their computers find Mouse Jiggler convenient to keep screen savers or login screens from activating.

IT professionals use the Mouse Jiggler to prevent password dialog boxes due to screensavers or sleep mode after an employee is terminated and they need to maintain access to their computer.

Computer forensic investigators use Mouse Jigglers to prevent password dialog boxes from appearing due to screensavers or sleep mode. With many computer hard drives now employing full-disk encryption, such modes can greatly increase the time and cost of a forensic investigation.

 

I don’t care about those. I just like to know that I’m always Available, even while napping.

And if my boss is reading this, I am only writing this as an overview of a device related to my expertise, not because I’m nappinzzzzzzzzzzzzzzzzzzzzzz…..

 

Jun 27

My first publishing experience. Windows NT 4.0 anyone?

6 27 16 3 29 PM Office LensThe book I recently released – Enterprise Voice in Skype for Business Server 2015 – was not my first publishing credit. No, to find that, I need to take you back to 1997 and the book Windows NT Troubleshooting and Configuration.

I was born and raised in Indianapolis, Indiana. Unbeknownst to many, there is a bit of an industry in publishing tech manuals in that city. You know those “…for Dummies” books? That franchise is at least partially run out of Indianapolis.

The publisher of this particular book was Sams Publishing, also based out of Indianapolis. Because of this, as you start networking throughout the Indianapolis tech community, it won’t take long until you run into a bunch of people who have written at least a chapter or two in a published book.

And it was through this that I was given the opportunity to write two chapters in this book:

 

  • Chapter 30: Windows NT and Dynamic Host Configuration Protocol
  • Chapter 34: Integrating Windows NT and UNIX.

Back in the day, I was a bad-ass at Windows NT. That’s not just some boasting. I’ll challenge my 27 year old self against anyone on Windows NT. I lived it. It was how I was making my living…building and supporting Windows NT networks. This was mostly for small businesses in the Indianapolis area but I had one account that had about 1,500 people in a dozen or so locations. There were two global companies where we supported one of the divisions in Indianapolis.

So when the opportunity came up to write a chapter or two, I jumped at it.

But as time passed, I lost my copy of the book. I gave one to my mom but when I went to visit her a few weeks ago, the book was gone. And in the mists of time, I forgot the name of the book too! I just remembered it had a mostly green cover.

Thanks to the Internet and an hour of my life, I saw a book that looked really familiar. My name wasn’t in any of the online sites where I found it, but I had a feeling this book was the one. So I bought a used copy for ~$6USD including shipping. It showed up today.

And there is my name!

6 27 16 3 30 PM Office Lens6 27 16 3 31 PM Office LensBelow are pictures of some of the pages I wrote. I remember doing a lot of work on this book, setting up a lab, etc. This was before VM’s were a thing so I had to have at least 2 PC’s. I forget the exact configuration. I’m old and this is trivia that is apparently no longer relevant to me. Or probably to you.

So here you go, a few snippets from the long lost book which was my first foray in the publishing world.

 

6 27 16 3 32 PM Office Lens6 27 16 3 36 PM Office Lens

6 27 16 3 38 PM Office Lens6 27 16 3 38 PM Office Lens 16 27 16 3 39 PM Office Lens

 

Mar 27

I Wrote a Book

Early Cover without "2015"

Early Cover without “2015”

Some of you may be aware that I recently published a book – Enterprise Voice in Skype for Business Server 2015. Visit www.evs4b.com for full details.

This post is not specifically about the book. It is about why I wrote that book and the joy of doing that. </sarcasm>

I originally started writing the book over 3 years ago while we were still basking in the glory of Lync 2010. I spent some time and roughed out the chapters I wanted to write. I then went ahead and wrote a few chapaters. For reasons lost to my aging memory, I quit writing that book. My guess is because Lync 2013 was released.

It kept gnawing on me over the following few years that I should return to the book and finish it off.

So at the end of May 2015 I took 1 week off work with the explicit goal of reviving the book project. Apparently like most authors with time on their hands, I spent most of my time napping, watching TV, and hanging out with friends. I did not end up spending a full week on the book.

But I did make progress. I realized I wrote much less than I had remembered. I thought I was about 4 chapters in when in reality it was barely more than two. And it was a good thing I didn’t get much further.
1.) I had to re-do all of the screen shots to show the new Control Panel

2.) So many mistakes

Over time, we tend to get better at things like being able to walk or ignore politics. In my case, I got better at Enterprise Voice. Much better.

Though I didn’t accomplish much during that week in May, it did get this whole project going again. Part of the project was building up a real-world environment at home. I didn’t want to use any of my work resources for any of this to avoid any conflict of interest. So I upgraded one of my servers at home and then built up a whole new home environment from scratch – including building two Asterisk servers (though in the end I only really needed one). With this in place I was able to test and validate everything in the book.

