Script: Find-CsLineUri

Often I need to find a certain LineUri in Lync. LineUris are most of the time configured on users, so a simple

Get-CsUser -filter {LineUri -like "tel:<e164number>*"}

will give you the result you are looking for. But a user is not the only object in Lync that can have a LineUri, and if you in addition don’t know what object has the LineUri you might need to search through all the objects. This script does just that. Sort of an opposite to Ståle Hansens List-UnusedNumbers.ps1.

The script will also list all objects that have that LineUri, so it is useful in the situations where you have managed to get the same LineUri on two objects and are getting “SIP/2.0 485 Ambiguous” errors on calls. Normally, if you try to give an object a LineUri that is already configured it will throw a powershell error, but there are situations where it doesn’t pick up on it, especially when using the ;ext=1234 addition to the LineUri.

Lync reports a SIP 485 Ambiguous and a Diagnostic ID 4199 "Multiple users associated with the target phone number"

Lync reports a SIP 485 Ambiguous and a Diagnostic ID 4199 “Multiple users associated with the target phone number”

Download Find-CSLineUri.zip or copy the sourcecode:

####################################################################################################
# Find-CsLineUri.ps1
#
# Lists all objects with a given LineUri
#
#
# Passing parameters:
# .\Find-CsLineUri.ps1 +4712345678
#
# Written by Tom-Inge Larsen (http://www.codesalot.com)
#
####################################################################################################
param($getlineuri)

Function ListContents
{
    Param($Heading,$list)

    Write-Host $Heading
    Write-Host "--------------------------------------------------"
    Write-Host

    foreach ($object in $list) {
       $object
    }
}

clear-host

write-debug $getlineuri

$getlineuri = "tel:" + $getlineuri + "*"

Write-debug $getlineuri

$csusers=Get-CsUser -Filter {LineURI -like $getlineuri} | Select-Object SipAddress,LineURI | out-string -stream
$csuserspl=Get-CsUser -Filter {PrivateLine -like $getlineuri} | Select-Object SipAddress,PrivateLine | out-string -stream
$csanalogs=Get-CsAnalogDevice -Filter {LineURI -like $getlineuri} | Select-Object SipAddress,LineURI | out-string -stream
$cscaps=Get-CsCommonAreaPhone -Filter {LineURI -like $getlineuri} | Select-Object SipAddress,LineURI | out-string -stream
$csums=Get-CsExUmContact -Filter {LineURI -like $getlineuri} | Select-Object SipAddress,LineURI | out-string -stream
$csdialins=Get-CsDialInConferencingAccessNumber -Filter {LineURI -like $getlineuri} | Select-Object PrimaryUri,LineURI | out-string -stream
$cstrusteds=Get-CsTrustedApplicationEndpoint -Filter {LineURI -like $getlineuri} | Select-Object SipAddress,LineURI | out-string -stream
$csrgses=Get-CsRgsWorkflow | Where-Object {$_.LineUri -like $getlineuri} | Select-Object PrimaryUri,LineURI | out-string -stream

if ($csusers -ne $null){ListContents -Heading "User" -list $csusers}
if ($csuserspl -ne $null){ListContents -Heading "Private Line" -list $csuserspl}
if ($csanalogs -ne $null){ListContents -Heading "Analog Device" -list $csanalogs}
if ($cscaps -ne $null){ListContents -Heading "Common Area Phone" -list $cscaps}
if ($csums -ne $null){ListContents -Heading "Exchange UM Contact" -list $csums}
if ($csdialins -ne $null){ListContents -Heading "Dial-in Conference Number" -list $csdialins}
if ($cstrusteds -ne $null){ListContents -Heading "Trusted Application Endpoint" -list $cstrusteds}
if ($csrgses -ne $null){ListContents -Heading "Response Group Workflow" -list $csrgses}

Making Office Web Apps Server private

After installing the WAC server following this or another guide, we also normally publish the WAC server through the same reverse proxy method as we do the other Lync web services – using the DNS name that we configured when we created the farm.

If you publish the WAC server this way without doing anything else it will work the same way for users on the internet as it does for the internal users and we might be content with that. But should we?

My colleague Marjus made this post a little while back on how to limit the access to the WAC services only to servers from your domain. If you don’t do this you’re basically publishing the WAC server as a public service that anyone can add to topology builder and use as the WAC server in their own Lync environment.

So, if you want to keep your WAC server for yourself, remember to add all domains where you host servers that should be able to use the WAC server to the allow list by using the New-OfficeWebAppsHost Cmdlet. The wildcard * is assumed on all domains in the allow list, so subdomains are supported automatically. You only need to add the server domain(s), not necessarily the same as the SIP domain(s).

