CCE unable to report into Office 365.

2x CCE Appliances. Both using the same username and password under tenant admin (checked using Get-CcCredential).

Auto Upgrade kicks in and both successfully upgrade to v2.0.0:


However looking in Office 365 Admin Portal we can see that one never checked back in with the mothership to say its upgraded:


Looking in the CceManagementService.log we saw the following:

"CceService Warning: 0 : Appliance Manager: Failed to Load or update tenant configuration. Exception: System.Management.Automation.CmdletInvocationException: Failed to logon with given credentials. Make sure correct user name and password provided. ---> Microsoft.Rtc.Admin.Authentication.CommonAuthException: Failed to logon with given credentials. Make sure correct user name and password provided. ---> Microsoft.Rtc.Admin.Authentication.IdcrlExtendedException: 
AuthState=0x80048800RequestStatus=0x80048820"

All checks that we could think of were performed (re-entering credentials, reboots, checking networking, proxies) but to no avail.

Opened a ticket with Office 365 support who at the outset seemed equally as confused. It should be noted that all through this the VM's continued to work fine and calls were traversing the CCE's - it was "only" the management service that was failing to login.

While this was happening, version 2.0.1 of CCE was released and BOTH hosts upgraded themselves:


even though still in the portal only one was reporting back in:


Eventually a reply came back to try to upgrade the Skype for Business Online, Windows PowerShell Module to a newer version, taking it from:


to:


And after restarting the Management Service we have success:



The explanation I had back from Microsoft Support was the tenant was enabled for ADAL and the latest PowerShell supports MFA enabled accounts. They were unable to explain why this was only affecting one CCE though.......

Skype Room System v2 custom image guide

Working at Modality Systems means that we get access to future tech by being part of the TAP programs for Skype for Business, usually that’s access to early versions of software (such as the redesigned Mac client, Teams, or pre-release Cumulative Updates) or new features being enabled on our Office 365 tenant (such as Auto Attendant, and Call Queues).

Iain Smith managed to get us onto the Rigel TAP program and have been using beta hardware devices in both of our main meeting rooms in our St Albans office for a fair few months going through different iterations of the software. Recently Logitech gave us a one of their Smart Docks which we have put to good use in our boardroom. The extender cable system means we can easily have the console of the Skype Room System v2 in the centre of the room driving the two Front of Room displays.

Recently Microsoft released the documentation for how to put a custom image onto the device but the documentation is clearly a v1 as it doesn’t give the full information about how the image will work over the screens.

I’ve spent a little while playing with the images and have found the following:

The SRSv2 can be deployed with either a single Front of Room display or dual displays, but for both you need to create an image that is 3840X1080 pixels. This is 2x Full HD screens stitched together. So even if your SRS has a single screen then you are require to create the same size file but it will use the right hand side of the image only.

However there is a complication in that the console will also use this image, however it is not a Full HD screen. As such I've produced the following image that you can use as a template for your SRSv2's


This image and the associated SkypeSettings.xml can be found here): 

A device with dual Front of Room displays will show the red rectangle on the left screen, the yellow and blue rectangle on the right hand screen. The console will only show the yellow rectangle (which makes the console screen resolution 1620X1080 pixels).

If you device only has a single Front of Room display then you still need to create an image that 3840X1080 pixels however only the right hand side is used.

To demonstrate this here are some images of the two meeting rooms in the Modality Systems St Albans office with the above image on both:

Single Front of Room screen system:





Dual Front of Room screen system:



If you have any questions about the SRSv2 please let me know in the comments and I'll do my best to help.

LS Data MCU error on Lync 201x & SfB 2015 after May 2017 OS patching

Update 23/05/2017 23:12 - Official confirmation should appear under https://support.microsoft.com/en-gb/help/4023993 within 24 hours. Product Group have Development Resource assigned so looks like a CU will be coming to fix this.

Seeing multiple customers on Lync 2010, Lync 2013 and Skype for Business server 2015 front ends:

Front End event log every minute, Event ID 41026 followed by 41025:




"No connectivity with any of Web Conferencing Edge Server, External Skype for Business clients cannot use Web Conferencing modality

On the Edge server seeing the following:


"Web Conferencing Server connection failed to establish

Over the past 3 minutes Skype for Business Server has experienced incoming TLS connection failures 1 times(s). The error code of the last failure is 0x80072746 and the last connection was from the host ""."

After trying disabling IP 6 on FE and Edge:

and “On FE you can change IIS Web sites bindings to IPv4 IP address instead of all unassigned.”