See all of that PowerShell in the book? Every one of those lines was successfully run in my lab before it ever made it into Word.

I probably averaged about 15 hours a week working on the book between the end of May 2015 and December 2015. Some weeks I didn’t work on it at all. Other weeks I worked deep into the night day after day.

As I was writing this and making good progress, the project continued to become more daunting, not less. I kept thinking of more topics to write about. One could write a whole book just about Exchange UM. How was I going to learn all of the details and intricacies of that and fit that into this book? What about Response Groups and Call Admission Control?

Some time in October I was driving from Nashville, Tennessee to Columbus, Ohio to meet some friends there to watch a Columbus Crew MLS game. (Go Crew!). On the drive I was listening to some of the MS Ignite conference presentations. Somewhere during that time it dawned on me that I could easily focus the book based on how Control Panel is laid out. If I focus on the Voice Routing tab, I’ll be able to cover all of the key features and readers new to the topic will only have to focus on one section.

After I got done with that I decided that it wouldn’t be too much more work to write about Call Park and Unassigned Numbers found in the Voice Features tab. And ….why not throw in Dial-In Conferencing too.

But that was it. I now had a properly framed book, topic wise.

But the problem was…my Word document got corrupted. I was about 90% of the way done with the book when Word decided to crash every time it opened the document. Sure I had backups but I would basically lose a weeks work because I wasn’t backing up as often as I should have been. Interestingly, the document opened up just fine via Word Online. I did open a personal case with Microsoft support but they couldn’t figure the problem out either.

This knocked the wind out of my sails for about 2 weeks before I could get myself motivated to fix this the hard way.

So I went to my backup and basically copy/pasted from Word Online into Word on my PC. I also spent a while making sure I had every possible backup option in Word enabled. I also started manually doing a whole bunch of “Save As…” moves whenever I got done with a few paragraphs. After recovering the file I never had a corruption again.

My sister has a Masters Degree in Art from Pratt Institute in Brooklyn. So she was the obvious choice to do the cover art for me. The cover is from an original installation she did for (I believe) her Masters thesis. She snipped off a part of that installation and let me use it for the book.  The squiggly lines on the first page of the book are also from one of her original works though, taken out of context, it just looks like some squiggly lines! Check out her website at www.jessicadadams.com to see more of what she does including the full context of the cover art.

If you look deep enough into the minutia of the book, you’ll see that it is published by Edgehill Publishing. Who are they? “They” are a friend of mine named Andrew Young. He has self published 2 of his own technical manuals – Expert Advisor Programming for MetaTrader 4 and Expert Advisor Programming for MetaTrader 5. He used to live on Edgehill Avenue in Nashville so there you have the name of the publishing company. He has a few extra ISBN numbers laying around so he gave me one in exchange for buying him some beer.

back_cover-Early

Early back cover.

That’s how business gets done.

Any book like this needs a technical editor. As I was writing this book, I had the name Ken Lasko in the back of my mind as the first person I would ask to do the technical editing. Once I had the book ready for the first pass, I reached out to Ken via Twitter. I’ve been reading his blog for a few years and it focuses heavily on enterprise Voice. He also has given several presentations at events like Lync Conference and Ignite. I feel fortunate that he agreed to do the technical editing. He provided a lot of feedback that not only makes the book more readable but also more accurate. At least half of the call-out boxes in the book are directly in relation to Ken’s feedback. Plus he also never mentioned to me that he thought the book was rubbish so it was a good confidence booster that a respected MVP like Ken did 2 tech editing passes on the book.

Once I thought the book was ready to go live, I needed to figure out how to get the book formatted for CreateSpace. CreateSpace is the self-publishing division of Amazon. I was under a time crunch to get this book published. I had no idea how to do it – not to mention a few formatting issues I couldn’t figure out. Through dumb luck I stumbled across the website www.peopleperhour.com where there are a bunch of freelancers who claim to have helped put dozens (if not hundreds) of properly formatted books into publication via CreateSpace. I reviewed a few online resume’s and selected Luanne T. to do the work. She has been incredible. I am way under-paying her for her time but I hope to get her a fair payment soon. She basically had to reformat the whole book – including the hundreds of images. The Kindle version is also a fork off the original document so that had to be formatted differently.With her masterful assistance, the book fit all of CreateSpace’s criteria on the first pass.

After submitting the book, I ordered a proof copy to make sure that the book looked good on printed paper. I spotted a few grammatical and formatting errors but I was focused on making sure all of the screen shots were clear and legible. I showed the book to a few friends the day I got it. They flipped through it and said it looked good.

So I pulled the trigger and on 16 March, 2016 the book was published.

I then read the paperback book all the way through.

