Lync 2013 / SfB 2015 Client Security Update – September 2017

It’s been a month since our last update to the Office 2013-based Lync/SfB client took us to 15.0.4953.1000. Today, a security update takes us to 15.0.4963.1000.

Kb 4011107: This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-8676, Microsoft Common Vulnerabilities and Exposures CVE-2017-8695, and Microsoft Common Vulnerabilities and Exposures CVE-2017-8696.

What’s Fixed

Two other items are addressed in this update:

  • Kb 4039811 Doesn’t display a dialog box to join a meeting through a web browser if Skype for Business 2015 sign-in fails
  • Translate some terms in multiple languages to make sure that the meaning is accurate.

What’s New / Changed

Nothing documented.

Continue reading ‘Lync 2013 / SfB 2015 Client Security Update – September 2017’ »

SfB Server 2016 Edge CLS not listening

It’s possible my new Edge is jinxed. First I couldn’t RDP to it, and now I’ve installed SfB, CLS Logging isn’t working.

It might have something to do with the fact that Windows Updates put .NET 4.7 on it before I’d even had a chance to run Pat’s script to block it.

The quick way to check for it in Server 2016 is to look for the KB:

PS C:\Users\Administrator> get-hotfix Kb3186568

Anyway, despite having excised that, CLS logging wasn’t working. The service would start and appear to run fine, with no errors in the event log, but it wasn’t listening on the usual ports, and of course that was resulting in errors when I tried to start logging from the Front-End:

PS C:\Users\greig> Show-CsClsLogging -Computers sfb2015edge2.blah.local
WARNING: Failed on 1 agents
Agent - sfb2015edge2.blah.local, Reason - Error code - 20000, Message - Unknown error - Error calling agent sfb2015edge2.blah.local; Could not connect to net.tcp://sfb2015edge2.blah.local:50002/. The connection attempt lasted for a time span of 00:00:20.9811488. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.19.89:50002. . Please refer CLS logs for details.      PoolFqdn: sfb2015edge2.blah.local
MachineFqdn                  ResponseMessage                AlwaysOn ScenarioName     Remaining ProductVersion
                                                                                       Mins
-----------                  ---------------                -------- ------------     --------- --------------
sfb2015edge2.blah.local  Error code - 20000, Message -                                0         6.0.9319.0
                              Unknown error - Error calling
                              agent
                              sfb2015edge2.blah.local;
                              Could not connect to net.tcp:/
                              /sfb2015edge2.blah.local:5
                              0002/. The connection attempt
                              lasted for a time span of
                              00:00:20.9811488. TCP error
                              code 10060: A connection
                              attempt failed because the
                              connected party did not
                              properly respond after a
                              period of time, or
                              established connection failed
                              because connected host has
                              failed to respond
                              192.168.19.89:50002. . Please
                              refer CLS logs for details. PS C:\Users\greig>

Continue reading ‘SfB Server 2016 Edge CLS not listening’ »

Unable to RDP to new Server 2016 machine

I created a new SfB “Site” in the greiginsydney Lab during the week for some DR testing. For this I built two new servers, both running Server 2016. One was to be a Front-End, with the other an Edge.

The Front-End joined the domain OK and was easily managed from my desktop, but the Edge just wouldn’t play. Try as I might I wasn’t able to RDP to it. Networking was fine – they could see each other, with pings succeeding in both directions. I disabled the Windows Firewall on both: still no dice. I even toggled the Remote Management settings on the Edge, and rebooted for good measure. Nup.

I tried the modern-day equivalent of a Telnet connection:

PS W:\> Test-NetConnection sfb2015edge2.blah.local -Port 3389 -InformationLevel Quiet
WARNING: TCP connect to (192.168.19.89 : 3389) failed
False
PS W:\>

Not even tinkering with the NetConnectionProfile would coerce it to accept my RDP connection.

I was on the verge of blowing it away and restarting when I tried a variation on that theme. I blew the NICs away with this:

netcfg –d

… then rebooted, where-upon the NICs returned and I was able to reinstate the same networking settings from before – except this time all was a source of joy.

I don’t know if this is going to be a reproducible problem, but if you encounter the same with a new VM, consider the above before you “scorch” it and start again.

 

 

– G.

Calls to SfB RGS drop instantly – FE logs event 31140

If you’ve ever created a Lync or Skype for Business Response Group Workflow using PowerShell you really appreciate how quick and easy it is to do from the Response Group browser interface, the “Response Group Configuration Tool”.