The fix so far was to uninstall the May Security and Quality rollup for the .Net Framework 4.5.2, reading the release notes this hardens TLS communications for EKU so seems to fit with the error messages being shown

Server 2012: https://support.microsoft.com/en-gb/help/4014513

Server 2012 r2: https://support.microsoft.com/en-gb/help/4014597

Logged with Microsoft as ticket 117051115723411

Update 21:54 (changed title as well):

Confirmed by Microsoft as known issue and public KB is being prepared:

"This update adds an additional check on Enhanced Key Usage (EKU), since all Lync/ SfB Server usually use the Web Server template they will only have the Server Authentication in the EKU."

Issue has been reproduced on Lync 2010, Lync 2013 and Skype for Business 2015 on all supported server versions (2008r2, 2012, 2012r2).

Current Workarounds:

1 - Request new Edge Internal certificate with the Client and Server Authentication.

OR

2 - On the Front Ends disable the check for the Web Conferencing Service. Please note that these registry keys are for the default install locations.

Lync Server 2010:

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\System.Net.ServicePointManager.RequireCertificateEKUs /v "C:\Program Files\Microsoft Lync Server 2010\Web Conferencing\DataMCUSvc.exe" /t REG_DWORD /d 0 /f

Note: Lync Server 2010 still uses the .NET 3.5 this is why we have the v2.0.50727.

Lync Server 2013:

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.RequireCertificateEKUs /v "C:\Program Files\Microsoft Lync Server 2013\Web Conferencing\DataMCUSvc.exe" /t REG_DWORD /d 0 /f

Skype for Business Server 2015:

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.RequireCertificateEKUs /v "C:\Program Files\Skype for Business Server 2015\Web Conferencing\DataMCUSvc.exe" /t REG_DWORD /d 0 /f

After adding the registry key simply restart the Web Conferencing service

Thanks to David Paulino (Twitter) at Microsoft for the update.

Update 22nd May 2017 11:07
Seeing different items broken in different environments from the following list: Q and A, Screen Share, Whiteboard, PowerPoint sharing via OWAS/WAK/OOS (Thanks Py7h0n and others for reporting).

Windows Server 2012 Windows Update taking ages

There's a known issue at the moment with server patching when you have the Desktop Experience feature installed (which means Lync/Skype for Business FE's).

Running check now results in the never ending progress bar:



and looking in the WindowsUpdate.log file we never see any progress.

Speaking to Microsoft support this is due to a bug in Adobe Flash and its interaction with the WU client. If you look at your processor usage you can see that the Windows Update process is running, it's just that you are getting no feedback.

On one server I started this process running on 23rd April and it finally finished with patches available on the 6th May:


So if you have the time to wait then this does work (no need to try to kick it by deleting stuff, re-registering DLL's, or performing any of the voodoo that you can find suggested in the TechNet forums!).

If you don't have this time then the advice I had from Microsoft was:
  1. Install MS17-005: Security update for Adobe Flash Player: February 21, 2017 (Use the Microsoft Update Catalog) :-
    https://support.microsoft.com/en-us/help/4010250
    Reboot
  2. Install MS17-023: Security update for Adobe Flash Player: March 14, 2017 (Use the Microsoft Update Catalog) :-
    https://support.microsoft.com/en-us/help/4014329
    Reboot
  3. Check for updates (should be back to normal speed).
If that doesn't work then:

Remove the Desktop experience feature and then check for updates. To remove do the following:

  1. Open Server Manager on the machine.
  2. Click on Manage>> Remove Roles and Features.
  3. We have to then be on the features tab and then under "User Interfaces and Infrastructure" uncheck "Desktop Experience" and the click next and finish











Modality Systems CustomInvite tool AD/GPO deployment an (almost) step by step

Working for Modality Systems has been a blast for the last 18 months and for the last few I was helping to look after internal IT while we recruited for a new IT Manager (Welcome Dan!) PS - we're always on the look out for top talent to join us.

One of the reasons that we are Partner of Year (Communications) is our vibrant dev team who have publically released some brilliant tools over the years such as SuperToast (which I was pushing back in 2012!!), and the Business Applications suite. This is alongside the tons of custom development work that they do for customers (I'd love to blog about this but our Dev MVP Tom Morgan will have beaten me to it!).

Our newest public release is CustomInvite. This is not a post about how good the software is (it is very cool), instead this is about how I deploy versions to staff machines so we can dogfood drink the champagne of our award winning tool.

