Recover Ribbon SBC AD Password

The Sonus/Ribbon Enterprise family of SBCs has a great feature where it can use your Active Directory as both a means to authenticate logins, and also to dynamically make changes to your call routing.

It does this by using a service account to authenticate to AD and query the relevant attributes or group membership, depending on which of the above features is involved.

Whilst the password to this account is saved in the backup files and encrypted, I recently found that if you possess a REST login for the SBC you can use that to recover the password.

Continue reading ‘Recover Ribbon SBC AD Password’ »

Lync 2013 Server Update – July 2018

A full year between updates, this July update – to be Lync’s last – takes the server to 5.0.8308.1001 from last July’s 5.0.8308.992. This time ’round 7 components receive an update.

What’s Fixed?

  • Kb 4090984 Can’t receive notification email when a team-call group member answers your work calls
  • Kb 4090977 Loss of static meetings in Microsoft Lync Server 2013
  • Kb 4339732 Add a header to HTTP response over SIP TLS channel for HSTS compliance in Lync Server 2013
  • Kb 4090981 A deadlock was found in RtcSrv.exe that can cause Lync Server 2013 Front-end servers to stop listening for requests
  • Kb 4343061 Event ID 1000 (0xc0000005) and the RtcSrv.exe of the SBA/SBS crashes after the startup in the Lync Server 2013
  • Kb 4102001 Event ID 32002 and 32007 when RGS crashes with the “System.Reflection.TargetInvocationException” exception during announcement
  • Kb 4339731 Support viewing scheduled meetings in Skype for Business on Mac when AllowExchangeConnectivity is set to false
  • Kb 4339730 UCWA encounters an unhandled exception “System.ArgumentNullException” in Lync Server 2013
  • Kb 4090979 Can’t share desktop in a meeting in Lync Server 2013
  • Kb 4090980 Fix the startup to initialize McuInfra components only after ASMCU is completely ready to take new requests in Lync Server 2013

Continue reading ‘Lync 2013 Server Update – July 2018’ »

Calls to O365UM bounce back – the call leg was cancelled

My Brisbane-based colleague Glen recently reported an interesting problem he’d encountered with calls to O365 UM going unanswered, and in some cases bouncing back to the Attendant.

In the FE he was seeing these diagnostic messages:

ms-diagnostics : 10049;source="LYNCFE01.contoso.com";reason="The current signaling session took too long to establish the connection, so the call leg was canceled.";component="MediationServer"

He also noticed a pattern: all the calls that failed were being routed to a server(s) in Hong Kong (e.g. HK20C00EDG02.LYNC0C001.LOCAL), where those that succeeded were going elsewhere.

He logged it with O365 Support and they were promptly able to resolve the issue, although they didn’t reveal the root cause.

– G.

Lync 2013 / SfB 2015 Client Update – June 2018

Our May client update took us to 15.0.5031.1000, and now Kb4022170 increments us to 15.0.5041.1000 – but there’s a trick to this one: see “Before/After”.

What’s Fixed

We have just one update this month, but it’s a doozie and surely a Godsend for some of you:

  • Kb4294971 Skype for Business 2016 or Skype for Business 2015 (Lync 2013) crashes in a Citrix-based VDI environment

What’s New / Changed

Nothing documented.

Known Issues

Nothing documented.

Continue reading ‘Lync 2013 / SfB 2015 Client Update – June 2018’ »

Bypass CredSSP to regain RDP access

In my line of work RDP is an essential tool. Take it away and you might as well have cut off one of my arms.

And so it was this morning where after my Windows 10 machine (running the latest 1803 build) applied updates overnight, all my attempts at RDP-ing to systems presented me with this:

RDP-Blocked

An authentication error has occurred.
The function requested is not supported
Remote computer: blah.contoso.com
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660

You can read more about it here:

Continue reading ‘Bypass CredSSP to regain RDP access’ »

Auto-shutdown an unused SBA

I’m encountering a growing number of customers upgrading and centralising their Skype for Business infrastructure, and as part of that they’re decommissioning their Survivable Branch Appliances.

At some stage I’ll be asked how they can turn off the SBA, which in the case of the Sonus/Ribbon SBAs is running on a daughter-board inside the appliance (known as the Application Solutions Module or “ASM”). It’s possible to start and stop the SBA from the SBC’s admin interface, but not to turn it off “for good”. Having shut it down, the next time the appliance is power-cycled the daughter-board will spring back to life.