Unfortunately sometimes the PowerShell path is unavoidable: if you have more than 4 options in an IVR menu, need to burrow more than 2 levels deep or want to add no-response actions or “please hold while we transfer you” messages, those can only be done through PowerShell.

And so it was that I found myself struggling with *several* brand new Hunt Groups and IVRs that all hung up on me straight after I called them, or dropped to music, skipping the greeting altogether. The only common pattern here was that the faulty ones all used a WAV file as a greeting, whilst those with a Text-To-Speech (TTS) greeting were fine.

Here’s an example of creating one of my broken ones. It’s a faithful reproduction of all of the P$ tips you’ll find online, so I was struggling to understand the problem:

$serviceID = "service:ApplicationServer:mySfBFE.blah.local"
$GreetingAudioFile = Import-CsRgsAudioFile -Identity $ServiceId -FileName "TestRgsGreeting.wav" -Content (Get-Content "C:\TestRgsGreeting.wav" -Encoding byte -ReadCount 0)
$PromptWM = New-CsRgsPrompt -AudioFilePrompt $GreetingAudioFile 
$Queue = get-csrgsQueue $serviceID -Name "TestSfB-Queue"
$DefaultActionWM = New-CsRgsCallAction -Prompt $PromptWM -Action TransferToQueue -QueueID $Queue.Identity
     
$Workflow = New-CsRgsWorkflow -Parent $ServiceId -Active $true -Anonymous $false -Language "en-AU" -EnabledForFederation $false `
-Name "Broken SfB Workflow" `
-Description "Broken SfB Workflow" `
-PrimaryUri "sip:BrokenSfBWorkflow@blah.net" `
-DefaultAction $DefaultActionWM
Set-CsRgsWorkflow -instance $workflow

Continue reading ‘Calls to SfB RGS drop instantly – FE logs event 31140’ »

Review: Yealink SIP DECT W56H

We were recently challenged by a customer to provide an economical cordless handset solution for their Skype for Business deployment. This same solution was required at each of their many small sites, so the economies of scale of a larger certified WiFi solution couldn’t be realised. There was no requirement for roaming as each of the sites is essentially autonomous, and this started us looking to stand-alone DECT solutions.

For the endpoint devices we chose the Yealink SIP DECT “W56P” base-station and DECT handset package. This pairing currently has a retail price of just over AUD200, so it ticked that box for the customer as well.

IMG_1557 IMG_1590

Continue reading ‘Review: Yealink SIP DECT W56H’ »

VVX can’t call SfB Unassigned Numbers

As any half-decent taxidermist will tell you, there’s more than one way to skin a cat.

And so it is with Skype for Business. The clever bit is determining the best method to use when faced with a given challenge. Occasionally you’ll encounter a complicated job-sharing or multiple-hop call distribution scenario that doesn’t fit the basic user config parameters of Team Calling or Delegates. We usually tend to reach into the “kit”-bag (do you like what I did there?) and whip out a quick Response Group if we need a basic IVR, some time-of-day automation, or the sorts of call distribution and overflow that the RGS can deliver.

Another neat solution is to create a “dummy” user in AD and have it permanently “Team Calling” perhaps two users sharing the same role. During the day the calls go to which-ever of the two is signed in, and after hours or any time neither is in, the calls automatically route to the shared voicemail box.

If someone leaves and you want to “piggyback” their number on yours, a simple called number transformation rule in your SBC will usually suffice.
Continue reading ‘VVX can’t call SfB Unassigned Numbers’ »

Default Sonus SBC cause codes “protect” against re-routing

I’ve long been a fan of the “Easy Config Wizard” in Sonus’ SBC 1k, 2k and now SWe Lite devices. With very few exceptions, all of my SBCs are deployed from scratch using it.

If you’re not familiar with it, it presents you with a few basic questions and when you click Finish it sets up a mostly working SBC for you, with SIP Server tables, Signaling Groups & some basic transformation tables. Just add some certs (and credentials if your SIP carrier wants them) and you’re online between Lync or SfB & your carrier in no time:

EasyConfigWizard

Continue reading ‘Default Sonus SBC cause codes “protect” against re-routing’ »

Lync 2013 / SfB 2015 Client Update – August 2017

It’s been 3 weeks since our last update to the Office 2013-based Lync/SfB client. Today we go from 15.0.4945.1000 to 15.0.4953.1000, aka Kb 4011046.

