Saturday, April 29, 2017

SfB Hybrid setups: Remember to renew your OAuth certs with Online workloads, after updating your on-prem OAuth cert

Renewed my SfB on-prem OAuth cert and started getting these errors

Log Name:      Lync Server
Source:        LS Storage Service
Event ID:      32050
Storage Service had an OAuth STS request failure.
#CTX#{ctx:{traceId:2107372237, activityId:"db71b116-b4ea-430f-958f-12662b997bd4"}}#CTX#
Recv RST response, failed, sts=https://accounts.accesscontrol.windows.net/092a1ba4-a4fe-4172-970e-7ab3035e7c94/tokens/OAuth/2, resource=00000002-0000-0ff1-ce00-000000000000/autodiscover-s.outlook.com@domain.com, ex=The remote server returned an error: (401) Unauthorized….

You will also notice that the Test-CsExStorageConnectivity command fails (Test-CsExStorageConnectivity -SipUri Test_User@domain.com)


Renew OAuth with new Cert

1.  Export the new OAuth cert from MMC>Certificates on FE using BASE-64 without private key

2. Create a session with SfB online + MSOL 
$msolcred = get-credential admin@domain.com
$session = New-CsOnlineSession -Credential $msolcred -OverrideAdminDomain "domain.onmicrosoft.com"
Import-PSSession $session -AllowClobber_
Connect-MsolService -credential $msolcred

3.  Import and assign cert 
$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate
$certificate.Import("C:\temp\Oauth_2017.cer")
$binaryValue = $certificate.GetRawCertData()
$credentialsValue = [System.Convert]::ToBase64String($binaryValue)

3.  Get current KeyIDs for Certs (enter 0 for ReturnKeyValues)
Get-MsolServicePrincipal -AppPrincipalID 00000004-0000-0ff1-ce00-000000000000  #Lync
Get-MsolServicePrincipal -AppPrincipalID 00000002-0000-0ff1-ce00-000000000000  #Exchange
get-MsolServicePrincipalCredential -AppPrincipalId 00000004-0000-0ff1-ce00-000000000000
get-MsolServicePrincipalCredential -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000

5.  Use the KeyIDs (that you got from above step) to remove current certs
Remove-MsolServicePrincipalCredential -AppPrincipalId 00000004-0000-0ff1-ce00-000000000000 -KeyIds @("00000000-0000-0000-0000-000000000000")
Remove-MsolServicePrincipalCredential -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 -KeyIds @("00000000-0000-0000-0000-000000000001")

6.  Assign new cert
New-MsolServicePrincipalCredential -AppPrincipalId 00000004-0000-0ff1-ce00-000000000000 -Type Asymmetric -Usage Verify -Value $credentialsValue
New-MsolServicePrincipalCredential -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 -Type Asymmetric -Usage Verify -Value $credentialsValue

7.  Make sure your edge servers are replicated (OAuth uses federation via them) 
Get-CsManagementStoreReplicationStatus | ft
Invoke-CsManagementStoreReplication

8.  Verify
Get-MsolServicePrincipal -AppPrincipalID 00000004-0000-0ff1-ce00-000000000000
Get-MsolServicePrincipal -AppPrincipalID 00000002-0000-0ff1-ce00-000000000000

Get-MsolServicePrincipal -AppPrincipalID 00000004-0000-0ff1-ce00-000000000000 | select serviceprincipalnames -ExpandProperty serviceprincipalnames
Get-MsolServicePrincipal -AppPrincipalID 00000002-0000-0ff1-ce00-000000000000 | select serviceprincipalnames -ExpandProperty serviceprincipalnames

Test-CsExStorageConnectivity –SipUri lync_tester1@domain.com # SfB on-prem user
Test-CsExStorageConnectivity –SipUri lync_tester2@domain.com # SfB online user

Cleared Log event (OAuth successful) 
Log Name:      Lync Server
Source:        LS Storage Service
Event ID:      32052
Task Category: (4006)
Description:
OAuth STS was properly configured for Storage Service.
#CTX#{ctx:{traceId:1596246623, activityId:"77278542-b703-4f56-9655-9f40fe99c04b"}}#CTX#
GetAppToken succeeded for request with sts=https://accounts.accesscontrol.windows.net/092a1ba4-a4fe-4172-970e-7ab3035e7c94/tokens/OAuth/2


Additional (verbose) references:


Tuesday, April 4, 2017

Mouse without Borders - Problem Installing: Mouse without Borders requires the .NET Framework 2.0 or 4.0

I love using MwB to reduce the clutter on my desk by using just 1 keyboard and mouse to control multiple PCs. 

Every so often an update comes out and it complains about the .Net version even though you are running a later version of the framework. 

Googling does not provide a solution easily, but all you need to do is to run the installer using elevated privileges. 


Error message : Mouse without Borders requires the .NET Framework 2.0 or 4.0



It's a Microsoft Garage work (side projects by MS employees) that solves my problem really well. Check it out...

Download site - http://www.microsoft.com/en-ca/downl....aspx?id=35460
Community site - https://getsatisfaction.com/mouse_without_borders

Wednesday, March 1, 2017

Office C2R updates for Feb 2017 released

The February release of the Office 365 Deferred Channel for Office 2016 is now available - Version 1609 (Build 7369.2118).

Current Release + FRDC updates have been released too. Those are @ Version 1701 (Build 7766.2060).

ChannelVersionBuildRelease date
Current
1701
7766.2060
February 23, 2017
First Release for Deferred
1701
7766.2060
February 22, 2017
Deferred
1609
7369.2118
February 22, 2017
https://technet.microsoft.com/en-us/library/mt592918.aspx






Friday, February 17, 2017

Duplicate entry for dial-in conferencing information with latest FRDC release

Creating a new Skype meeting by a user homed on a SfB on-prem pool, creates a duplicate entry for the dial-in conferencing number. The same version works fine for users homed on Skype Online though.


Seems to be happening in the latest release of Office 2016 C2R update - First Release for Deferred Channel (1609 Build 7369.2102) that was released on Jan 10th.







Probably a bug. Have a ticket open with support to find out.

On-prem SfB servers are not at the latest Feb 2017 level, so perhaps there is a fix for this in there. Is anybody else also seeing this?

Thursday, January 5, 2017

Dec 2016/ Jan 2017 updates for Lync 2013/SfB 2015 and SfB 2016 clients


Release Date
Version #
Type
Jan 2017
16.0.4483.1000
SfB 2016
Jan 2017
15.0.4893.1000
Lync 2013/SfB 2015
Dec 2016
16.0.4471.1000
SfB 2016
Dec 2016
15.0.4885.1000
Lync 2013/SfB 2015