Server 2016 – Unable to set Certificate to Issue

I recently hit a brick wall while trying to update a certificate template in my stand-alone Server 2016 Certificate Authority.

My goal was to add the “Client Authentication” policy to the the Web Server template, but whilst I could create the new template without any problems, Windows wouldn’t let me add it to the list of “certificates to issue”.

Copying Templates

The process to copy a certificate template is fairly well documented. The short version is:

  1. Launch the Certificate Authority MMC:
  2. Right-click Certificate Templates and select Manage, which opens the “Certificate Templates Console”.
  3. Right-click on the certificate you want to copy and select Duplicate Template.
  4. Continue reading ‘Server 2016 – Unable to set Certificate to Issue’ »

A home-brew autocue (teleprompter)

My introduction to desktop video came back in the days of OCS 2007 R1.

It quickly occurred to me that this wasn’t going to take off until we had two things: 1) the upload bandwidth to support a decent outgoing video stream; and 2) the ability to look at the incoming video of the person you were speaking with, whilst at the same time staring directly down the lens of the camera.

Thankfully the NBN has delivered on the first component here in Oz, but technology has so far failed to come through on the second, and so most of us participate in video calls with the participants all looking off to the side while you’re talking to them.

I theorised that the fix would be when a screen vendor figured out how to place a camera mid-screen directly behind the glass. I remember saying I’d race out and buy two the day they hit the market (so my two monitors matched).

The hubby has more recently suggested it’ll be delivered via algorithm instead. There will be a camera in the four corners of the screen and digital magic will stitch together a coherent moving image of you with eyes pointing ‘naturally’ at the camera.

I saw on Twitter only yesterday that Microsoft has apparently delivered something similar in the Surface Pro X with a feature they’re calling "Eye Contact".

Roll forward to 2020 though, and with lots of us now working from home and participating in non-stop meetings, I thought it was time to make matters into my own hands.

Continue reading ‘A home-brew autocue (teleprompter)’ »

SfB 2019 Server Security Update – July 2020

Today we see one of a (thankfully) rare occurrence – a security update for Skype for Business Server (both 2015 and 2019). A quick search through my blog history says our last one of those was for SfBS 2015 back in September 2015! (Has it really been that long?)

Otherwise it’s been four months since our last bugfix update, to CU2 HF1 (7.0.2046.216). This is build 7.0.2046.236 and it updated only three components on my Standard Edition Front-End.

What’s Fixed?

At the time of writing this post (July 15th), the main kb article hasn’t been fully updated. Its “Improvements and fixes in the July 2020 update” still lists the content from the March update.

If you drill further into the listed fixes below however, you do find yourself at the same OAuth related security fix as SfBS 2015, as per my previous post today.

Continue reading ‘SfB 2019 Server Security Update – July 2020’ »

SfB 2015 Server Security Update – July 2020

Today we see one of a (thankfully) rare occurrence – a security update for Skype for Business Server (both 2015 and 2019). A quick search through my blog history says our last one of those was in September 2015! (Has it really been that long?)

Otherwise it’s been two months since our last bugfix update. That was 6.0.9319.580.This is build 6.0.9319.591, and it updated only two components on my Standard Edition Front-End.

What’s Fixed?

  • Kb 4564307 Vulnerability exists when Skype for Business Server incorrectly handles OAuth token validation

This security update resolves vulnerabilities that exist when Skype for Business Server incorrectly handles OAuth token validation. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2020-1025:

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.

To exploit this vulnerability, an attacker would need to modify the token.

The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.

What’s New?

Nothing noted. No cmdlets have been added to the SfB module in this update.

Continue reading ‘SfB 2015 Server Security Update – July 2020’ »

New-OoklaSpeedTest.ps1

In my post “Get-WeatherLinkData.ps1” I mentioned we use the free version of Paessler’s PRTG Network Monitor to monitor all we have here. It’s a great little monitoring platform, and we use it to not only keep an eye on the servers and various web-pages we run, but also track and trend our weather.

After suffering poor service from a previous ISP a few years ago, we started running a script utilising H.Merijn Brand’s Perl Speedtest CLI on our PRTG server to keep a track of speeds. It did the job but meant that Perl needed to be installed on the server.

It thus caught our eye when we saw recently that the world standard “speedtest.net” by Ookla has spawned an API.

And thus, New-OoklaSpeedTest.ps1 was born.

Continue reading ‘New-OoklaSpeedTest.ps1’ »

Make Microsoft Teams shortcuts global

I live for keyboard shortcuts.

Microsoft Teams has plenty of useful keyboard shortcuts, but if you’re running a complex meeting and maybe using OBS Studio like I did recently, they’re probably not going to work. Why’s that? They’re not ‘global’ – they’ll only work when the Teams client has the focus.

The fix is relatively simple, disguised as the open-source utility AutoHotkey, or AHK.