I can’t explain it but I’ve read the book front-to-back about 5 times but reading it in paperback I found a bunch of errors. Between my readings, Ken’s readings, and Luanne’s work formatting the book, how can so many little mistakes pop up? it’s beyond me. So I put together an errata that can be found on www.evs4b.com.

But this is the modern publishing age. So I can fix this.

I edited the Kindle manuscript before submitting it to Amazon.  So the Kindle version should be free of everything listed in the Errata. I also re-submitted the paperback manuscript to CreateSpace with all of the fixes. If the printed date in the back of the book is after 21 March 2015, then you have the updated version and the errata does not apply to you.

I’ve mentioned throughout this little blog posting that I’ve had a deadline and had to get this book published quickly. The reason is that I accepted a new job a few weeks ago to be a Senior Consultant at Microsoft. My first day is tomorrow (28 March 2016). Releasing the book before I start at Microsoft avoids any conflict of interest or having people buying the book thinking that this was written by a “Microsoft person”. The next version of this book (probably when the next version of Skype for Business gets released) will probably have to go through the whole Microsoft process for an employee releasing a book.

So because of that deadline, I had to blast through the proofing section so I apologize to any of you with a book that requires the errata. There are no semantic errors in the book but a few hyphens are missing on some PowerShell commands along with some weird and random grammatical issues.

Now I have to hope people will buy this book. I need to sell about 100 copies to recover my personal financial investment and break even on my out of pocket expenses. I then need to sell a whole bunch more to cover the amount of time I poured into the book. I’m less concerned about recovering that money. I wrote this book because I am passionate about the topic and there is no single resource this in-depth on this topic.

As I was writing it, I had an imaginary reader. This imaginary reader did not have English as their first language . This imaginary reader was given a project to add Enterprise Voice  to their existing Skype for Business implementation. For good portions of the book, this is the person to whom I am talking.

I hope that the book is easy to read yet detailed enough to get the job done.

Now, have your company buy the book for you so I can be motivated to re-do all of this with the next release of Skype for Business!

Mar 14

The Android Experiment

No SamsungI’ve used Windows-based phones since Windows Mobile 6.5. It’s been a very rocky road as Microsoft has changed direction with seemingly every release. But I’ve stuck it out for one main reason: It’s always struck a balance between customizability – the great Android strength – and stability – the great iOS strength. Maybe stability is the wrong word there for iOS. For while I find the interface to be extremely tedious, it seems to be a very reliable operating system.

So to me, Window phones have always worked that balance between Android and iOS very well. For reasons, I had to ditch my Windows 8.1 phone in January for a Samsung Galaxy S6. While it was my first Android phone it is not my first Android device. Over the past few years I’ve owned a few Android tablets and use them on a nearly daily basis. So I thought I was well prepared to make the jump to the Android universe.

But it’s a whole different world from casually using Android to relying on Android.

As a result, I’ve come to the conclusion that Android generally sucks and that Samsung specifically sucks.

Here are the reasons why I can’t wait to get back to Windows Mobile:

  1. Intrusive messages. I was in Charlotte, North Carolina for the first time in my life a few weeks back. So I was using Google Maps to find my way around town. Twice during the trip – and right before having to make a turn – a big white window pops up telling me that “Voicemail has crashed” or some such message. WHAT? Why do I care? I’m about to miss my turn! Who decided putting a pop up about a crash is so important that it should interrupt what you are doing. Isn’t that what the notification center is for?
  2. Battery Life. The battery life on this S6 is terrible.  I was just in New York City on vacation. The phone made it about 10 hours before dying. I had to resort to having my sister carry a battery charger in her purse so I could charge up over the course of the day. Note that I put the phone in battery saver mode and turned off GPS too. That didn’t help. Apparently there is a whole world of Android tweaking that I can pursue to fix this. But why should I? On Windows phones I only experienced this kind of rapid battery drain when using GPS. Otherwise I rarely ever had a problem getting through the day on a charge.
  3. The keyboard suck. I tried both Swype and Swiftkey – recently acquired by Microsoft. I used the default Samsung-provided keyboard for about 4 seconds until I realized that it didn’t support “swipe typing”. Both Swype and Swiftkey kept deciding to use “YoY” instead of the word “you”. The amount of mis-typing I did was higher than on Windows phones. I’ve got a Lumia 640 I just bought. I threw on Windows 10 Mobile and the default typing experience is noticeably better than on Android.
  4. Samsung.
    1. If I ever return to the Android world, I will not be buying a Samsung phone. For starters, the buttons on the front face for “going back” and to “list the running apps” are way too sensitive. I’ve never had so many accidental button presses as on this phone. Which raises the question: Why is there a physical button on the front of the phone? Isn’t the new Android model to go with soft buttons on the screen and ditch this approach? None of my Android tablets have ever had a physical Home button and the new Windows phones are ditching the physical front button too.
    2. The thumb reader. I’ve read that the “Hello Windows” feature on the Lumia 950 phones doesn’t exactly work perfectly. But it’s a rare event that the thumb reader on the phone works on the first try. It almost always fails on the first try, usually works on the second, and rarely requires a 3rd pass. But why so many failures?
    3. The miserable apps provided by Samsung. I was complaining to a friend that the Calendar and Mail clients on Android are basically garbage. he whipped out his Google Nexus 7 and said the problem was I got “Samsung-ed”. Apparently Samsung decided it was a good idea to write their own crappy apps and replace the far-better default Google-provided apps. Had I had the default Google apps I’d probably be happier with my Android experience.
    4. This could be on AT&T too. Android 6 aka Marshmallow was released in October. Yet here I am, 6 moths later, with my phone running Android 5.1.1 (Lollipop).  And I always thought that the Android world was getting updates faster than the Windows world. I guess not. Windows 10 Mobile apparently has fixed this but for some reason Samsung + AT&T = slow updates.
  5. I was also excited to be able to “tap to pay” and I set this up on the phone quickly. I used it like twice and then….it’s so much faster to swipe a debit/credit card than to fumble with the phone! So while I always thought I was missing out in the Windows Phone world, I now realize that it’s not something I ever use when I do have the option to use it. I also tried Samsung Pay. I’m not sure what the point is other than their ability to mimic a card swipe on card readers that don’t support mobile payments. It just seems like so much more Samsung bloatware.