As yet we are not using System Centre Configuration Manager to deploy software through the Modality estate so I had to go back to good old system startup scripts (advantage - FREE!). Our users have domain joined machines in the main with Direct Access back to the corp network so this method would work for the majority of users. We have a mixed estate of both Office 2013 and 2016 and a mixed "bitness" of Office of both 32 and 64 bit. Most third party addins like CustomInvite are only designed for 32 bit Office but our dev team have made sure 64 bit is treated like a first class citizen too!

First part of the deployment is to get the files into AD. We have 4 files that come from CustomInvite and then another two files that we are going to create manually.

The first two files to deploy are the GroupPolicy Template files that need do be dropped onto a domain controller:

File Location
CustomInvite.admx C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions
CustomInvite.adml C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\en-US


Now we have these files in AD (wait for replication) its time to setup your policy for your templates. The pre-requisites for this is that you have your RTF templates stored on a UNC share somewhere (or you know where that will be). Now you can create a Group Policy Object like so:


  1. The name of the default template that CustomInvite should load
  2. Your license code
  3. How often CustomInvite should look for new templates in.....
  4. ......this UNC location
Note that this is a Computer Configuration and that the User Configuration is disabled.

Next part is to create the GPO that installs CustomInvite. I separate this out into a second GPO so that I can have multiple versions of the GPO to target different teams with different installs.

This GPO simply has a Computer Startup Script that does the actual install:

  1. The script file that will run
  2. Forcing the PC to wait for the network (otherwise the script may not be found).
Note that this is a Computer Configuration and that the User Configuration is again disabled.

Note that the script is a simple batch file and the run time for a PC connected over home broadband is about ~5 seconds:


The contents to the batch file is as follows:

------------

REM --------------------------------------------------------------------------------------------------------------------
REM  Installs CustomInvite
REM --------------------------------------------------------------------------------------------------------------------

REM --------------------------------------------------------------------------------------------------------------------
REM  Changelog
REM
REM 20170130 - DLL looked for changed from "Modality.LyncAppointmentAddin.dll" to "Modality.CustomInvite.dll"
REM 20170207 - Added in variable names to make future updates easier
REM --------------------------------------------------------------------------------------------------------------------

REM --------------------------------------------------------------------------------------------------------------------
REM  How to use
REM  Ensure you have the two install files in the same directory as this script file.
REM  Install files need to have the name "CustomInvite_Outlookx##_?.??.msi"
REM  Where "#" is the bitness of the version file (86 or 64)
REM  and ?.?? is the version number.
REM  Once you have these then you can amend the variables below

REM --------------------------------------------------------------------------------------------------------------------
REM  Variables
REM

Set _CustomInviteVersion=2.20
Set _32BitCustomInviteVersion=2.20.6247.28084
Set _64BitCustomInviteVersion=2.20.6247.28179
Set _OUFolderName={C0B66EA0-1F62-4977-A716-8AAEE5996CF8}

REM --------------------------------------------------------------------------------------------------------------------
REM  SHOULDN'T NEED TO AMEND ANYTHING PAST THIS LINE
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM 
REM   Seriously - here be dragons!
REM --------------------------------------------------------------------------------------------------------------------

SET WMICCommand="WMIC Path CIM_DataFile WHERE Name='C:\\Program Files (x86)\\Modality Systems\\CustomInvite\\Modality.CustomInvite.dll' Get Version"
FOR /F "skip=1" %%X IN ('%WMICCommand%') DO (
IF %%X == %_32BitCustomInviteVersion% GOTO :foundCustomInviteX86
)


SET WMICCommand="WMIC Path CIM_DataFile WHERE Name='C:\\Program Files\\Modality Systems\\CustomInvite\\Modality.CustomInvite.dll' Get Version"
FOR /F "skip=1" %%X IN ('%WMICCommand%') DO (
IF %%X == %_64BitCustomInviteVersion% GOTO :foundCustomInviteX64
)
echo %date% %time% - WARN - CustomInvite %_CustomInviteVersion% NOT found on %computername% >> \\mk-dc-01\SoftwareDistribution\CustomInvite\log\Install.txt


REM --------------------------------------------------------------------------------------------------------------------
REM  Check Registry for Outlook Bitness
REM --------------------------------------------------------------------------------------------------------------------

SET BN_VALUE="?"
FOR /F "TOKENS=3 SKIP=2" %%A IN ('REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Office\ClickToRun\Configuration" /v Platform') DO (SET BN_VALUE=%%A)
if %BN_VALUE% EQU x64 goto x64CTR
if %BN_VALUE% EQU x86 goto x86CTR

