Lync 2013 / 2010 – Public Edge Certificate missing its private key

Quote

Recently i have seen the issue of your public cert missing its key on import. The situation is when you create the required .req for your public certificate on edge you send the details off to the certificate authority of choice. Once they create and return the .crt file and the necessary trusted root and intermediate certs you import them into the Lync edge server only to find that the ‘sip.<domainname>.com’ cert is missing its private key.?

Why would this be the case when you originally generated the request on the Lync edge server? At this moment the only reason i can see is if another certificate with the same name has previously been imported onto the server. Apart from them i cannot find any other logical reason for why sometimes the newly imported certificate misses the private key.

if you are in this position, the simple fix to the cert is as follows

– On the imported certificate without the private key, double click the cert to show the information associated with it. Click on the details tab and look for the field called ‘Serial’. Copy the serial key into notepad and remove the spaces below the unique code. ie

WAS 5a 12 6e 7e ee 11  AMENDED 5a126e7e11

now still on the edge server open command prompt and type the following

certutil –repairstore my <Amended unique serial number>

eg: certutil –repairstore my 5a12637e11

press enter to commit it.

you will then be presented to information and also confirmation that the update has been successful.

now if you go into the certificate store and refresh you will see the certificate will now have the private key within it.

At this point you can go back to your Lync deployment wizard and assign the public cert to your edge server.

Job Complete

Thanks

Iain S

Advertisements

Lync 2013 – Creating Custom Lync Reports within Monitoring

Quote

Hello All

I haven’t seen much around guides on how to create custom reports for Lync 2013 so i thought it would be good to share the mechanisms on how to do this with the native Monitoring reporting tool which can be co-located with the Lync 2013 frontend.

For this guide I’m running a Lync 2013 Frontend patched upto CU version January 2014, and SQL Server 2012r2.. All servers are running windows 2012r2 and patched unto date.

Step 1.

Ensure the current reports are working as expected

1

Next step is to go to the SQL Server you provisioned and open up internet explorer and navigate to the reports path/URL for this demo that would be 

http://lync2013sql/reports_LYNCARCHMON

Also if you are unsure you can find the path required by going into the SQL Reporting Services configuration Manager and selecting reporting Manager (as below)

2

ok now we have navigated to our browser page lets select the report builder option.

3

NOTE: Depending on your original setup up, you might have to download and install the actual report builder application. (you will be prompted for this download if you haven’t already got it installed.)

Once installed or when the new dialog appears – Now select ‘new report’ as this is what we are wanting to do.

4

Once you’ve selected the table wizard, accept the default dataset ‘create a dataset’ and click next. 

Now you will be promoted for a data source, for Lync we need to browse to the data source down the tree.

5

select it and click ok. then do a quick test connection for clarity. now select Next, and when prompted add the credentials of your ‘privileged’  user account

6

 

Once you’ve added this information, you will be presented with a dialog which is called design a query. In this you can create your own report based on the information held within the Monitoring database. (everything), NOTE: it would be worth getting hold of the Lync 2013 database schema to understand all the tables available to interrogate.

for this demo, I’m going to select a stored procedure calls GetSCOMAlertData. this store procedure in the report and information which is passed to the SCOM application for reporting. 
in this scenario you don’t need SCOM, but you can get reports on what information would have been passed. I find this useful for monitoring your Lync environment. 
Also you could if you already had a reporting tool ie: Crystal Reports data mine your own information onto a crystal report and interact with other internal system databases.

7

 

On the arrange fields page drag and drop the required fields into the rows and columns 

8

 

on the next couple of pages select your layout and style and select next/finish

once this is complete you can select the ‘Run Report’ button to see your finished result. If your not happy you can go back and redesign the report as you wish.

9

 

Once you’ve tweaked your report to suit, no select save and navigate to the lyncserverreports folder and give your report a name and select save

10

now if you go back to your browser and select the original reporting path, you will see your newly created report within to select

11

 

Thats it. 

As i say there is a whole raft of information available to report on, so before you start i would suggest you have the report requirements at had and also have a good understanding of where within the CDR database that information is stored.

 

thanks again

 

 

Sonus SBC setup and Configuration VIDEO guide to Lync 2013, including PureIP SIP Trunking, T1/E1 Configuration

Quote

Hello All

Its been a couple of weeks since my last video guide. On request from other people within the UC community it was requested that i complete a installation guide around Sonus’s SBC Media Gateway appliance.