For all I know, Android 6 addresses all of my concerns.

Android does have all the apps. And where there is crossover with Windows Phone, Android has the better apps. So yes, there is an App Gap in the Windows Mobile 10 world. But based on my time with the S6, I’m convinced more than ever that Windows phones are a superior OS in almost every way and the only thing holding it back is the lack of apps. Before this experience, I was indifferent if Microsoft should allow Android apps to run on Windows phones. Now I am convinced that this has to happen.

Microsoft is taking the safe, less complicated route in trying to encourage vendors to easily compile to Windows Universal apps via various technologies such as Windows Bridge and their recent acquisition of Xamarin. But these still require app developers to have to do at least *some* coding to make their apps look right in the Windows world. Taking an .apk file and running it natively on a Windows phone requires absolutely zero effort on the developers part.

But then Microsoft would basically have to support two platforms – the existing Windows environment and then some semblance of an Android environment. Much like Amazon, I imagine Microsoft would have to bring up their own Android store and then certify that Android apps run correctly on Windows phones. But by doing this, the app gap will massively shrink overnight. Requiring effort from developers to recompile to Windows will help a little bit over time. But having spent three months using an Android phone, it’s more clear to me now than ever that Microsoft needs to get extremely aggressive in closing this app gap.

For reasons, I will be going back to Windows phone for at least next week as I will have to give up my Android phone at the end of this week.

And I couldn’t be happier about it.

Jan 24

Control Permitted Calls via Dial Plans

It is generally believed that you can control numbers users are permitted to call only by limiting the permitted numbers in the Route. If you want to only permit local numbers to be dialed for a user, you create a route that only permits local numbers, then assign that route to a PSTN Usage and a Voice Policy. You then assign that Voice Policy to a user and they can now only call local numbers.

However, you can accomplish the same thing by using Dial Plans. If a user dials a number that is not able to be normalized, the Skype for Business client will drop that call before it ever gets to the Route.

Below is a video demonstrating how the Dial Plan prevents calls from happening. In the video, I create a new Dial Plan and Route. The Route retains the default “permit all” regular Expression of .* yet calls are still dropped because the Dial Plan prevents calls from being placed.

I do not recommend using Dial Plans to limit the range of numbers that users dial. Instead you should continue using Routes.

Why?

Routes offer more flexibility in that they can be used in multiple PSTN Usages in order to accomplish things such as Least Cost Routing.

Also, you can update a route and have it replicated throughout your environment in about 5 minutes. While it also takes about 5 minutes to replicate an updated Dial Plan, it won’t take effect until users restart their client. That could take days or weeks for some users. (Or you could migrate all of your users to a different pool and migrate them back. That will forces re-signing in.)

And as soder pointed out in the comments, a clever user could just place a call by manually adding a “+” before their dialed number. Any call submitted with a “+” skips the Dial Plan if that call comes in via a non-Lync/Skype for Business client (as Mickael B pointed out in the comments though my clarification here is still a bit dodgy). If the backend route is the default .*, then that user could place any call he wanted regardless of what the Dial Plan is limited to.

Jan 06

Finding Unused PSTN Usages

I’m working on a little project to remove unused policies, dial plans, etc. frorm our Lync 2013 configuration. It’s all fairly straightforward to find policies with no users assigned to them. But PSTN Usages? Not so easy.