New-OfficeWebAppsHost -Domain "contoso.com"

Powerpoint presentations not working externally

I just had a problem with powerpoint presentations in Lync 2013 that behaved strangly.

All internal users could share and view powerpoints as they should, but all external users and guests could not. It behaved the same way in Lync 2013 clients as in the web app. It would just show “connecting” or “Waiting for the presentation to begin” before failing with a message that the network had gone down or the server was busy. There were no errors logged on the WAC server and no failures recorded on the monitoring database. I could also reach the https://wacserver.contoso.com/hosting/discovery through the TMG rule. Really weird.

After a bit of googling I found a forum post on technet where someone referenced a setting on the HTTP filter called “Verify Normalization”. The setting is found on the “Traffic” tab on the rule, like this:

Verify Normalization

Unticking this box solved the issue.

The rule is explained here, but it is basically a security mechanism that blocks URLs containing % sign if they are double encoded in the URL, although they can end up blocking legitimate traffic as well which is the case here. I do not know if this is a bug in WAC/OWAS or if it is by design though. Removing “Verify Normalization” from the rule will solve the issue in any case.

The URL the clients were accessing looked something like this, and contains a lot of url encoded characters.

https://lync-app.domain.no/m/Presenter.aspx?a=0&e=true&WopiSrc=https%3A%2F%2Flync-fe1.domain.no%2FDataCollabWeb%2Fwopi%2Ffiles%2F9-1-2C3E7AD&access_token=AAMFEOV5-KFUGNRfrclZBRMAVS8GEC3yB9HdElYrtUpQ8UkEs2KBEOV5-KFUGNRfrclZBRMAVS-CAr65gyAPlwe3U3NwCIa-PNE_Q7U3BPbx_s-yipQjZy9FKfOs04YIc2BBOb2J0AgIDURhdGFDb2xsYWJXZWI&<fs=FULLSCREEN&><rec=RECORDING&><thm=THEME_ID&><ui=UI_LLCC&><rs=DC_LLCC&&gt

Garbled but readable text on the Store page when installing Windows 8.1 Preview

Help! I’m trying to install Windows 8.1 preview, but the store page looks like someone is hacking me! Like this:

Screenshot (8)

Fear not, this is called Pseudolocalization and happens because Store is not yet available in your language locale. This locale is tied to your Microsoft Account profile, not your OS language.

Handling SimpleURLs and Reverse Proxy during migration

I’ve thought about writing this post for a while, as the topic isn’t really covered very well in the Lync 2013 migration documentation. The issue is also only relevant when migrating from Lync 2010 to Lync 2013.

The scenario is this: You are doing a migration from Lync 2010 to Lync 2013. You are following the migration steps provided in the migration documentation, and have planned and prepared your migration, deployed a pilot pool and moved some pilot users to Lync 2013. Internally everything is working as it should,  all modalities are working and conferencing works via the meeting join page using simple urls regardless of which server the user is on.

Now, most of the deployments I do are not large enough that it is needed to use more than one FE pool and for external access one Edge pool and one reverse Proxy. Because of this, most of the conferencing going on is involving external participants. This means that modalities and meeting join needs to be working for the pilots in external scenarios as well. The next step in the migration documentation covers some of this with the deployment of the Edge server. This will handle the peer to peer modalities, but what about the simple URLs?

If you try to reuse the existing reverse proxy rules, you will end up in one of these situations:

  1. You keep the rule as it is, pointing toward the Lync 2010 pool
    If you do this, simple URLs and meeting join will continue working for meetings created by the Lync 2010 users. But if someone external tries to join a meeting created by one of the pilot Lync 2013 users, they will be met with a page saying “Sorry, something went wrong, and we can’t get you into the meeting.” and if you click on “more info” you will get en error saying “Error:Invalid Conference organizer or Conference ID” like this:
    meetingjoinerror
    The Lync 2013 pilot users will also not be able to log in via the mobile client.
  2. You change the rule, pointing it toward the new Lync 2013 pool
    If you do this, everyting will work as it should for the Lync 2013 users. But if someone tries to join a meeting created by one of the Lync 2010 users, they will be met with an ordinary IIS “404 not found” page
    404

Both of these solutions are not really wanted in a normal migration, so what do we do then? The solution is to handle it as a normal multiple pool deployment. This is as it turns out not really well documented in the TechNet library, but on the Request and Configure a Certificate for Your Reverse HTTP Proxy page there is a note saying this:

If your internal deployment consists of more than one Standard Edition server or Front End pool, you must configure web publishing rules for each external web farm FQDN and you will either need a certificate and web listener for each, or you must obtain a certificate whose subject alternative name contains the names used by all of the pools, assign it to a web listener, and share it among multiple web publishing rules.