There’s always the option to crack open the box and fish the ASM out, but you’re heading into murky unsupported territory – and you might not want the outage or the pain of wrangling a heavy SBC2k out of its spaghetti mess in the rack and back in again.

PowerShell to the rescue!

Here’s a quick and simple chunk of PowerShell to create a Scheduled Task that automatically shuts the machine down 5 minutes after it powers up. The 5 minutes gives you a chance to login and issue the “shutdown /a” command to cancel said shutdown and disable the Task should you actually wish to use the machine for something.

Continue reading ‘Auto-shutdown an unused SBA’ »

Compare-Objects.ps1

Hands up if you’ve tried to compare 2 objects of some type to see what – if any – differences there are between them?

I tried and gave up. PowerShell’s native “Compare-Object” isn’t very helpful. It will tell you IF there’s a difference, but it’s not particularly forthcoming.

Borne of that experience comes “Compare-Objects.ps1”. You might see some similarities here with two of my other scripts (Compare-PkiCertificates & Update-SfbCertificate.ps1) as the comparison engine is essentially the same between them.

Feed this script the “type” of the object and the names of two of them, and it will present a tabular comparison, highlighting all those attributes that differ.

All of these formats are valid input examples:

Compare-Objects.ps1 –type csuser –object1 “greig” –object2 “jessica”
Compare-Objects.ps1 –type csuser –object1 greig –object2 jessica
Compare-Objects.ps1 get-csuser greig jessica

Armed with the above input the script performs two “get-” commands to query the objects, then feeds the results into the differencing engine. The “get-” is implied in the command-line input, and the script will cope fine if you absent-mindedly include it, like in the last example above.

If you’ve already captured the objects, you can feed them to the script and it will compare them directly, skipping the “get” step:

Compare-Objects.ps1 –type $null –object1 $greig –object2 $jessica
Compare-Objects.ps1 $null $greig $jessica

For more information add the “-verbose” switch, and if you don’t want it querying my blog in search of an update, use “-SkipUpdateCheck”.
Continue reading ‘Compare-Objects.ps1’ »

Lync 2013 / SfB 2015 Client Update – May 2018

Last month’s client update took us to 15.0.5023.1000, and now Kb4018377 increments us to 15.0.5031.1000.

What’s Fixed

Just the one update this month:

  • Kb4133098 Location is still displayed even if UseLocationForE911Only is set to true in Skype for Business

What’s New / Changed

Nothing documented.

Known Issues

Nothing documented.

Continue reading ‘Lync 2013 / SfB 2015 Client Update – May 2018’ »

The Mk-III Safety Net for SfB Gateway AD-Lookups

It’s been a long while between visits to the subject of Sonus (now Ribbon) AD-based routing in the SBC1k, 2k & SWe Lite, but my colleague Tristan recently pointed out a new feature that I wasn’t previously aware of.

In my 2012 Mk-II Safety Net I showed how you could do a second AD lookup against an incoming call so as to ensure the transformation table passed regardless of whether their LineURI contained an “ext=” suffix or not.

Now it seems that’s been superseded by the addition of wildcard handling in AD lookups! [Reference]. And so here’s the Mk-III!

The Mk-III AD Lookup

For context, here’s what the Mk-II looked like:

Capture-MkII-TransformationTable-4

Continue reading ‘The Mk-III Safety Net for SfB Gateway AD-Lookups’ »

VX says VVX “Not Acceptable Here”

Protocols and standards. We live and die by them, and while we can’t live without them, sometimes they can be a royal PITA. And so it is apparently, with Polycom’s interpretation of RFC4568 Session Description Protocol (SDP), with which I became all too familiar this week.

I was called in to try and figure out why a customer’s Polycom VVX’s intermittently couldn’t call out to the PSTN. They could place the call seemingly OK, but as soon as the external party answered it dropped.

Incoming calls were fine, and none of their other clients had any outgoing problems: their Office 2013 and Office 2016 PC clients were fine, as were the fading old CX600’s. Making this scenario all the more interesting is that the PSTN Gateways are NET / Sonus “VX 1200” gateways still running flawlessly from their Lync 2010 days – and still supported by the vendor until the end of 2018 BTW!

Media Bypass is enabled in this environment, so the obvious conclusion to draw was that we were dealing some some kind of incompatibility between the new-ish phones and the (ahem) “mature” VX’s.

Continue reading ‘VX says VVX “Not Acceptable Here”’ »