One of the main feedback we got is to add the EDGE Servers information to the script as well so users can get a full picture of the assigned certificates in their environment.
We’ve did some research and tests a couple of alternatives and we finally were able to pull the EDGE certificates information using PSRemoting.
In order to retrieve the Certificates information from the EDGE servers we need to use PSRemoting and Windows Remote Management for access.
This requires two major modifications:
1) On the Front End servers – Enabling TrustedHosts configurations:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value “*” -Force
2) On the EDGE servers – Enabling HTTP Compatibility Listener for Remote access:
Set-Item WSMan:\localhost\Service\EnableCompatibilityHttpListener -Value True
Once enabled, you need to make sure port 80 is enabled from the computer where the script run to the EDGE internal IP.
Another options is to open the default PSRemoting Port as well (5895) and make sure to change the Parameter in the script ($PSRemoteConnectionPort).
To view existing listeners, you can use the following command:
winrm enumerate winrm/config/listener
1) Retrieving all Lync Front End Pools Certificates information
2) Retrieving all Lync Front End Pool Certificates information in addition to the EDGE Servers and OWAS Servers
.\LyncCertReport-v0.46.ps1 -EdgeCertificates -OWASCertificates
3) Retrieving all Lync Front End Pool Certificates information in addition to the EDGE Servers
4) Retrieving all Lync Front End Pool Certificates information in addition to the OWAS Servers
5) Retrieving a spesific Front End Pool Certificates information
Exchange Online Auto Attendant does not transfer calls to extensions in Skype for Business Server 2015
I’ve recently encountered a problem after upgrading my production environment Skype for Business Server 2015 with normalizing extension numbers coming from the Exchange Online Auto Attendant.
In my company we have integration between Exchange Online and Skype for Business Server 2015 On-Premises and one of the management requirements is to have granular Auto Attendant features with Menu navigation.
In order to achieve this, we are using the Exchange Online Auto Attendant features which allow you to transfer calls to Lync Users based on the user UM extension and the matching SIP address.
On Lync 2013 everything worked as expected and all calls were transferred to the right extension once the business hours menu navigation was on.
After upgrading to Skype for Business Server 2015, it turned out that during business hours when the Menu navigation was played, calls were not being transferred to Lync users, but just looping the Exchange auto attendant play message instead.
What was even weirder was the fact the if we switched the Auto Attendant to Off Business Hours when there is no menu navigation but just an option to enter a user extension, it did worked and the call was successfully transferred to the Lync user.
To make a long story short:
- Setting Enabling Business hours menu navigation with different prompt options which result in Extension transfer stopped working.
- Calling to the Auto Attendant on Non-Business hours where Menu Navigation is disabled result in a Voice command instructing you to type the actual extension of the user, once the extension was entered the call was transferred successfully.
Once we were able to reproduce the problem, we decided to take some logging on the Front-End’s to determine why there is a different behavior between typing an extension manually and choosing a menu selection for transfer a call to the exact same extension.
Scenario #1: Menu Navigation Enabled During Business Hours
In this scenario, I dialed to the Auto Attendant during Business Hours and selected option #4 in the menu navigation which supposed to transfer to me to extension 7089 which is my UM extension.
What you can see in the logs is that instead of translating my extension to my SIP address, the SfB server is trying to ring at 7089 number which does not resolve at a user and eventually a BYE is being sent back. You can also see it in the REFER messages that the REFER to is resolved to a number instead of SIP URI of my user.
Scenario #2: Menu Navigation Disabled During Non Business Hours
During Off Business Hours, the Auto Attendant does not play menu options, but just a general voice prompt saying: “Enter the extension of the person you calling”, once I hit the exact same extension number 7089, you can see it resulted in REFER TO that translated to the proper SIP Address of my user account and there the call is being transferred.
I’ve been told by a Microsoft engineer that it is seems to be a BUG within Skype for Business Server and the way it normalized those UM Extensions, and that they got a few calls already describing similar problem.
As of now, it seems the workarounds are either one of the following options until Microsoft will be able to fix it:
- Move the CsEXUmContact object back to a Lync 2010 / 2013 server if you have any server within the topology.
- Disable the Menu navigation option on the Exchange Auto Attendant side and allow to dialing direct extension with no key-mapping.
Update: Microsoft confirmed this behavior will be fixed in CU1 for Skype for Business Server.
One of my favorite scripts is Mike Pfeiffer Administrator Audit Log Reports in HTML Format script which allows you go get a daily HTML report via email of all the changes that we made on your on-premises environment.
This is actually a great way to monitor you environment, not specifically to blame someone if he something went wrong, but in case there are issues or human error, it allow you to look back in the history and see what changes were made any by who.
Office 365 Challenge
I was wondering to myself, how complicated would it be to use the same script , but make it work on Office 365 Exchange Online environment so we can get the same level of reporting and auditing changes, but on Exchange Online.
I’ve asked Mike for permission to take his script and together with Yoav Barzilay we modified it a bit, and we proudly presenting you with Get-ExchangeOnlineAuditReport, the same functionally but for Office 365 Environment
We’ve included the Exchange Online connectivity in the tool and also had some additional options such as including Proxy if you have any and also be able to load credentials directly from the credential manager instead of putting it hardcoded in the script exposes to all.
