If you click the Sonus category here you’ll quickly notice that I’ve written about the Sonus/Ribbon REST interface on and off for years now, as it’s such a handy way of peeking and poking into the SBC without interacting with the browser.

And so it came to pass last week that when presented with a challenge, I’ve again resorted to REST and PowerShell to deliver the fix.

The challenge – refresh the AD Cache

My customer is planning on migrating a couple of thousand users to Skype for Business quite gradually, and for that we’ve proposed the fairly standard upstream model, with the SBC doing AD lookups to determine if a user is enabled for SfB and thus decide where to send the call. If you’re not familiar with it I drew a picture and added an explanation at the top of this post back in 2014.

The catch is that the SBC’s minimum refresh period is an hour, and the customer doesn’t want to be potentially waiting that long for it to kick in after a user’s been migrated. They’re also big users of automation, and so logging into the SBC to clear the cache by hand isn’t really an option.

The fix

Thankfully Sonus added the option to clear the cache to their REST interface, and it didn’t take me a lot of effort to “save-as” a script I’m working on (more on that soon) to come up with “Update-RibbonADCache.ps1”.

Continue reading ‘Update-RibbonADCache.ps1’ »

Lync 2013 / SfB 2015 Client Update – July 2018

Having recently hopped to the identity-challenged 15.0.5041.1000, this month we jump to the more self-assured 15.0.5049.1000 courtesy of Kb4022225.

What’s Fixed

  • Kb 4340831 Unread messages of a reopened chat room are indicated incorrectly when restarting Skype for Business 2015 (Lync 2013)
  • Kb 4340830 Rate My Call privacy statement incorrectly redirects to Lync 2010 privacy statement
  • Kb 4340829 You’re prompted for Exchange credentials after switching network in a Skype for Business hybrid environment

What’s New / Changed

Nothing documented.

Known Issues

Nothing documented.

Continue reading ‘Lync 2013 / SfB 2015 Client Update – July 2018’ »

Recover Ribbon SBC AD Password

The Sonus/Ribbon Enterprise family of SBCs has a great feature where it can use your Active Directory as both a means to authenticate logins, and also to dynamically make changes to your call routing.

It does this by using a service account to authenticate to AD and query the relevant attributes or group membership, depending on which of the above features is involved.

Whilst the password to this account is saved in the backup files and encrypted, I recently found that if you possess a REST login for the SBC you can use that to recover the password.

Continue reading ‘Recover Ribbon SBC AD Password’ »

Lync 2013 Server Update – July 2018

A full year between updates, this July update – to be Lync’s last – takes the server to 5.0.8308.1001 from last July’s 5.0.8308.992. This time ’round 7 components receive an update.

What’s Fixed?

  • Kb 4090984 Can’t receive notification email when a team-call group member answers your work calls
  • Kb 4090977 Loss of static meetings in Microsoft Lync Server 2013
  • Kb 4339732 Add a header to HTTP response over SIP TLS channel for HSTS compliance in Lync Server 2013
  • Kb 4090981 A deadlock was found in RtcSrv.exe that can cause Lync Server 2013 Front-end servers to stop listening for requests
  • Kb 4343061 Event ID 1000 (0xc0000005) and the RtcSrv.exe of the SBA/SBS crashes after the startup in the Lync Server 2013
  • Kb 4102001 Event ID 32002 and 32007 when RGS crashes with the “System.Reflection.TargetInvocationException” exception during announcement
  • Kb 4339731 Support viewing scheduled meetings in Skype for Business on Mac when AllowExchangeConnectivity is set to false
  • Kb 4339730 UCWA encounters an unhandled exception “System.ArgumentNullException” in Lync Server 2013
  • Kb 4090979 Can’t share desktop in a meeting in Lync Server 2013
  • Kb 4090980 Fix the startup to initialize McuInfra components only after ASMCU is completely ready to take new requests in Lync Server 2013

Continue reading ‘Lync 2013 Server Update – July 2018’ »

Calls to O365UM bounce back – the call leg was cancelled

My Brisbane-based colleague Glen recently reported an interesting problem he’d encountered with calls to O365 UM going unanswered, and in some cases bouncing back to the Attendant.

In the FE he was seeing these diagnostic messages:

ms-diagnostics : 10049;source="LYNCFE01.contoso.com";reason="The current signaling session took too long to establish the connection, so the call leg was canceled.";component="MediationServer"

He also noticed a pattern: all the calls that failed were being routed to a server(s) in Hong Kong (e.g. HK20C00EDG02.LYNC0C001.LOCAL), where those that succeeded were going elsewhere.