This means that you will need to deploy a new reverse proxy publishing rule for the new Lync 2013 Pool with a different DNS name for the external services. The rule will also need to use a certificate that contains all the simple URL names in addition to the new name for the external web services and lyncdiscover. This will in most cases create a need for a new public certificate for this new rule.

By doing this Lync is able to redirect the traffic to the webservices between the reverse proxy rules as it does on the inside, and all functionality should be available for both existing Lync 2010 users and the Lync 2013 pilot users.

Lync 2013 Event Error 21054

All the Lync server 2013 environments I’ve deployed so far is giving Event ID 21054 from LS Address Book Server once a day. It also happens when you run Update-CsAdressBook.

Users are not indexed in the database that should be

Users are not indexed in the database that should be

I wondered what it was, and found it in the release notes for Lync Server 2013. Turns out that the issue can be safely ignored as long as the update is successful. You can also check the replication by running


Debug-csAddressBookReplication -Poolfqdn <Pool FQDN for which the event was generated>

which should give you an output like this:

As long as “Objects not indexed that should be” and “Abandoned Objects” are zero, the database is okay.

Also, if using SCOM, the Key Health Indicator (KHI) “Address Book Users Correctly Indexed” should be turned off for the pool.

Lync Server 2013 release notes:

http://technet.microsoft.com/en-us/library/jj205120.aspx

Script: Create live tiles that changes power scheme

After i got my Surface Pro, I’ve more often than before found myself needing to change between power schemes. On my laptop, I’ll usually set it to “Max performance” and just leave it there, but on the Surface it’s necessary to conserve power a bit more.

I’ve thought about making a live tile to do this, so I wrote a PowerShell script that will create one live tile for each configured powerscheme on the machine and pins it to the start screen. The code is based on a codesample for creating shutdown tiles, and this ScriptingGuy post. The script needs to be run as Administrator. Enjoy!

Download Create-PowerSchemeTiles.zip or copy the sourcecode:


#requires -Version 3.0

#####################################################################################
# Create-PowerSchemeTiles.ps1
#
# Creates live tiles for all configured power schemes on the machine and pins them to
# the start screen.
#
#
# Usage:
# .Create-PowerSchemeTiles.ps1
#
# Written by Tom-Inge Larsen (<a href="http://www.codesalot.com">http://www.codesalot.com</a>)
#
#####################################################################################

Function CreatePowerSchemeTile
{
    Param
    (
        [parameter(Mandatory=$true)][String[]]$SchemeGUID,
        [parameter(Mandatory=$true)][String[]]$SchemeName
    )
Write-Verbose "Creating Windows shutdown tile to Start menu."

#create a new shortcut
$ShortcutPath = "$env:ProgramData\Microsoft\Windows\Start Menu\Programs\" + $SchemeName + ".lnk"
$Shortcut = $WshShell.CreateShortcut($ShortcutPath)
$Shortcut.TargetPath = "$env:SystemRoot\System32\powercfg.exe"
$arguments = "-s " + $SchemeGUID
$Shortcut.Arguments = $arguments
$Shortcut.Save()

#change the default icon of shortcut
$Lnk = $Desktop.ParseName($ShortcutPath)
$LnkPath = $Lnk.GetLink
$LnkPath.SetIconLocation("$env:SystemRoot\System32\ddores.dll",20)
$LnkPath.Save()

#pin application to windows Start menu
$Verbs = $Lnk.Verbs()
Foreach($Verb in $Verbs) {
    If($Verb.Name.Replace("&","") -match "Pin to Start") {
        $Verb.DoIt()
    }
}

If(Test-Path -Path $ShortcutPath) {
    Write-Host "Create" $SchemeName "tile successfully." -ForegroundColor Green
    } Else {
    Write-Host "Failed to create" $SchemeName "tile." -ForegroundColor Red
   }
}

$Shell = New-Object -ComObject Shell.Application
$Desktop = $Shell.NameSpace(0X0)
$WshShell = New-Object -comObject WScript.Shell
$plans = Get-WmiObject -Class win32_powerplan -Namespace root\cimv2\power
$regex = [regex]"{(.*?)}$"
foreach ($plan in $plans) {
    $planGuid = $regex.Match($plan.instanceID.Tostring()).groups[1].value
    $planName = $plan.ElementName.Tostring()
    Write-Debug $planGuid
    Write-Debug $planName
    CreatePowerSchemeTile -SchemeGUID $planGuid -SchemeName $planName
}