1. Creating a Generic Credential under the Credential Manager > Windows Credentials. The name appears in the “Internet or network address” is the name of the parameter of $TenantCredentialKey
2. Having an internal/external SMTP server that can relay your email messages, in case you don’t provide email parameters there will be a daily HTML file being put under the %TEMP% folder so you can access it manually.
1. Creating an HTML file with the report under the %temp% folder
2. Sending the Report VIA email (can be used in a scheduled task as well):
3. Sending the Report VIA email (can be used in a scheduled task as well) while having Proxy enabled on the server:
Just create a simple task with the following lines as the commands and make sure you run it with highest privileges:
1. Creating a daily HTML report in the %TEMP% Folder:
Powershell.exe -command “& ‘C:\Scripts\Get-ExchangeOnlineAuditReport.ps1′ -TenantCredentialKey ””
2. Creating a daily HTML report being sent via email:
Powershell.exe -command “& ‘C:\Scripts\Get-ExchangeOnlineAuditReport.ps1′ -TenantCredentialKey ” -To <firstname.lastname@example.org> -From <email@example.com> -SmtpServer “
3. Creating a daily HTML report being sent via email when Proxy is configured:
Powershell.exe -command “& ‘C:\Scripts\Get-ExchangeOnlineAuditReport.ps1′ -TenantCredentialKey ” -To <firstname.lastname@example.org> -From <email@example.com> -SmtpServer -ExchangeOnlineWithProxy”
Script: Connect to Office 365 PowerShell modalities at once by using Credential Manager for authentication
Recently I’ve found myself connecting to a lot of my customers online environments and even mine by using PowerShell with the annoying habit of searching Google/Bing for the following phrases:
- Connect to Exchange online using PowerShell
- Connect to Lync online using PowerShell
- Connect to Office 365 using PowerShell
Though it’s relatively not a complicated task to do or remember, it’s still a 3-steps process that also includes providing credentials every time for every modality.
In order to solve this extremely awful situation , I’ve decided to write a script which allows the following major options:
- Being able to use an existing credential out of the credential manager instead of typing the credential every time.
- Being able to connect to all modalities at once instead of doing it one at a time by just specifying the required parameters.
- Being able to connect to Exchange online by using IE Proxy settings for companies who uses proxy servers to connect
Connect to Office 365 Only:
- .\Get-MeOnline.ps1 -TenantCredentialKey -Office365Online
Connect to all modalities at once:
- \Get-MeOnline.ps1 -TenantCredentialKey -Office365Online -ExchangeOnline -LyneOnline
Connect to Exchange Online:
- .\Get-MeOnline.ps1 -TenantCredentialKey -ExchangeOnline
Connect to Exchange online while you have Proxy setting configured in your IE:
- .\Get-MeOnline.ps1 -TenantCredentialKey -ExchangeOnlineWithProxy
Connect to Lync / Skype for Business Online:
- .\Get-MeOnline.ps1 -TenantCredentialKey -LyneOnline
There are few prerequisites in order for the script to work:
- Creating a Generic Credential under the Credential Manager > Windows Credentials. The name appears in the “Internet or network address” is the name of the parameter.
- Making sure all Online modules are installed (Azure Module, Skype for Business Online connector)
Please provide any feedback or suggestions if you have any.
Skype for Business Server 2015 Call Quality Dashboard (CQD) Does not display data after initial deployment
After deploying the Call Quality Dashboard (CQD) from Microsoft on a new server, I ran into a problem where the CQD portal was not showing any data and returned a problem saying:
We couldn’t perform the query while running it on the Cube. Use the Query Editor to modify the query and fix any issues. Also make sure that the Cube is accessible.
In order to solve it, I had to process the CUBE object and make sure it’s accessible.
1. Open SQL Management Studio and select Analysis Services:
2. Expand the QoECube object and choose the Cube of QoE Metric.
Right click and click Browse. if that returned empty browser on the right side, it means the cube hasn’t been proceed yet and we need to process it.
3. Right click the QoE Metric cube object and Select Process.
4. After the processing has done, right click on the object again and select Browse to see if the browser page show relative data:
5. Once you successfully able to browse, you should be able to access the CQD dashboard and see content:
One of the new features introduce for Skype for Business Server 2015 is the Call Quality Dashboard (CQD):
The Skype for Business Server 2015 Call Quality Dashboard (CQD) is a reporting layer on top of the Quality of Experience Database in the Monitoring Server in Skype for Business Server 2015 and Lync Server 2013. CQD uses Microsoft SQL Server Analysis Services to provide aggregate usage and call quality information as well as filtering and pivoting on the data set.
The Call Quality Dashboard consists of several databases, Microsoft SQL Agent jobs, processes, and web applications. The Microsoft SQL Agent jobs periodically copy data from the QoE Metrics database into the QoE Archive database and processes the Cube with the data in the QoE Archive database. The Repository database stores the report definitions that power the Portal. The Portal provides browser access to the Cube data.
The CQD components, including the QoE Archive, Cube, and Repository databases, can be installed on the Monitoring Server, installed on its own server, or installed across multiple servers. The particular installation method depends on the performance demands of CQD as well as impact to other processes on the same servers.