What’s Fixed

A handful of items are addressed in this update:

  • Kb 4035431 “Call forwarding settings failed” dialog occurs after you sign out Skype for Business 2015 (Lync 2013) if RCC is enabled
  • Kb 4035430 Switch between “Compact View” and “Content View” does not work in Skype for Business 2015 (Lync 2013)
  • Kb 4035429 Improves join launcher when you join a Skype meeting through a meeting link in Skype for Business 2015 (Lync 2013)
  • Kb 4035428 Updates factory image version number for Lync Room System devices in Skype for Business 2015 (Lync 2013)
  • Kb 4035427 Security issues when trying to connect to the “skypeforbusiness.us” domain in Skype for Business 2015 (Lync 2013)
  • Kb 4035426 Unread messages in persistent chat rooms are marked as read when you click IM conversation tabs in Skype for Business 2015 (Lync 2013)
  • Kb 4035425 “MAPI unavailable” error for MAPI connection in Skype for Business 2015 (Lync 2013)
  • Kb 4035424 Several seconds delay on an incoming instant message toast in Skype for Business 2015 (Lync 2013)
  • What’s New / Changed

    Nothing documented.

    Known Issues

    Nothing documented.

    Continue reading ‘Lync 2013 / SfB 2015 Client Update – August 2017’ »

    Lync 2013 Server Update – July 2017

    This July update takes the server to 5.0.8308.992 from March’s 5.0.8308.987. This time ’round 6 components receive an update – and its mysteries have me VERY curious…

    What’s Fixed?

    • Kb 4034279 Enables the “Move-CsMeetingRoom” cmdlet to move a meeting room from on-premises to Online in Lync Server 2013
    • Kb 4023333 Peer to peer application sharing is available in Skype for Business on Mac in a Lync Server 2013 environment
    • Kb 4023332 Delegate can pick up Peer to Peer call on behalf of delegator now in a Lync server 2013 environment
    • Kb 4023331 Improves Contact Management in Skype for Business on Mac in a Lync server 2013 environment
    • Kb 4023330 Enables you to manage delegates and set up simultaneous ring feature in a Lync Server 2013 environment
    • Kb 4023329 Enables you to subscribe presence for contacts in contact lists in Lync Server 2013
    • Kb 4023328 Introduces new Application Programming Interface (API) to manage contacts and groups on Mac in Lync server 2013
    • Kb 4023327 Adds “CsHybridApplicationEndpoint” cmdlets to manage cloud voice or bot applications in Lync Server 2013
    • Kb 4023326 PSTN call is dropped when it’s put on hold by a PSTN callee in Lync Server 2013
    • Kb 4023323 Event ID 20003 is logged and UCWA may crash in Lync Server 2013
    • Kb 4023322 Event ID 53106 “Unable to save message” is logged in Lync Server 2013 Persistent Chat Compliance Server
    • Kb 4023320 “Your chatroom access may be limited due to an outage” error when you add or remove users in Lync Server 2013
    • Kb 4023319 Incorrect caller ID is sent when admin makes an outgoing call on behalf of a manager in Lync Server 2013

    What’s New?

    There are a few bits of interest here. Firstly, one new P$ commandlet and the expected verb variations:

    • Get-CsHybridApplicationEndpoint
    • New-CsHybridApplicationEndpoint
    • Remove-CsHybridApplicationEndpoint
    • Set-CsHybridApplicationEndpoint

    (We saw these appear in SfB CU5 back in May so it’s no great surprise to see them back-ported to Lync now).

    This one particularly took my fancy so I thought I’d experiment some more:

    Kb 4023332 Delegate can pick up Peer to Peer call on behalf of delegator now in a Lync server 2013 environment

    Unfortunately my tinkering here amounted to nought, so I’ve polled my MS contacts and MVP peers to see if anyone knows what’s going on. Stay tuned…

    Continue reading ‘Lync 2013 Server Update – July 2017’ »

    Lync 2013 / SfB 2015 Client Update – July 2017

    It’s been 3 weeks since our last update to the Office 2013-based Lync/SfB client. Today we go from 15.0.4933.1000 to … 15.0.4933.1000 – although the article (kb3213574) and other evidence – see below – confirms it’s 15.0.4945.1000.

    What’s Fixed

    This one contains a solo update:

    Kb 4032344 Low Internet Explorer performance when Skype for Business 2015 add-in for Internet Explorer (OCHelper.dll) is enabled.

    What’s New / Changed

    Nothing documented.

    Known Issues

    You might think this update hasn’t worked, but it’s just not playing by the usual rules.

    Help / About doesn’t show it and it’s not revealing itself to Get-CsConnections either.

    It is however all good – it’s just only updated the Browser Helper Add-on – and you’ll find it in IE / Settings / Manage add-ons. (See below).

    Continue reading ‘Lync 2013 / SfB 2015 Client Update – July 2017’ »