He logged it with O365 Support and they were promptly able to resolve the issue, although they didn’t reveal the root cause.

– G.

Lync 2013 / SfB 2015 Client Update – June 2018

Our May client update took us to 15.0.5031.1000, and now Kb4022170 increments us to 15.0.5041.1000 – but there’s a trick to this one: see “Before/After”.

What’s Fixed

We have just one update this month, but it’s a doozie and surely a Godsend for some of you:

  • Kb4294971 Skype for Business 2016 or Skype for Business 2015 (Lync 2013) crashes in a Citrix-based VDI environment

What’s New / Changed

Nothing documented.

Known Issues

Nothing documented.

Continue reading ‘Lync 2013 / SfB 2015 Client Update – June 2018’ »

Bypass CredSSP to regain RDP access

In my line of work RDP is an essential tool. Take it away and you might as well have cut off one of my arms.

And so it was this morning where after my Windows 10 machine (running the latest 1803 build) applied updates overnight, all my attempts at RDP-ing to systems presented me with this:


An authentication error has occurred.
The function requested is not supported
Remote computer: blah.contoso.com
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660

You can read more about it here:

Continue reading ‘Bypass CredSSP to regain RDP access’ »

Auto-shutdown an unused SBA

I’m encountering a growing number of customers upgrading and centralising their Skype for Business infrastructure, and as part of that they’re decommissioning their Survivable Branch Appliances.

At some stage I’ll be asked how they can turn off the SBA, which in the case of the Sonus/Ribbon SBAs is running on a daughter-board inside the appliance (known as the Application Solutions Module or “ASM”). It’s possible to start and stop the SBA from the SBC’s admin interface, but not to turn it off “for good”. Having shut it down, the next time the appliance is power-cycled the daughter-board will spring back to life.

There’s always the option to crack open the box and fish the ASM out, but you’re heading into murky unsupported territory – and you might not want the outage or the pain of wrangling a heavy SBC2k out of its spaghetti mess in the rack and back in again.

PowerShell to the rescue!

Here’s a quick and simple chunk of PowerShell to create a Scheduled Task that automatically shuts the machine down 5 minutes after it powers up. The 5 minutes gives you a chance to login and issue the “shutdown /a” command to cancel said shutdown and disable the Task should you actually wish to use the machine for something.

Continue reading ‘Auto-shutdown an unused SBA’ »


Hands up if you’ve tried to compare 2 objects of some type to see what – if any – differences there are between them?

I tried and gave up. PowerShell’s native “Compare-Object” isn’t very helpful. It will tell you IF there’s a difference, but it’s not particularly forthcoming.

Borne of that experience comes “Compare-Objects.ps1”. You might see some similarities here with two of my other scripts (Compare-PkiCertificates & Update-SfbCertificate.ps1) as the comparison engine is essentially the same between them.

Feed this script the “type” of the object and the names of two of them, and it will present a tabular comparison, highlighting all those attributes that differ.

All of these formats are valid input examples:

Compare-Objects.ps1 –type csuser –object1 “greig” –object2 “jessica”
Compare-Objects.ps1 –type csuser –object1 greig –object2 jessica
Compare-Objects.ps1 get-csuser greig jessica

Armed with the above input the script performs two “get-” commands to query the objects, then feeds the results into the differencing engine. The “get-” is implied in the command-line input, and the script will cope fine if you absent-mindedly include it, like in the last example above.

If you’ve already captured the objects, you can feed them to the script and it will compare them directly, skipping the “get” step:

Compare-Objects.ps1 –type $null –object1 $greig –object2 $jessica
Compare-Objects.ps1 $null $greig $jessica

For more information add the “-verbose” switch, and if you don’t want it querying my blog in search of an update, use “-SkipUpdateCheck”.
Continue reading ‘Compare-Objects.ps1’ »

Lync 2013 / SfB 2015 Client Update – May 2018

Last month’s client update took us to 15.0.5023.1000, and now Kb4018377 increments us to 15.0.5031.1000.

What’s Fixed

Just the one update this month:

  • Kb4133098 Location is still displayed even if UseLocationForE911Only is set to true in Skype for Business

What’s New / Changed

Nothing documented.

Known Issues

Nothing documented.

Continue reading ‘Lync 2013 / SfB 2015 Client Update – May 2018’ »