FOR /F "TOKENS=3 SKIP=2" %%A IN ('REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Office\16.0\Outlook" /v Bitness') DO (SET BN_VALUE=%%A)
if %BN_VALUE% EQU x64 goto x64Office2016
if %BN_VALUE% EQU x86 goto x86Office2016

FOR /F "TOKENS=3 SKIP=2" %%A IN ('REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Office\15.0\Outlook" /v Bitness') DO (SET BN_VALUE=%%A)
if %BN_VALUE% EQU x64 goto x64Office2013
if %BN_VALUE% EQU x86 goto x86Office2013

if %BN_VALUE% EQU "?" goto OutlookNotFound


REM --------------------------------------------------------------------------------------------------------------------
REM  Log Outlook Bitness
REM --------------------------------------------------------------------------------------------------------------------

:x86CTR
echo %date% %time% - INFO - Office ClickToRun x86 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto InstallX86

:x64CTR
echo %date% %time% - INFO - Office ClickToRun x64 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto InstallX64

:x86Office2016
echo %date% %time% - INFO - Office 2016 x86 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto InstallX86

:x64Office2016
echo %date% %time% - INFO - Office 2016 x64 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto InstallX64

:x86Office2013
echo %date% %time% - INFO - Office 2013 x86 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto InstallX86

:x64Office2013
echo %date% %time% - INFO - Office 2013 x64 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto InstallX64




REM --------------------------------------------------------------------------------------------------------------------
REM  Install X86 Version
REM --------------------------------------------------------------------------------------------------------------------

:InstallX86
Echo %date% %time% - INFO - Attempting install of CustomInvite %_CustomInviteVersion% x86 on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
C:
MD c:\ModalityCustomInvite
CD c:\ModalityCustomInvite
Copy \\DOMAINNAME\SysVol\DOMAINNAME\Policies\%_OUFolderName%\Machine\Scripts\Startup\CustomInvite_Outlookx86_%_CustomInviteVersion%.msi c:\ModalityCustomInvite
MSIEXEC /passive /i CustomInvite_Outlookx86_%_CustomInviteVersion%.msi 
del CustomInvite_Outlookx86_%_CustomInviteVersion%.msi
SET WMICCommand="WMIC Path CIM_DataFile WHERE Name='C:\\Program Files (x86)\\Modality Systems\\CustomInvite\\Modality.CustomInvite.dll' Get Version"
FOR /F "skip=1" %%X IN ('%WMICCommand%') DO (
IF %%X == %_32BitCustomInviteVersion% GOTO :InstalledCustomInviteX86 
)
Echo %date% %time% - FAIL - CustomInvite %_CustomInviteVersion% x86 Failed to install on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto End


REM --------------------------------------------------------------------------------------------------------------------
REM  Install X64 Version
REM --------------------------------------------------------------------------------------------------------------------

:InstallX64
Echo %date% %time% - INFO - Attempting install of CustomInvite %_CustomInviteVersion% x64 on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
C:
MD c:\ModalityCustomInvite
CD c:\ModalityCustomInvite
Copy \\DOMAINNAME\SysVol\DOMAINNAME\Policies\%_OUFolderName%\Machine\Scripts\Startup\CustomInvite_Outlookx64_%_CustomInviteVersion%.msi c:\ModalityCustomInvite
MSIEXEC /passive /i CustomInvite_Outlookx64_%_CustomInviteVersion%.msi 
del CustomInvite_Outlookx64_%_CustomInviteVersion%.msi
SET WMICCommand="WMIC Path CIM_DataFile WHERE Name='C:\\Program Files\\Modality Systems\\CustomInvite\\Modality.CustomInvite.dll' Get Version"
FOR /F "skip=1" %%X IN ('%WMICCommand%') DO (
IF %%X == %_64BitCustomInviteVersion% GOTO :InstalledCustomInviteX64
)
Echo %date% %time% - FAIL - CustomInvite %_CustomInviteVersion% x64 Failed to install on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto End


REM --------------------------------------------------------------------------------------------------------------------
REM  Found Correct Custom Invite x86 Version
REM --------------------------------------------------------------------------------------------------------------------
:FoundCustomInvitex86
echo %date% %time% - INFO - CustomInvite %_CustomInviteVersion% x86 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto end

REM --------------------------------------------------------------------------------------------------------------------
REM  Found Correct Custom Invite x64 Version
REM --------------------------------------------------------------------------------------------------------------------
:FoundCustomInvitex64
echo %date% %time% - INFO - CustomInvite %_CustomInviteVersion% x64 found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto end