Call Quality Dashboard (QCD) consists of three major components:
- Archive Database, where the Quality of Experience (QoE) data is replicated and stored.
- Cube, where data from QoE Archive database is aggregated for optimized and fast access.
- Portal, where users can easily query and visualize QoE data.
CQD utilizes Microsoft SQL Server, Microsoft SQL Analysis Server, and Microsoft Internet Information Server so CQD’s minimum hardware and software requirements are basically the same as those dependent components. However, based on the organization’s requirements around data freshness (which will depend in part on the volume of QoE data the organization generates) and deployment cost, additional deployment considerations should be made.
The following versions of SQL Server are supported:
- SQL Server 2008 R2
- SQL Server 2012
- SQL Server 2014
Please note that both for the Cube and analysis services required SQL Enterprise Edition is recommended but not requited.
Business Intelligence or Enterprise edition is recommended for performance reasons. These editions allow use of multiple partition files that can be processed in parallel, which is beneficial for processing data spanning multiple months or longer.
While not recommended, Standard edition is supported as well. Processing will be constrained to a single partition (which needs to be configured during setup).
You can follow those guidelines in order to upgrade SQL STD to SQL ENT.
the following steps are taken from the Microsoft TechNet: Deploy Call Quality Dashboard for Skype for Business Server 2015
1. Download and copy the CallQualityDashboard.msi to the machine where the archive database component of CQD is to be installed (this is the machine that has SQL Server installed).
2. Execute the MSI (Windows will prompt to run with administrator privilege, do so).
3. Accept the EULA.
4. Select the destination folder where files related to Call Quality Dashboard components will be located or accept the default location.
5. Select all features.
6. At the QoE Archive Configuration page, provide the following information:
- QoE Metrics SQL Server: SQL Server instance name for where the QoE Metrics DB is located (this will be the data source).
- QoE Archive SQL Server Name: This is read-only field and fixed to the fully qualified domain name of the local machine. Archive DB can be installed only on the local machine.
- QoE Archive SQL Server Instance: A local SQL Server instance name for where the Archive DB is to be created. To use a default SQL Server instance, leave this field blank. To use a named SQL Server instance, specify the instance name (e.g. the name after the “\”).
- QoE Archive Database: By default, this option is set to “Create new database”. Since Archive DB upgrade is not supported, the only circumstance under which the “Use existing database” option can be used is if the existing Archive database has the same schema as the build to be installed.
- Database File Directory: Path to where the database files (.mdf and .ldf) for the Archive DB should be placed. This should be on a drive (HDD2 in the recommended hardware configuration) separate from the OS. Note that since the file names are fixed in the install, to avoid any potential conflict, it is recommended that a blank directory with no files be used.
- Use Multiple Partitions: The default is set to “Multiple partition”, which requires Business Intelligence edition or Enterprise edition of SQL Server. For Standard edition, select “Single Partition” option. Note that cube processing performance may be impacted if Single Partition is used.
- Partition File Directory: Path to where the partitions for the QoE Archive database should be placed. This should be on a drive (HDD3 in the recommended hardware configuration) separate from the OS drive and SQL database log files drive. Note that since the file names are fixed in the install, to avoid any potential conflict, it is recommended that a blank directory with no files be used.
- SQL Agent Job User – User Name & Password: Domain service account name and password (masked) that will be used to run the “QoE Archive Data” step of the SQL Server Agent job (which will run the stored procedure to fetch data from QoE Metrics DB into Archive DB, so this account must have read access to QoE Metrics DB, as indicated under Accounts section. This account also needs to have a login in the QoE Archive SQL Server Instance).
Please use DOMAIN\USERNAME convention as UPN is not supported.
If you don’t have SQL Enterprise edition and you choose Multiple Partition, the following error message will appear:
You can choose Single Partition to install it on STD edition:
7. Upon clicking next, the installer will perform pre-requisite checks and report if any issues are encountered. When all pre-requisite checks pass, the installer will go to the Cube Configuration page.
8. At Cube Configuration page, provide the following information:
- QoE Archive SQL Server Name: This is read-only field and fixed to the fully qualified domain name of the local machine. Cube can be installed only from the machine that has QoE Archive database (Note. Cube itself may be installed on a remote machine. See below)
- QoE Archive SQL Server Instance: SQL Server instance name for where the QoE Archive DB is located. To specify a default SQL Server instance, leave this field blank. To specify a named SQL Server instance, enter the instance name (e.g. the name after the “\”). If QoE Archive component was selected for the install, this field will be pre-populated with the value provided on the QoE Archive Configuration page.
- Cube Analysis Server: SQL Server Analysis Service instance name for where the cube is to be created. This can be a different machine but the installing user has to be a member of Server administrators of the target SQL Server Analysis Service instance.
- Use Multiple Partitions: The default is set to “Multiple partition”, which requires Business Intelligence edition or Enterprise edition of SQL Server. For Standard edition, select “Single Partition” option. Note that cube processing performance may be impacted if Single Partition is used.
- Cube User – User Name & Password: Domain service account name and password (masked) that will trigger the cube processing. If QoE Archive component was selected for the install, this field will be pre-populated with the value provided on the Archive Configuration page for the SQL Agent Job User, but we recommend specifying a different domain service account so that Setup can grant the least required privilege to it.
