Lync Client – Presence unknown

In my lab environment I noticed that my Lync (2010) client does not show the availability for all contacts. In this screenshot I can see the status of my personal Lync account (running on my laptop) and the status of my wife’s account (running on a Polycom CX600). My work account however keeps whining about “Presence unknown”.

image

Federation traffic goes through the Lync Edge servers. When looking at the eventlog of the Lync Edge servers in my test environment (Lync 2013 with Lync Hosting Pack v2 – running on Windows Server 2008 R2) I can see the following entry:

Log Name: Lync Server

Source: LS Protocol Stack

Date: 3-9-2013 9:10:55

Event ID: 14428

Task Category: (1001)

Level: Error

Keywords: Classic

User: N/A

Computer: LYNC-EXT01.contoso.com

Description:

TLS outgoing connection failures.

Over the past 21 minutes, Lync Server has experienced TLS outgoing connection failures 3 time(s). The error code of the last failure is 0x80090325 (The certificate chain was issued by an authority that is not trusted.) while trying to connect to the server "sip.amsio.com" at address [109.109.115.147:5061], and the display name in the peer certificate is "Unavailable".

Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to reach the peer server. Target principal name is incorrect means that the peer certificate does not contain the name that the local server used to connect. Certificate root not trusted error means that the peer certificate was issued by a remote CA that is not trusted by the local machine.

Resolution:

Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check that all addresses returned by DNS refer to a server in the same pool. For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local machine.

Note. These error messages are logged on both Lync 2013 Edge servers.

The most important part of the entry is the “The certificate chain was issued by an authority that is not trusted” message. The Lync 2013 Edge servers at my office use Comodo certificates, and the Comodo Trusted Root certificate and Intermediate certificate are not installed in the Certificate store of the local Windows Server in my test environment where the Lync 2013 Edge servers are installed.

The solution is to manually add the Comodo Root and Intermediate certificate on the Lync Edge server. The Lync Edge server of the federated partner will now be trusted (since the chain is complete and correct) and federation will work.

image

Why are the other federated accounts working? In my personal Lync environment I’m using Digicert certificates, and the Root and Intermediate certificates are installed by default on the Windows server. The SSL chain is correct and therefore federation works fine.

The Comodo Root and Intermediate certificates can be downloaded from the Comodo Support pages.

Installing MS13-061 breaks CI on Exchange Server 2013

Preliminary information and subject to change! Will update when more information becomes available.

When installing MS13-061 on Exchange Server 2013 CU1 or CU2 issues with the Content Indexing (can) occur. Content Indexing for Mailbox Databases are in a failed state and the existing “Microsoft Exchange Search Host Controller” seems to be missing. Instead there’s a new service called “Host Controller Services for Exchange” on the box.

Right now it looks like it doesn’t affect Exchange Server 2007 or Exchange Server 2010.

There’s a workaround to get this fixed:

Open the Registry Editor and navigate to the following path:

“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Search Foundation for Exchange”

Go to the DataDirectory string and give it the following value:

C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data

image

Note. If your Exchange binaries are in a different directory use change the path accordingly.

In the registry navigate to the following location:

“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HostControllerService”

Change the value of “DisplayName” to “Microsoft Exchange Search Host Controller”

Add a new Multi-String Value named “DependOnService” and specify “http” in Value data.

image

The display name will only be changed after a reboot of the server, but the services can be started at this point.

Unable to delete Lync 2010 Front End Pool after migrating to Lync 2013

After a (successful) migration from Lync 2010 to Lync 2013 I wanted to decommission the old Lync 2010 servers. In my previous blog post I already explained why the CMS didn’t want to move, but the next issue was challenging as well.

Before removing the last Lync front-end server you have to remove all Lync 2010 objects from this front-end server. Well known issue for example is the conference directory that for some reason always stays at the front-end server.

Continue reading Unable to delete Lync 2010 Front End Pool after migrating to Lync 2013

ISE, Remote PowerShell and Exchange 2013

Last TechEd in Madrid I got an interesting question about Exchange 2013 supportability in the PowerShell ISE (Integrated Scripting Environment). This gentleman was using the Remote PowerShell functionality in ISE and was wondering if this was a supported solution.

It took some time to get a confirmation, but these are the supported scenarios:

  • Exchange Management Shell (which is running Remote PowerShell) – supported
  • Regular PowerShell connecting to Exchange via Remote PowerShell – supported
  • Powershell ISE connecting to Exchange via Remote PowerShell – supported

Regular PowerShell or PowerShell ISE simply loading Exchange snapins is not supported unless Technet specifically calls out that you must run local PowerShell for a specific cmdlet.

Remote PowerShell can be activated like this:

$Session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri http://ams-exch01.contoso.com/PowerShell -Authentication Kerberos
Import-PSSession $Session

This can be done in a normal PowerShell window or in the ISE:

image

A Microsoft knowledgebase article was released recently regarding an issue with Remote Powershell, ISE and Exchange Server 2010 SP3:

http://support.microsoft.com/kb/2859999 – Some cmdlets fail in PowerShell ISE after an upgrade to Exchange Server 2010 SP3

Microsoft UC Specialist