REM --------------------------------------------------------------------------------------------------------------------
REM  Installed Correct Custom Invite X86 Version
REM --------------------------------------------------------------------------------------------------------------------
:InstalledCustomInviteX86
echo %date% %time% - GOOD - CustomInvite %_CustomInviteVersion% X86 Installed on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto end

REM --------------------------------------------------------------------------------------------------------------------
REM  Installed Correct Custom Invite X64 Version
REM --------------------------------------------------------------------------------------------------------------------
:InstalledCustomInviteX64
echo %date% %time% - GOOD - CustomInvite %_CustomInviteVersion% X64 Installed on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto end

REM --------------------------------------------------------------------------------------------------------------------
REM  Outlook not found
REM --------------------------------------------------------------------------------------------------------------------
:OutlookNotFound
echo %date% %time% - FAIL - Outlook not found on %computername% >> \\SERVERNAME\SoftwareDistribution\CustomInvite\log\Install.txt
goto end


REM --------------------------------------------------------------------------------------------------------------------
REM  Finish
REM --------------------------------------------------------------------------------------------------------------------
:end



-----------

NOTE: Even thought the script says "SHOULDN'T NEED TO AMEND ANYTHING PAST THIS LINE" you'll need to change "DOMAINNAME" to your domain name and "SERVERNAME" to the server name where the log file is going to be written too.

In essence the script does the following:

  1. Sets some variables for the version of CustomInvite we are installing
  2. Checks to see if that version is installed (first 32 then 64 bit) - if found > LOG > END
  3. Checks the bitness of the installed version of Outlook > LOG (if not found LOG > END)
  4. Installs (or updates) the correct bitness of CustomInvite and tests if installed > LOG (if install fails LOG > END)

In future when a new version of CustomInvite is released you can simply update this one script file or copy the GPO and create a new version for each install (that's the "Variables" bit in the script!)

A copy of the script file is hosted here too.

Once you have amended the file to fit your environment and downloaded the files you should end up with a Group Policy Object folder that looks like the following:



You'll also need a network share that has READ/WRITE access for the log file to be written too:


Hopefully this is enough to help you get up and running with CustomInvite. If you would like some adhoc support on this process please comment and I'll do my best to reply :-)

18 Months at Modality Systems

Wow, time does fly when you are having fun, I’ve now been at the multi-award winning Modality Systems for 18 months after a flippant tweet:


landed me a job interview.

And that’s the thing. There is no way I would ever have applied to work here, these guys are the Lync Skype for Business rockstars!

Tom A, Ben Lee, Tom Morgan, Justin Morris, etc etc

why would little ol’ me working for a housing association with my limited experience of Gateways and Contact Centres ever get considered for a job there?

It turns out that the main reason is attitude. I fit into the organisation as someone who champions (what I think) is the second best bit of software Microsoft produce - first for me is the killer combination of Exchange and Outlook – that tool runs my life - anyway, back on topic:

I love to learn about features, bugs, and finding things out about the underlying fabric (geek joke). And as my long suffering wife will attest, I’m usually reading Twitter and catching up on blogs most evenings (“put that phone away and watch the film” – Valentines 2015).

So what am I trying to say here?

In short – we're always on the lookout for new faces and we’ve got some jobs going here right now:

https://www.modalitysystems.com/careers/categories/uk

If you have experience with voice in Lync or Skype for Business (or even if you don't!) please throw your hat into the ring. Even if you think your experience with that Sonus and a single Front End its not going to be enough. Even if you think why would we need someone who only supports 50 people but you are excited for the technology. YOU are that person we are looking for. We can teach all the other stuff, but attitude and the eagerness to learn is what we prize here.

So what does Modality Systems offer in return?

Good salary, pension, healthcare. Cracking team events. Top notch Summer and Christmas parties.

Check out Glassdoor for some reviews of us. Staff turnover is very low so we must be doing something right. :-)

You can't join a meeting from outside Lync 2013, Lync 2010, or Skype for Business on iOS

Every time Apple updates the IOS operating system it appears to break the meeting join functionality for the Lync/Skype for Business app. I'm tracking here when the Server CU comes out that fixes this, when and with what CU:

Last updated: 17th November 2016

Version KB Skype for Business 2015 Lync 2013 Lync 2010
IOS 10
3204849 - Nov 2016
6.0.9319.272
3204546 - Nov 2016
5.0.8308.974
IOS 9.2 - 9.x



IOS 9.0 - 9.1