9. When clicking next, another round of validation will be performed and any issue will be reported. Upon successful completion of the validation, the installer will go to the Portal Configuration page.
10. At Portal Configuration page, provide the following information:
- QoE Archive SQL Server: SQL Server instance name for where the QoE Archive database is located. Note that unlike the QoE Archive Configuration page and the Cube Configuration page, the machine name is not fixed and must be provided. If QoE Archive component was selected for the install, this field will be pre-populated with the value provided on the QoE Archive Configuration page.
- Cube Analysis Server: SQL Server Analysis Service instance name for where the cube is located. If Cube component was selected for the install, this field will be pre-populated with the value provided on the Cube Configuration page.
- Repository SQL Server: SQL Server instance name where the Repository database is to be created. If the SQL Server instance name for where the QoE Archive database is located has been provided earlier in the setup (in other components), this field will be pre-populated with the QoE Archive DB SQL Server instance name. This can be any SQL Server instance.
- Repository Database: By default the option is set to “Create new database”. Since Repository DB upgrade is not supported, the only circumstance under which the “Use existing database” option can be used is if the existing Repository DB has the same schema as the build to be installed.
- IIS App Pool User – User Name & Password: The account that the IIS application pool should execute under. The User Name and Password fields will be grayed out if built-in system accounts are selected. These fields will only be enabled if “Other” is selected from the drop down box so the user can enter the domain service account information.
11. When clicking next, the final round of validation will be done to ensure that the SQL Server instances are accessible using the credentials provided and that IIS is available on the machine. Upon successful completion of the validation, the installer will proceed with the setup.
12. When the installer is done, most likely the SQL Server Agent job will be in progress, doing the initial load of the QoE data and the cube processing. Depending on the amount of data in QoE, the portal will not have data available for viewing yet.
13. The main portal page is accessible via http://<machinename>/CQD
Known Issues and notes from the deployment in my Lab environment:
- If you decided to install the CQD on the same server that host the existing Skype for Business SQL Reporting service, be aware the the Default Web Site is already reserved for the reporting service and therefore you’ll need to change default Web site binding port.
- If you decide to go forward with Multiple partition, make sure the SQL instance is configured as ENTERPRISE edition and has the Analysis service running
- If you have SQL Server 2008 R2 STD, make sure you upgrade it to SP2
- Make sure the SQL Agent Service for the instance is running
- Restart the SQL services / server before installing the CQD or after upgrading to ENT, otherwise the CUBE won’t allowed to continue in setup
- QoE data and the cube processing may take some time for initially load the data using the existing stored procedure.
- Some advanced configuration are required for setting authorization and access rules, those are detailed explained in the following URL: https://technet.microsoft.com/en-us/library/mt126252.aspx
- After users are authenticated by IIS, they will have to have file permissions on the CQD directory in order to access the web portal content. It is possible to change the ACLs through the security tab of the CQD directory properties to add individual users or groups; however the recommended approach is to leave the file permissions untouched. Instead, change the IIS setting to use the IIS worker process to access the CQD directory no matter which user is authenticated.
- In rare cases, the installer fails to create the correct settings in IIS. Manual change is required to allow users to log into the CQD and change the default authentication configurations and enable Extended Protection on the Windows Authentication Advanced tab:
those steps needs to be repeated for each of the “CQD”, “QoEDataService”, and “QoERepositoryService” entries below “Default Web Site”.
Microsoft releases MS15-044: Description of the security update for Lync 2013 (Skype for Business): May 12, 2015
This security update resolves a vulnerability in Microsoft Lync that could allow information disclosure if a user opens a specially crafted Lync meeting request.
This security update for Microsoft Lync 2013 includes the new Skype for Business client.
- Get the 32-bit version of Lync 2013 (Skype for Business)
- Get the 64-bit version of Lync 2013 (Skype for Business)
- KB 3051158 “Help isn’t working” error occurs when you open the “Skype for Business Help” window in Skype for Business
- KB 3051516 “Copy” and “Select All” menu items are disabled for the first instant message in a conversation in Skype for Business
- KB 3053114 Cannot open links without the “http://” prefix and the links that are to a OneNote page in Skype for Business
- KB 3051160 Cannot join meetings by using Lync 2010 after you install OneDrive for Business
- KB 3053998 Memory leak occurs when you transfer a file that is larger than 5 megabytes (MB) in a conversation in Skype for Business
- KB 3063382 Non-English localized strings are not updated in Outlook after you apply security update 3039779 for Skype for Business
- KB 3063390 Arabic text is not right-to-left aligned in meeting invitation body when you create a Skype for Business online meeting
Improvements and fixes
- May 12, 2015, security update for Skype for Business (Lync 2013) changes text strings in Outlook add-in
- KB 3057563 Outgoing calls are disconnected in Skype for Business or Lync 2013 when you press the Spacebar or the Enter key
- KB 3057559 Skype for Business or Lync 2013 client certificates do not begin to renew within the correct time before they expire
- KB 3057558 User interface is misaligned in tabbed conversation that is created after an RCC user ends a call in Skype for Business
- KB 3057556 “An error occurred during this screen presentation” error occurs in application sharing conference in Skype for Business
- KB 3057551 Cannot paste an image into an instant message in Skype for Business when you copy the image from Internet Explorer
- KB 3057550 Update enables users to copy instant messages without author name and time stamp in Skype for Business (Lync 2013)
- KB 3057549 The “Allow with URL” feature does not work in a client policy for Skype for Business in a Lync Server 2013 environment
- KB 3057548 Buttons are not displayed on sharing toolbar when you use full screen in a sharing session in Skype for Business
- KB 3057546 Lync 2013 does not show AD DS user’s display name in the toast notification of the first incoming PSTN call
- KB 3057545 HYPERLINK “<URL>” is displayed as a prefix of a pasted text in Notepad when you copy the text from Skype for Business
- KB 3057518 Presence status of a contact isn’t updated in your Skype for Business after the contact disconnects from network
- KB 3057517 Contact card appears when you click a URL that contains the “@” character in a received message in Skype for Business
- KB 3057516 Skype contacts can see your presence status after you remove them from contact list in Skype for Business
- KB 3054008 CPU usage increases largely when you have multiple animated emoticons in conversations in Skype for Business
- KB 3051517 Receiver cannot open or save transferred files in a chat room in Skype for Business
Q&A From Microsoft:
Q1. Is the Lync UI identical to the Lync 2013 UI? Are there changes or artifacts that administrators must be aware of?