In this video guide details information on how to configure the gateway with a SIP trunk. (courtesy of PureIP). http://www.pure-ip.com and also connection with T1 and E1 trunks.

NOTE: For those people who are interested in the T1/E1 element only this start 54 minutes

Please leave any comments of feedback as well as further guides which you might like to see.

 

 

Lync 2013 – Force the Lync client to always ‘show User Picture’ – video guide

Quote

Good Morning

This blog post and video guide describes how to force the Lync 2013 client to always show the end users Lync picture even after the user might have changed the setting not to show the picture.

pic1

To but a little bit of background around this, as with Lync 2010, Lync 2013 does not have the ability to block or stop a user from deselecting the option of showing their Lync picture.  This picture element is something I’m asked many times while working with customers.

I know this is something which we all would like as a option but as of today and as far as I’m aware this isn’t something close to Microsoft’s heart in fixing or providing a solution.

Also to confirm there isn’t any policies you can assign OR and registry setting to can associate to block the user changing their setting. So what solution and where is this setting stored….. Well its not in the xds database and actually its started within the front ends rtclocal database.

So to confirm before you go any further in the blog, I’m pretty certain that this solution will be one thats unsupported from Microsoft and also one that as we are going to change the rtclocal will be seen as a ‘borderline’ hack. Also i would like to point out I’ve ran this within my lab without issue for sometime, however i would suggest you test it within your lab area before you embark on using it in your production environment. <remember I hold no responsibility> 🙂

Ok no the small print is out of the way, what is the fix.. ?? Within the rtclocal there is a table called publishedstaticinstance which has a field that holds a massive binary value. As part of the challenge is to convert the binary into something thats readable and something we can update

pic2

Under the covers what this binary code states is DisplayADPhoto true/false.

So as part of the update we change for the status and update accordingly when the status is false.

As this is running on rtclocal, the way the guide runs this is via a scheduled task running a .ps1 powershell command. Also the SQL only checks the last 15 minutes of changes to reduce locks and database processing. Also the scheduled task I’ve created runs every 15 minutes so with the two you will never be out of sync with what a user is doing. (you could run this script more regular than every 15 minutes but given the requirement i think 15 is a good medium to use).

As for the SQL command some thanks go out to the tech net community as understanding the converts within the SQL was a slight challenge.

PS1. Script

function Enable-UserPhotos ($Domain, $OffSet) {(Get-CsPool (Get-CsComputer “$(hostname).$Domain”).Pool).Computers | % {Invoke-Sqlcmd -Query “update rtc.dbo.PublishedStaticInstance Set Data = CONVERT(image,convert(varbinary(4000),REPLACE(convert(varchar(4000),convert(varbinary(4000),Data)),'<displayADPhoto>false</displayADPhoto>’,'<displayADPhoto>true</displayADPhoto>’))) where [LastPubTime] >= DATEADD(mi,-$($OffSet),getdate()) AND convert(varchar(4000),convert(varbinary(4000),Data)) like ‘%<displayADPhoto>false</displayADPhoto>%’;” -ServerInstance “$($_)\RTCLOCAL”}
} Enable-UserPhotos -Domain ‘your domain name here’ -OffSet 15

KEY TAKEAWAYS

Remember the script is changing the rtclocal database on the fronted and this will be seen as not supported by microsoft.!

Video guide below.

Thanks!

Iain Smith

Lync 2013 – Adding an Trusted Application using Johan’s SefaUtil GUI as the Demostration

Quote

Hello All

This blog post details how you would go about adding a trusted application to your Lync 2013 topology.

For this example I’m going to add the trusted application built by Johan Veldhuis which allows for configuration of the SefaUtil commands at a GUI level.

For the people who are unaware of what the Sefautil is. This is the extension features which is part of the Lync 2013 resource kit which allows for remote configuration of users call forwarding, sim ringing and call pickup group option. So essentially you can administer a users settings without whiteout actually visiting the users desk.

Johan has created a great utility which is GUI based as apposed to the powershell commands which is default to the sefautil running.

You can find details on Johan GUI here. http://johanveldhuis.nl/en/sefautil-gui/

ok back to the trusted application piece. Creating a trusted application is the same process contrary to what the software application is which you are wanting to use.

Starting the trust..