Continue reading ‘Make Microsoft Teams shortcuts global’ »

Inject OBS Studio into Microsoft Teams

I recently co-hosted the May “Sydney UC” Meetup with fellow MVP Craig Chiffers. We normally run these at a conferencing centre in the middle of the Sydney CBD, but circumstances dictated this one be held virtually. Naturally it was going to be over Microsoft Teams.

You have two options for a Teams Meeting – a normal “in-tenant” meeting, or a Live Event.

Microsoft Teams Live Events are ideal for larger “town hall” style one-to-many meetings, more like a city council meeting or other “broadcast” event. The event is streamed via an Azure Content Delivery Network (CDN), and as such there’s a lag between your presentation and its reception that prevents real-time interaction with participants.

Sydney UC is a more interactive and collaborative environment, so we opted to run the event in the tenant. This gave our participants the ability to interact more naturally with the presenters, but perhaps at the expense of some control of the Meetup.

My partner Rocky had been experimenting with Open Broadcaster Software (aka OBS Studio) of late, and we thought the Meetup might be a good opportunity to see if we could add some more of a “pro” feel to the Meetup without compromising its intimacy, and address some other issues.

Continue reading ‘Inject OBS Studio into Microsoft Teams’ »

List all SfBS & SfBO policies by type

Here’s a “one-liner” I came up with this week that dumps ALL of the SfB policies in your system ordered by type:

PS C:\> Get-Command -Module SkypeForBusiness Get-Cs*Policy | where-object {$_.Name -ne "Get-CsEffectivePolicy"} | ForEach { invoke-expression $_.name  } | ft @{Label="Policy type"; Expression={($_.getType()).ToString().Split('.')[-1]}}, identity -auto

This is what it looks like here in the GIS lab:


Continue reading ‘List all SfBS & SfBO policies by type’ »

SfB 2015 Server Update – May 2020

It’s been a whole nine months since we saw an update for Skype for Business Server. That was CU10 HF1.

This is build 6.0.9319.580, and it updated seven components on my Standard Edition Front-End.

What’s Fixed?

This cumulative update includes a defense in depth fix and enables Location-Based Routing to support the Skype for Business mobile clients. It also fixes the following issues:

  • Kb 4507230 Support LBR and branch site voice resiliency conflicting requirements in Skype for Business Server 2015
  • Kb 4538703 Increase characters limit for Notification URI in Skype for Business Server 2015 Control Panel and PowerShell
  • Kb 4537395 SQL Server Agent LcsLog purge job fails with error in certain scenarios in Skype for Business Server 2015
  • Kb 4525499 Call forwarding and voice mail not working for LBR users who’re signed out of all clients in Skype for Business Server 2019 and 2015
  • Kb 4537396 IM filter doesn’t work if network path has host server name in Skype for Business Server 2015
  • Kb 4525500 Users who’re not Enterprise Voice enabled can dial out when PreventPSTNTollBypass is true in Skype for Business Server 2015
  • Kb 4538701 Conference call dropped after 28 or 56 minutes joining from Cisco phone in Skype for Business Server 2015
  • Kb 4537394 UCWA unhandled exception – InvalidDataException in Skype for Business Server 2015
  • Kb 4537398 PII data (IM contents of push notification) is shown in Skype for Business Server 2015 UCWA mobile clients
  • Kb 4549672 Update set-cookie response header to use SameSite=none in Skype for Business Server 2015 UCWA
  • Kb 4537397 Wrong time zone in Skype for Business Web Scheduler in Skype for Business Server 2015
  • Kb 4538702 Skype for Business for Mac or iOS clients doesn’t show PSTN callers in the meeting participants list in Skype for Business Server 2015
  • Kb 4538700 PSTN call transfer fails if agent anonymity is enabled in Skype for Business Server 2015
  • Kb 4526182 In-a-meeting and Presenting presence states are available for UCWA clients in Skype for Business Server 2019 and 2015
  • Kb 4538699 Wrong end point shown for a transfer call in Skype for Business Server 2015

What’s New?

Nothing noted. No cmdlets have been added to the SfB module in this update.

Continue reading ‘SfB 2015 Server Update – May 2020’ »

Migrating Gallery.TechNet to GitHub made easier

TL;DR: My “New-ObfuscatedFile.ps1” script uses a find/replace CSV file to make multiple substitutions in a text file in one pass. It can be easily repurposed to turn HTML into MarkDown.

Microsoft’s Gallery.TechNet.microsoft.com site will be sorely missed when it’s closed later in the year.

It’s been a fantastic repository of tools, documents and utilities, and no one place on the Internet will replace it.

As it stands today, the “Lync” category has 469 offerings, and across the entire site a total of 25947 items are there for the unearthing, all designed to make your life easier.

I see my fellow MVPs Luca, Stale and Shane take top billing, with download numbers I can only dream of.

Those guys, like me and many others are now faced with re-homing all this content somewhere else.

For our scripts, that’s GitHub – but how to get everything across?

Continue reading ‘Migrating Gallery.TechNet to GitHub made easier’ »