A1. People who use the Lync UI in the new client will have an experience which is very close, but not identical to the old experience. Specifically, while the traditional Lync windows and controls are unchanged, the task tray icon, the menu item in Windows, and several buttons in Outlook reflect the new Skype brand. We unfortunately do not have the ability to change the behavior of these artifacts in Windows and Outlook. There is one additional artifact which is under administrator control, which is whether the Skype for Business first run experience is displayed. This may be suppressed as described below.
Q2. Is it possible to apply the May update and suppress all Skype for Business artifacts?
A2. No. The task try icon, the menu item in Windows, and several buttons in Outlook will reflect the new Skype brand even if the Lync UI is selected. We do not have the ability to change the behavior of these artifacts in Windows and Outlook. This is because, as with any other Microsoft or 3rd party program that integrates with Windows or Office, we must conform to published standards and interfaces covering application interaction. These standards and interfaces do not provide the ability to switch behavior of the noted artifacts.
Q3. Are there any other issues to keep in mind?
A3. Yes. It is important to keep in mind the user>site>global precedence of policy settings when designing and implementing readiness steps. In some cases, setting only a “global” policy will not be sufficient. In addition, if users in an organization use Lync Basic on their personal, unmanaged computers at home, it may be necessary to communicate the changes to those users since policy settings may not apply to those personal, unmanaged computers.
Q4. Why did we add the new UI to the existing Lync 2013 client rather than waiting for the next version of Office?
A4. We added the new UI to the existing Lync 2013 client in order to make it available to customers sooner, and to ensure that current Lync 2013 customers would have the option to use the new UI now rather than later. This allows them to take advantage of the familiar UI to accelerate adoption within their organizations. As noted above, the new Skype for Business client includes both the new UI and the existing UI – this gives customers the choice of delaying adoption if better for their users and processes.
- May 2015 Cumulative Update for Lync Phone Edition for Polycom CX500, Polycom CX600, and Polycom CX3000 (KB3050588)
- KB 3062287 Moscow time on a telephone plus one hour after you apply an October 2014 update for Lync Phone Edition
- KB 3061582 Lync Phone Edition for Aries telephones does not connect to Exchange Web Service through an HTTP proxy server
- KB 3061581 Users cannot sign in to Lync Phone Edition by using Aries or Tanjay telephones after they are migrated to Office 365
- KB 3050594 Lync Phone Edition crashes and then prompts you for PIN credentials or phone numbers in a Lync conference room
- KB 3050592 Lync Phone Edition signs out and then signs back in when it is in idle state
- KB 3027682 Lync Phone Edition restarts when all replica servers are shut down
- KB 3014922 Date format and ring tone are reset to the default value after you apply an update for Lync Phone Edition
- KB 3014921 Lync Phone Edition cannot automatically sign in when the primary front-end server that you register is shut down
- Microsoft Lync Phone Edition for Polycom CX500, Polycom CX600 and Polycom CX3000
- Version: 7577.4463
- File Name: UCUpdates.exe
- Date Published: 5/6/2015
- File Size: 27.0 MB
Microsoft released a new version of the KHI tools on 28-April-2015. this version of the KHI Tools is an update to an earlier version that was introduces as part of the Lync Networking Guide.
In this post I’ll go through the process of configuring the KHI by using the script and how to analyze the results.
Steps Required to use the KHI:
1. Download the new Key Health Indicators for Lync Server 2013 and Skype for Business Server 2015 and extract it content to a separate folder.
2. Copy the Create_KHI_Data_Collector.ps1 file to every Lync Server you would like to monitor and analyze the data for.
It is recommended to run it on the following servers:
- Lync Front End Server
- Lync Backend Servers (SQL)
- Mediation Servers (If are not collocated)
- EDGE Server
Please notethat if you already used the script from the previous Lync Networking guide, there is no need to run this script again.
3. The script itself contains a list of all Lync related counters and once we run it on the server it created a data collector set in which we need to configure in order to capture the raw data based on those counters and export it to a CSV file which later on can be analyzed by the Excel file Microsoft provided.