PSTN Usages are a bit of a weird construct in the Lync/Skype for Business world. Forget that many people have difficulty conceptualizing what they even do. Of concern here is that all PSTN Usages get wrapped up into one global object.

When you run Get-CsPstnUsage, you get the terse output seen below.

PS C:\Users\flinchbot> get-cspstnusage

Identity : Global Usage : {Nashville-National, Nashville-International, Indianapolis-National, Indianapolis-International…}

You can get more detail on the defined usages if you run something like this:

PS C:\Users\flinchbot> (Get-CsPstnUsage).usage
Nashville-National
Nashville-International
Indianapolis-National
Indianapolis-International
Bogota-National
Bogota-International
Munich-National
Munich-International
Helsinki-National
Helsinki-International
Nashville-PBX
Nashville-PSTN

This will give you the list of all of your defined PSTN Usages. But how can you tell if any of these are in use?

In order to find out if all of these are in use or not, I hacked together the below script. It grabs the list of usages then brute-force sees if that usage is defined in either a Voice Policy, a Voice Route, or in a Trunk Configuration. If it matches  any of these, then it is assumed that the PSTN Usage is in use. If it does not appear in any of the three, then the usage name is printed.

 
$PstnUsages = Get-CsPstnUsage
Foreach ($Usage in $PstnUsages.Usage)
{ 
    $vp = Get-CsVoicePolicy | ?{$_.PSTNUsages -contains $Usage}
    $vr = Get-CsVoiceRoute | ?{$_.PSTNUsages -contains $Usage}
    $tc = Get-CsTrunkConfiguration | ?{$_.PSTNUsages -contains $Usage} 
    If (!$vp -and !$vr -and !$tc) 
    { 
        write-host $usage 
    } 
}
 

For a one-liner you can use to find all voice policies that do not have a PSTN Usage defined, you can use this:

get-csvoicepolicy | ? {$_.PstnUsages.count -lt 1} | select identity,pstnusages

Dec 08

Speed Up your RGS Agents Sign In With EnableCrossSiteSignIn

12-4-11-call-centerIf you are using formal response groups, then each of your agents needs to go to a web page and sign in to make themselves available for that response group. For small and midsize organizations this is probably a pretty quick activity.

However, if you have a very large or very complex environment, it could take a very long time for this web page to open. The reason for this is that Lync/Skype for Business supports "cross-site sign-in". This means that an agent from Site A can sign in to a Response Group in Site B. However for this to work, the initial sign in web page needs to inventory all of the Response Groups in your whole organization. If you have a bucket load of RGS, this could take a very long time.

Snuck in to the latest Lync Cumulative Update (and probably the latest Skype for Business update but I can't verify it yet) is a configuration setting to prevent cross-site sign in. With this value set, all agents in a given site can only log in to Response Groups in that site.

This is a per-site setting and is enabled for all response groups in the site where this is set.

So if you want to disable cross site sign in for a site, how do you do it?

You need to edit the web config file for the internal and external websites for a given site. By default, that file is found in these two locations:

C:\Program Files\Microsoft Lync Server 2013\Web Components\Rgs\Clients\Ext\Web.config
C:\Program Files\Microsoft Lync Server 2013\Web Components\Rgs\Clients\Int\Web.config

(It's in the same path in Skype for Business, just replace "Microsoft Lync Server 2013" with "Skype for Business Server 2015")

Make a backup of the web.config file in case you screw something up.

Next, add the following snippet into the web.config file after the 'configSections' element. If you insert it before 'configSections', the Agent Tab page will always return 500 Internal Error.

                <appSettings>
                             <add key="EnableCrossSiteSignIn" value="False"/>
                 </appSettings>


Here is a screen shot showing a properly configured web.config file.

EnableCrossSiteSignIn

For good measure, go ahead and restart the "World Wide Web Publishing Service" after saving this change.

Also remember that you will need to do this on every Front End server individually for both the internal and external directories.

Nov 13

Take me to Your Leader and PinAuthType

06305827_take_me_to_your_leader_design_xlargeNew to Skype for Business Server is the PinAuthType setting. This is set via either the New-CsDialInConferencingConfiguration cmdlet or the Set-CsDialInConferencingConfiguration cmdlet.

PinAuthType can be set to two values:

  • "OrganizerOnly" – The system will no longer prompt the users to enter a leader PIN if an authenticated user has already activated the meeting.
  • "Everyone" – The system will prompt the users to enter a leader PIN even if an authenticated user has already activated the meeting.


A Skype for Business meeting does not become active until an authenticated user joins the meeting. Until an authenticated user joins, callers sit in limbo – which isn’t necessarily the Lobby if bypass the lobby is enabled for PSTN callers. This is to prevent external users from just dialing in to a meeting and starting to talk which could help prevent meeting fraud.


An authenticated user is anyone who belongs to your organization and logs in with their Skype for Business/Lync client or someone who dials in and enters their extension and PIN via the phone. In other words, a user who is configured in your Skype for Business environment must join a meeting to activate it. What PinAuthType does is to remove the prompt for leader credentials after one authenticated user has joined the meeting.


To clarify this setting further, consider the following example where "OrganizerOnly" is the PinAuthType.

  • Alice is the first person to join the meeting.  She dials in from her mobile phone and provides the conference ID.  She gets prompted "If you are the leader, please press * now". But since she is not the organizer she just waits on the line.
  • Bob joins next by dialing in.  He enters the Conference ID and then also provides his extension and PIN when prompted.  He is now an authenticated user in the meeting.  As soon as he joins, Alice is admitted into the meeting as well.  Alice and Bob can now talk to each other.
  • Charlie is the last person to join the meeting.  He dials in and provides his Conference ID.  He does not hear the "If you are a leader…" message due to the PinAuthType setting.

Setting PinAuthType to OrganizerOnly enables this feature. Setting PinAuthType to Everyone keeps the default setting where every caller is asked if they are a leader.

 

Oct 30

Statistics Manager PowerShell Module

While troubleshooting one of my Statistics Manager agents that wouldn't connect to the Statistics Manager service, I was missing PowerShell. I ended up having to manually dig up the config files to ultimately find my error (Missed the port on the Statistics Manager URI).

So I wrote a fairly simple PowerShell Module to help manage a Statistics Manager Agent.

Here are the cmdlets that exist in the module:

Get-CsSMSettings

  • Lists the current Agent configuration

Get-CsSMPassword

  • Shows the current encrypted password. Compare this with another working agent to see if you typed in the password wrong during install.

Set-CsSMListenerURI

  • Along with the "-ListenerURI" parameter, changes the current ListenerURI. The ListenerURI is the path to the Statistics Manager server, such as https://stats.flinchbot.com:8443/

Set-CsSMThumbprint

  • Along with "-Thumbprint" parameter, changes the current thumbprint. This is useful if you change your Statistics Manager certificate or copied the thumbprint wrong while running the install.

Restart-CsSMAgent

  • Restarts the Skype for Business StatsMan PerfAgent. Useful to run after changing the Thumbprint or ListenerURI.

To use this module, copy it somewhere on your server. Be sure that your PowerShell ExecutionPolicy is set to unrestricted as this isn't a signed PowerShell module/script. https://technet.microsoft.com/en-us/library/ee176961.aspx

Open a PowerShell windows as Administrator.

Type the following into the PowerShell window:

Import-Module c:\temp\StatsManager.psm1

(Assuming you copied the module to c:\temp)

At that point it should work fine.

Please leave feedback. Feel free to update it or suggest improvements.

You can download the module by clicking on this link.

I will be updating this soon to support variable paths so that it will run against remote servers. I'v eintended to do that this week but I've been to busy to get that done. I probably won't get to it for a week or so. Therefore I went ahead and released it now.

Oct 08

Mobile Discovery and Authentication Communication Flow

There isn't a lot of detailed documentation about what happens with Lync/Skype for Business mobility during the autodiscover phase. This article will detail how the mobile client eventually gets connected to the correct pool, especially if you have Directors or multiple pools in your environment.

I won't dig into the autodiscover process from the DNS standpoint. Several other articles have been written about that:

  1. Jeff Schertz 1
  2. Jeff Schertz 2
  3. Rune Dyrhaug Stoknes

In a nutshell, the UCWA (mobility) URL is obtained by Lync Mobile client as below
1. Lync 2013 Mobile client sends HTTP GET request to obtain the UCWA URLs
2. Client receives 401 Unauthorized response
3. Client authenticates again with Web Ticket
4. Client receives response with the UCWA URL

In the below example, the mobile client is out on the Internet somewhere. The user testuser@flinchbot.com is trying to login via the mobile client. The testuser@flinchbot.com account is homed on the Lync pool in Europe. 

After performing the DNS lookup, the mobile client is given a URL to a Director Pool in the United States. The Director Pool belongs to a Lync Pool in the US. Therefore, the next steps are the Director forwarding the request to the US pool to assist in finding the users home pool. (If you don't have a Director, this step would be skipped and you would connect directly to the Front End pool in the US.) The US Front End pool determines that the user is homed on a pool in Europe. The client gets redirected to that pool. After an authentication cycle, the client is given the direct public URL to login to the mobility service on the pool in Europe.

Remember that the first step is Autodiscover. This must happen before you actually connect to the Mobility service. This is why the process gets repeated on the Europe Pool. You need to "autodiscover" the URL for the Mobility service in Europe. The below diagram shows how autodiscover and the mobility service work together.

 autodiscover mobility

Below is a Visio diagram showing the detailed negotiation that happens. The diagram is broken in to three sections to help show to which server the mobile client is communicating with in each step.

Further down are log files from a capture of this activity showing the specific details returned during each step of the process.

mobility1

1. The client constructs the discover URL and sends an HTTP GET request

INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1905:Successfully started the GetUserUrlOperation request for https://lyncdiscover.flinchbot.com/?sipuri=sip:testuser@flinchbot.com

2. The client receives URLs in response to the HTTP GET

INFO TRANSPORT TransportUtilityFunctions.cpp/1116:<ReceivedResponse>
GET https://lyncdiscover.flinchbot.com/?sipuri=sip:testuser@flinchbot.com
Request Id: 0515498C
HttpHeader:Cache-Control no-cache
HttpHeader:Content-Length 1137
HttpHeader:Content-Type application/vnd.microsoft.rtc.autodiscover+xml; v=1
HttpHeader:Date Tue, 18 Aug 2015 20:07:30 GMT
HttpHeader:Expires -1
HttpHeader:Pragma no-cache
HttpHeader:Server Microsoft-IIS/8.0
HttpHeader:StatusCode 200
HttpHeader:X-AspNet-Version 4.0.30319
HttpHeader:X-Content-Type-Options nosniff
HttpHeader:X-MS-Server-Fqdn Lync1.us.flinchbot.com
HttpHeader:X-Powered-By ASP.NET
<?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><Root><Link token="Domain" href="https://webext.us.flinchbot.com/Autodiscover/AutodiscoverService.svc/root/domain?originalDomain=flinchbot.com" /><Link token="User" href="https://webext.us.flinchbot.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=flinchbot.com" /><Link token="Self" href="https://webext.us.flinchbot.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=flinchbot.com" /><Link token="OAuth" href="https://webext.us.flinchbot.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=flinchbot.com" /><Link token="External/XFrame" href="https://webext.us.flinchbot.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://dirpoolweb.us.flinchbot.com/Autodiscover/XFrame/XFrame.html" /><Link token="XFrame" href="https://dirpoolwebext.us.flinchbot.com/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
</ReceivedResponse>

3. The client uses that response to make a request to the discovered external web URL to retrieve the home pool information. 

INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/224:UcwaAutoDiscoveryGetUserUrlOperation completed with url = https://lyncdiscover.flinchbot.com/?sipuri=sip:testuser@flinchbot.com, userUrl = https://webext.us.flinchbot.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=flinchbot.com, status = S0-0-0)

4. The client receives a 401 Unauthorized response with Web Ticket Service location in the header

INFO TRANSPORT TransportUtilityFunctions.cpp/1116:<ReceivedResponse>
GET https://webext.us.flinchbot.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=flinchbot.com
Request Id: 0507771C
HttpHeader:Cache-Control no-cache
HttpHeader:Content-Length 1293
HttpHeader:Content-Type text/html
HttpHeader:Date Tue, 18 Aug 2015 20:07:30 GMT
HttpHeader:Server Microsoft-IIS/8.0
HttpHeader:StatusCode 401
HttpHeader:Strict-Transport-Security max-age=31536000; includeSubDomains
HttpHeader:X-Content-Type-Options nosniff
HttpHeader:X-MS-Server-Fqdn Lync1.us.flinchbot.com
HttpHeader:X-MS-WebTicketSupported cwt,saml
HttpHeader:X-MS-WebTicketURL https://dirpoolwebext.us.flinchbot.com/WebTicket/WebTicketService.svc
HttpHeader:X-Powered-By ASP.NET
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">

 

5. The client submits a request to the Web Ticket Service to retrieve the metadata exchange document (MEX). The client submits a Request Security Token to Web Ticket Service and supplies credentials.

INFO TRANSPORT CMetaDataManager.cpp/488:Sending Mex request for endpoint (https://dirpoolwebext.us.flinchbot.com/WebTicket/WebTicketService.svc) w/ sign-in name (testuser@flinchbot.com)
INFO TRANSPORT CMetaDataRequest.cpp/90:MEX response received.
2015-08-18 16:07:18.071 Lync[4844:1844] INFO TRANSPORT CWebTicketSession.cpp/564:Received webticket resposne with status S0-0-0)
2015-08-18 16:07:18.076 Lync[4844:1844] INFO TRANSPORT CWebTicketSession.cpp/668:New web ticket obtained

6. The client makes a request again to the https://dirpoolwebext.us.flinchbot.com/Autodiscover/Autodiscover.svc/root/user to retrieve specific user home pool information and provides the web ticket.

INFO TRANSPORT CBindingTransformationFactory.cpp/259:Using endpoint address https://dirpoolwebext.us.flinchbot.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=flinchbot.com as the server address
INFO TRANSPORT TransportUtilityFunctions.cpp/735:<SentRequest> GET https://dirpoolwebext.us.flinchbot.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=flinchbot.com Request Id: 0515498C HttpHeader:Accept application/vnd.microsoft.rtc.autodiscover+xml;v=1 HttpHeader:X-MS-WebTicket XXXXXXX </SentRequest>

7. The client gets the home pool information  

INFO APPLICATION CUcwaAppSession.cpp/1235:Updating URLs. For Ucwa: discoveredFqdn=https://webext.eu.flinchbot.com, applicationsRelativeUrl=/ucwa/v1/applications, configuredInternal=, configuredExternal=, loc=1, auto-discovery=1   

8. Client sends a request to the discovered home pool to get the UCWA URLs  

INFO TRANSPORT TransportUtilityFunctions.cpp/735:<SentRequest> GET https://webext.eu.flinchbot.com/ucwa/v1/applications Request Id: 05143B44 HttpHeader:Accept   </SentRequest>

9 and 10. The client repeats authentication steps against their home server.

11. Lync Autodiscover responds with the internal and external Lync services URLs for the user's home pool.

INFO TRANSPORT TransportUtilityFunctions.cpp/1116:<ReceivedResponse>
GET https://dirpoolwebext.us.flinchbot.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=flinchbot.com
Request Id: 0515498C
HttpHeader:Cache-Control no-cache
HttpHeader:Content-Length 2286
HttpHeader:Content-Type application/vnd.microsoft.rtc.autodiscover+xml; v=1
HttpHeader:Date Tue, 18 Aug 2015 20:07:31 GMT
HttpHeader:Expires -1
HttpHeader:Pragma no-cache
HttpHeader:Server Microsoft-IIS/8.0
HttpHeader:StatusCode 200
HttpHeader:Strict-Transport-Security max-age=31536000; includeSubDomains
HttpHeader:Via 1.1 Lync1.us.flinchbot.com RtcExt
HttpHeader:X-AspNet-Version 4.0.30319
HttpHeader:X-Content-Type-Options nosniff
HttpHeader:X-MS-Server-Fqdn LyncServ1.eu.flinchbot.com
HttpHeader:X-Powered-By ASP.NET

<?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><User><SipServerInternalAccess fqdn="pool.eu.flinchbot.com" port="5061" /><SipClientInternalAccess fqdn="pool.ee.flinchbot.com" port="5061" /><SipServerExternalAccess fqdn="sip1.flinchbot.com" port="5061" /><SipClientExternalAccess fqdn="sip1.flinchbot.com" port="443" /><Link token="Internal/Autodiscover" href="https://poolweb.eu.flinchbot.com/Autodiscover/AutodiscoverService.svc/root" /><Link token="Internal/AuthBroker" href="https://poolweb.eu.flinchbot.com/Reach/sip.svc" /><Link token="Internal/WebScheduler" href="https://poolweb.eu.flinchbot.com/Scheduler" /><Link token="Internal/CertProvisioning" href="https://poolweb.eu.flinchbot.com/CertProv/CertProvisioningService.svc" /><Link token="External/Autodiscover" href="https://poolwebext.eu.flinchbot.com/Autodiscover/AutodiscoverService.svc/root" /><Link token="External/AuthBroker" href="https://poolwebext.eu.flinchbot.com/Reach/sip.svc" /><Link token="External/WebScheduler" href="https://poolwebext.eu.flinchbot.com/Scheduler" /><Link token="External/CertProvisioning" href="https://poolwebext.eu.flinchbot.com/CertProv/CertProvisioningService.svc" /><Link token="Internal/Mcx" href="https://poolwebext.eu.flinchbot.com/Mcx/McxService.svc" /><Link token="External/Mcx" href="https://poolwebext.eu.flinchbot.com/Mcx/McxService.svc" /><Link token="Ucwa" href="https://poolwebext.eu.flinchbot.com/ucwa/v1/applications" /><Link token="Internal/Ucwa" href="https://poolweb.eu.flinchbot.com/ucwa/v1/applications" /><Link token="External/Ucwa" href="https://poolwebext.eu.flinchbot.com/ucwa/v1/applications" /><Link token="External/XFrame" href="https://poolwebext.eu.flinchbot.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://poolweb.eu.flinchbot.com/Autodiscover/XFrame/XFrame.html" /><Link token="XFrame" href="https://poolwebext.eu.flinchbot.com/Autodiscover/XFrame/XFrame.html" /><Link token="Self" href="https://poolwebext.eu.flinchbot.com/Autodiscover/AutodiscoverService.svc/root/user" /></User></AutodiscoverResponse>
</ReceivedResponse>
INFO APPLICATION CUcwaAppSession.cpp/1235:Updating URLs. For Ucwa: discoveredFqdn=https://poolwebext.eu.flinchbot.com, applicationsRelativeUrl=/ucwa/v1/applications, configuredInternal=, configuredExternal=, loc=1, auto-discovery=1

Older posts «