STEP 1

Creating the new trusted application pool. For this we do need to initially run some powershell commands to get us going, but before we do that we need to find some information about our pool to add to the powershell command. to do this we need to run the following  PS Command

– Get-CsSite

New-CsTrustedApplicationPool -id <Pool FQDN> -Registrar <Pool Registrar FQDN> -site Site:<Pool Site>

eg: New-CsTrustedApplicationPool -id lyncse.northernlync.local -Registrar lyncse.northernlync.local -site Site:1

Once this has successfully completed, we then need to run our second powershell command

New-CsTrustedApplication -ApplicationId sefautil -TrustedApplicationPoolFqdn <Pool FQDN>  -Port 7489

eg: New-CsTrustedApplication -ApplicationId sefautil -TrustedApplicationPoolFqdn lyncse.northernlync.local  -Port 7489

Note: you will be prompted at both PS commands to run the enable-cstopolgy command. its at this point now you need to run it

Enable-CsTopology

STEP 2

We are now complete with the Lync management shell and the powershell commands for setting up a trusted application. (its also worth noting if you went into your Lync control panel or the Lync topology the application trust will now be showing within these areas)

So to complete our blog now we need to download the sefautil.exe which is part of the Lync 2013 resource kit which can be found here http://www.microsoft.com/en-gb/download/details.aspx?id=36821

go ahead and install it using the default locations etc. <default location \Program Files\Microsoft Lync Server 2013\Reskit.>

STEP 3

Now lets check that our commands do actually work from a cmd line approach. To do this we need to open up the normal command prompt but as Administrator and navigate to the default location path of the sefautil. (ABOVE Path).

Once you are within the Reskit folder run this command line

SEFAUtil.exe <user SIP address> /server:<Lync Server/Pool FQDN>

eg: SEFAUtil.exe iain.smith@northernlync.co.uk /server:lyncse.northernlync.local

Running this will bring back the current call settings for the user.

STEP 4

Now the final piece of running Johan’s SefaUtil GUI.

to do this we need to head back to the Lync Management shell as Administrator and select Johan’s Powershell script. To do this navigate to the script (NOTE: you need to unzip the .zip file first)

Once your with the folder where the .ps1 file is located run the following command

start-sefautil -pool poolfqdn

eg: start-sefautil -pool lyncse.northernlync.local

<You will/might be prompt for a execution policy issue before the .ps1 will run.> If you are type this command set-executionpolicy Unrestricted. Then run the .ps1 command again.

2

Once the GUI is open you will have the ability to administer your users call settings.

1

3

Thank you for looking and below is the videoCast of me doing the above in my lab.

AND massive thanks from the Lync Comminitity goes to Johan for the excellent SefaUtil GUI.! You can find more information about Johan and the things he’s working on at his blog site.  http://johanveldhuis.nl/

Regards

Iain Smith

Lync 2013 – Ferrari Virtual SBC ‘Video’ Installation Guide against SIP trunk from PureIP

Quote

Hello All

Following the news from Ferrari that the new Virtual SBC OfficeMaster Gateway was available as a trial, i thought i would take the opportunity of deploying and configuring the gateway with connection to my SIP trunk via Provider PureIP.

Instead of the normal line by line installation guide, this time around I’ve completed a video guide of the actual installation and also the call testing.

The video was recorded using software, cam studio and the audio was captured using a Plantronic Blackwire 710 headset

Details about the Ferrari Electronics company can be found here http://www.ferrari-electronic.com/en/products/officemaster-gate.html 

For a trail installation of the Ferrari Office Master gateway you need to contact Ferrari at info@ferrari-electronic.de

Details about SIP trunk provider PureIP can be found here. http://www.pure-ip.co.uk

Key takeaways for me was the gateway is different to other vendor gateways whereas with the Ferrari appliance you complete the configuration via a GUI rather than a webpage portal to the appliance. The configuration was straight forward and nothing to taxing. One thing of interest to me was the gateway can work in a single NIC mode or in dual NIC mode for hand off between NICs. (Similar to how an Lync Edge server hands over from the internal NIC to the External NIC).

Also i think there is a wording issue on the tabs while setting up the routing as one tab says ‘Calls from ISDN’ when in fact it should say ‘Calls to ISDN’.

All in all, i was really pleased with the setup and installation of the gateway, and i look forward to getting my hands on the new physical appliance being released in Q1 2014.

Below is the the video installation setup.

Thanks Iain Smith – NorthernLync