4. In order to run the script, we need to open any PowerShell windows with Admin rights and run it based on the server we have.
- Create_KHI_Data_Collector.ps1 –version Skype4B
- Create_KHI_Data_Collector.ps1 –version LyncServer2013
Another nice option Microsoft added to the script is the ability to run it against remote computer as well:
- Create_KHI_Data_Collector.ps1 –version Skype4B –computer fe1pool1.contoso.com
- Create_KHI_Data_Collector.ps1 –version LyncServe2013 –computer fe1pool1.contoso.com
5. Once the script is completed, in the Performance Monitor (perfmon.msc) we can see the new Data collector that was created under User Defined container named KHI:
6. Now that we have the data collector set with all the right counters created, we need to set an automatic schedule for it in order to have a daily log file of all the counter.
In order to set the setting, right-click on the KHI on left side pane and choose properties:
7. On the properties window, we have 5 different tabs we can configure:
- General – General Information on the data collector such as Keywords, Description and the user it runs with
- Directory – Here we need to set the directory where we want to keep all the daily log files. if this is a small environment you can keep the files on a local folder (C:\KHI) or you can choose write it to a Shared folder where all the servers will report to.
- Security – The user and groups and the permissions assigned for the specific Data Collector set
- Schedule – Here we can create one or multiple schedules to set when we want the Data Collector set to start collecting the counters data.
What I typically configure is a work-day set in order to have relevant data when the system is loaded with users and operations.
- Stop Condition – This is important as we don’t have another option on the Schedule tab to actually stop the scheduler if we want co collect data only during working hours. Here you can set the amount of hours you want to collect the logs for.
- Task – Here we can set additional parameters or arguments we want to add to the data collector.
8. Once the schedule is configured, you’ll notice that the Data Collector set will start generating a daily logs files based on the schedule we’ve set.
Please note that for the analyzing part, we need to have all logs from all the different servers within the same working folder, therefore it’s recommended to copy all relevant KHI files to a single folder.
9. Once we have the logs collected, we are ready to analyze them with the Key_Health_Indicators_-_Analysis_and_Definitions_Workbook.xlsm file.
Once opened, make sure you’ve eanbled both Editing and Content otherwise you won’t be able to analyze the logs.
10. Click on the Start button, and select the folder where you have the CSV file gathered and choose select.
If all files are set correctly the tool will notify us on the amount of files found in the folder and their total size.
In order to start with analyzing the files, choose OK
12. Once you clicked on the OK button, you’ll notice in the bottom bar of the Excel file that it notifying upon its progress:
13. Once completed, a few additional tabs will appear in the Excel file:
- Charts – Two charts are generated and should be your analysis starting point. The first chart (left-side) is a summary count of how many servers have KHIs beyond threshold per Ring.
The second chart (right-side) is a view of all the KHIs for each ring across all servers.
- Timeline – A new metric called “Burst Count” which analyzing the maximum values of the counters to decide if that happened only on a single instance or there were a number of instance causing the maximum burst.
- Pivots – The provided pivot table can pivot off Rings, Health, Server Role and Server Names. This is a very similar table to what was used in the previous version, with a better view and a few filters which helps determine the key areas which need further troubleshooting.
- Tables – The actual raw data that was analyzed for manual changes or for further troubleshooting or creation of additional pivots.
An Example of the Counters Pivot Table:
That’s it, I highly recommend to read the KHI_Guide.docx document which is provided as part of the KHI download, it contains a great list of explanations and definitions per each counter which helps determine what the counters are used for and what a bad sub-optimal value actually means.
I’ve decided to go ahead and compare between the existing PowerShell cmdlets index exist for Lync Server 2013 and the new index published for Skype for Business Server 2015.
This revealed a few new cmdlets which are pretty cool, especially around the AddressBookNormalization, Call-Via-Work, VIS and Failover/Failback scenarios as you can see below.
- Skype for Business Server cmdlets index
- Lync Server 2013 cmdlets index
- Skype for Business Server 2015 – New Commandlets (Randy Chapman)
- Debug-CsDataConference – Returns diagnostic information for the data conferencing capabilities included in Skype for Business Server 2015
- Debug-CsUnifiedContactStore – Verifies whether the contacts for a user (or group of users) are stored in the unified contacts store.
- Get-CsAddressBookNormalizationConfiguration – Returns the Address Book normalization configuration settings currently in use in the organization.
- Get-CsAddressBookNormalizationRule – Returns information about the Address Book normalization rules in use in the organization
- Get-CsCallViaWorkPolicy – this cmdlet to return call via work policies. Call via work policies enable and manage the characteristics of outbound calls placed through the Skype for Business client.
- Get-CsClsAgentStatus – return information about the ClsAgent service on the local machine
- Get-CsConversationHistoryConfiguration – Returns the conversation history configuration settings for the organization. These settings manage conversation histories for mobile device users.
- Get-CsPresenceManagementState – return the notification settings of a computer or pool. The management state settings determine the batching and timing of Skype for Business Server 2015 notifications.
- Get-CsThirdPartyVideoSystem – Returns information about Directory contact objects that represent a third-party video system. A third-party video system is a video teleconferencing (VTC) device that provides users with telepresence: the ability to participate in online meetings and conferences with full audio and video capabilities.
- Get-CsThirdPartyVideoSystemPolicy – Returns information about the third-party video system policies configured for use in the organization. These policies determine whether or not a VTC (video teleconferencing) device is allowed to send low-resolution video.
- Get-CsVideoInteropServerConfiguration – return information about Video Interop Server (VIS) configuration settings. VIS configuration settings are scoped to appropriate VIS instances, and will govern the behavior of those instance
- Get-CsVideoInteropServerSyntheticTransactionConfiguration – retrieve Video Interop Server (VIS) synthetic transaction configurations
- Get-CsVideoTrunk – list properties about the video trunks in your organization. Video trunks are Session Initiation Protocol (SIP) trunks between the Video Interop Server and a Video Gateway that are used to setup video calls between 3rd party video teleconferencing systems (VTCs) connected to the Video Gateway and Skype conferences or Skype endpoints.
- Get-CsVideoTrunkConfiguration – retrieve Video Trunk configuration settings. Video trunk settings define the Session Initiation Protocol (SIP) trunk between the Video Interoperability Server (VIS) and a Video Gateway.
- Import-CsCompanyPhoneNormalizationRules – import custom phone normalization rules defined in Company_Phone_Number_Normalization_Rules.txt used in previous server versions into Skype for Business Server 2015 environments.
- Invoke-CsComputerFailBack – flag a server as available for load balancing in a Skype for Business Server 2015 pool. To successfully run this cmdlet you need to run it using an account that has administrator privileges on each server in the source and target pools.
- Invoke-CsComputerFailOver – force a computer in a Skype for Business Server 2015 pool to failover to other servers within the pool. To successfully run this cmdlet you need to run it using an account that has administrator privileges on each server in the source and target pools.
- New-CsStorageServiceConfiguration – Creates new instances of the Skype for Business Server 2015 Storage Service. The storage service provides a common infrastructure that enables Skype for Business Server 2015 components to use Exchange as a backend data store.
- Reset-CsRoutingGroup – Enables administrators to reset a Windows fabric routing group that is not working correctly
- Set-CsVideoGateway – modify the property values of one or more Video Gateways. Video Gateways route traffic between internal and 3rd party video devices such as an internal Skype endpoint exchanging video with a 3rd party PBX supporting 3rd party video teleconferencing systems (VTCs).
- Set-CsVideoInteropServer – modify the property values of one or more Video Interop Servers (VIS). The Video Interop Server is a Skype service that is used to communicate with a Video Gateway via a Session Initiation Protocol (SIP) trunk.
- Start-CsPool – start a Skype for Business Server pool. A pool is a set of servers, configured identically, that work together to provide services for a common group of users.
- Test-CsManagementServer – Verifies that the Central Management service is working correctly. The Central Management service is responsible for replicating data between the Central Management store and computers running Skype for Business Server.
- Test-CsP2PVideoInteropServerSipTrunkAV – test the ability of a video gateway to conduct a peer-to-peer audio/video (A/V) call to a Skype for Business user via a Video Interop Server (VIS) pool.
Lync Server 2013 Standard to Skype for Business Server 2015 Standard In-place upgrade (Offline Method)
Microsoft released today the new version of Skype for Business Server 2015 to MSDN and I’ve decided to use my Azure Virtual lab to upgrade my STD server.
There are two methods for upgrade Lync Server 2013 to Skype for Business Server 2015:
- The Move User method, which requires no downtime for users (Swing upgrade)
- The Offline method, which requires downtime
In this post I’ll cover the Offline method.
General Upgrader Order:
More information can be found here: Plan to upgrade to Skype for Business Server 2015
- Upgrade the topology from the inside to the outside.
- Upgrade all your pools first
- Upgrade the edge servers
- Upgrade the Central Management Store (CMS) pool.
- If you use Kerberos authentication for Web Services, you must reassign Kerberos accounts and reset the password after the In-Place Upgrade is complete
Upgrade Steps – High Level:
The detailed steps can be found here: Upgrade to Skype for Business Server 2015
- Step 1: Install Administrator tools and download topology
- Step 2: Upgrade and publish topology using Topology Builder
- Step 3: Wait for replication
- Step 4: Stop all services in pool to be upgraded
- Step 5: Upgrade Front End pools and non-Front End pool servers
- Step 6: Restart services on all upgraded servers
- Step 7: Verify Skype for Business functionality works
In-Place Upgrade Prerequisites:
The list of all prerequisites is mentioned here: Install prerequisites
- Make sure the entire Lync environment is installed with CU5
- The local SQL Express on the Front-End must have at least SP1 installed (can be upgrades by using Windows Updates as well)
- KB2982006 for IIS Crash Issues is required for Server 2012 R2
- Be sure to uninstall LRS Admin tool for Lync Server 2013 before running In-Place Upgrade.
The LRS Admin Tool for Lync Server 2013 cannot coexist with Skype for Business Server 2015
- If you have paired pools, do not unpair them before the upgrade.
Step by step Upgrade:
1. Connect to a computer which is part of the domain but does not have any Lync core components or admin tools installed on it.
2. Download the Skype for Business ISO file from the MSDN: en_skype_for_business_server_2015_x64_dvd_6622058.iso
3. Mount the ISO file and launch the setup.exe from: Setup\amd64 folder:
4. On the Setup screen, choose “Connect to the internet to check for updates” in order to install the latest cumulative updates of SfB Server 2015.
this is a useful changes for future deployment which can save a lot of time installing the CU updates.
5. On the End User License Agreement screen, select the “I accept the terms in the license agreement” and choose OK.
6. Now SfB setup will connect to the internet and download the latest updates
7. Once the updates is done, a notification will appear on Screen, choose Next
8. On the Deployment Wizard, click Install Administrator tools, and follow the steps to install
9. From the Windows Start screen, open Skype for Business Server Topology Builder, Click Download topology from existing deployment, and click Next.
10. Right click on your STD pool and choose Upgrade to Skype for Business Server 2015:
11. On the Upgrade to Skype for Business Server 2015 Choose YES, the outcome should be that the server has been moved to the Skype for Business Server Container
12. Publish the topology and wait for replication to end.
13. Now we need to stop all services on the actual Lync server we are going to upgrade. in order to so we need to run the following command:
14. After disabling the services, we need to run the Skype for Business server setup from the ISO file we’ve downloaded.
15. Once initiated, A prerequisites setup will launch and will determine if the current environment is ready for SfB upgrade or not.
Please remember that if you performing that on Enterprise pool, you have to go through each of the server before starting the services again.
16. Once setup is complete, we’ve left with starting Services on the server by running the following command:
17. Once the services are up and running, we need to make sure the upgrade was successful, for the pool that was upgraded. Run some tests to make sure the functionality is working as expected.
18. Congrats, you’ve now successfully upgrade your Lync Server 2013 to Skype for Business Server 2015
- KB 3051949 May 2015 Cumulative Update 5.0.8308.887 for Lync Server 2013 (Front End Server and Edge Server)
- KB 3051956 May 2015 Cumulative Update 5.0.8308.887 for Lync Server 2013 Unified Communications Managed API 4.0 Runtime
- KB 3051953 May 2015 Cumulative Update 5.0.8308.887 for Lync Server 2013 web components server
- KB 3051951 May 2015 Cumulative Update 5.0.8308.887 for Lync Server 2013 core components
- KB 3051955 May 2015 Cumulative Update 5.0.8308.887 for Lync Server 2013 Conferencing Attendant
- KB 3051950 May 2015 Cumulative Update 5.0.8308.887 for a Lync Server 2013 Web Conferencing server
- KB 3051957 May 2015 Cumulative Update 5.0.8308.887 for the Lync Server 2013 Response Group service
- Lync Server 2013 URL filter policy does not filter hyperlinks that do not contain the “http://” prefix in a Lync client
- Lync Mobile Client call is dropped immediately when you dial 0 for an operator
- Lost data when Lync Server 2013 directories move to Skype for Business
- Incorrect notification “You’ve left the call” appears in a meeting in Lync Web App in a Lync Server 2013 environment
- Audio modality icon status is not updated after you join a Lync audio meeting in Lync Server 2013-based Lync Web App
- Meeting fails when you escalate a peer-to-peer instant message conversation to it in a Lync Server 2013 environment
- Lync Server 2013 Web Conferencing service cannot input or output data in a Lync file share
- Event 41027 is logged when the Lync Server 2013 Web Conferencing service creates the “Meeting.Active” file
- You cannot see some Lync Server 2013 response groups that you are a member of on the agent sign-in page in Lync client
Microsoft release a new version of Key Health Indicators for Lync Server 2013 and Skype for Business Server 2015
Microsoft releases today an updated version of the Key Health Indicators for Lync Server 2013 and Skype for Business Server 2015.
Key Health Indicators (KHI) are Performance Counters with recommended thresholds aimed at revealing problems that can impact the user experience.
The resources in this download contain the KHI Guide, which outlines the operational process and remediation steps. A sample PowerShell script used to configure KHI Data Collectors. Lastly, the Analysis and Definitions Workbook which can analyze KHI performance data.
This new version, contains a long waited list of new features, especially around analyzing the gathered data at once and be able to produce a valuable report with indicate on potential problems, so instead of analyzing a file at a time, or using 3rd party script, now a folder with all the CSV file can be analyzed at once:
Another major change in the new version of the KHI is regarding how the KHI is being analyzed reported:
A ring structure outlining the priority of the KHIs. While all the KHIs are important, we’ve grouped them into logical groupings of which ones stand to have the biggest impact.
- Ring 0 is comprised of all System KHIs (e.g. CPU, Disk, Memory and Network). When KHIs in this ring are beyond threshold, there is high likelihood that KHIs in Ring 1 and Ring 2 are beyond threshold. Therefore, when developing a remediation plan, focus on Ring 0 before taking other actions to resolve KHIs in other rings.
- Ring 1 mostly contains request queue latencies, SIP problem indicators and network response queues. There are typically other KHIs in Ring 0 contributing to these issues.
- Ring 2 is all remaining KHIs.
The results can be viewed on different level, and also allow you to filter through the counters which are below optimal range or at optimal range:
And the most important part, is the troubleshooting part in which Microsoft provide a great amount of details on every counter being gathered with detailed explanations on how to troubleshooting and recommendations, as well as the impact of that counters and its result on the environment: