Tag Archives: Lync

2015/05/21 · 09:23

Fixing “Cannot find registrar pool” error for sipfed.online.lync.com

I was recently setting up hybrid Lync Skype for Business for a customer. This is more properly known as “split-domain” configuration because you share a single SIP namespace across both the on-premises and cloud portions of the infrastructure.

If you’re not familiar with the process, it goes like this:

  1. Set up AD FS or whatever other identity federation solution you like.
  2. Configure the service to allow federation.
  3. Configure the on-premises Lync/SfB servers to allow federation.
  4. Turn on federation.
  5. Enable your tenant for split-domain operations with Set-CsTenantFederationConfiguration.
  6. Start moving users.

Adam Jacobs’ summary is worth reading if you haven’t seen this before, but even without reading it, it seems straightforward enough, right? I found that when I got to step 6 I got a vexing error: “Cannot find Registrar pool. Verify that ‘sipfed.online.lync.com’ is a valid registrar pool.”
sipfederr

I was 100% sure that the registrar pool name was correct and that it existed, so why couldn’t the Move-CsUser cmdlet find it? I spent some fruitless time binging for a solution (note: this is not the same as “binging on beer” or “binging on carbs before my race”); the few hits I found all suggested ensuring that you’d connected to the service with Import-PSSession, which is, as suggestions go, right up there with “make sure it’s plugged in.”

After some experimentation, I finally figured out that step 3 above hadn’t been performed completely; when I ran Get-CsHostingProvider, the EnableSharedAddressSpace and HostsOcsUsers parameters were both set to “false”. I reset them (and the AutodiscoverUrl parameter, also required), and that solved the problem. It’s not clear to me why anyone at Microsoft thought “cannot find registrar pool” would be an appropriate error for this condition; there are distinct error messages for most other problems that might occur (such as trying to move users to the wrong pool) but not here.

Perhaps this breadcrumb will help some future admin who gets the error, or maybe Microsoft will fix it…

6 Comments

Filed under Office 365, UC&C

Tagged as ,

2014/07/22 · 15:17

Moving to Summit 7 Systems

It must be the season or something. Like several of my peers (e.g. Paul, Phoummala, and Michael, to name 3), I’m moving on from my current position to a unique new challenge. In my case, I’m taking the role of Principal Architect at Summit 7 Systems.

Astute readers may remember that, just about a year ago, I joined Dell’s global services organization as a global principal consultant. I was fortunate to work with a large group of extremely smart and talented people, including several MCMs (Todd, Dave, Andrew, Ron, and Alessandro, y’all know who I’m talking about!) Working for a large company has both its benefits and challenges, but I was happy with the work I was doing and the people I was working with. However, then this happened.

Scott Edwards, cofounder of Summit 7 and a longtime friend from my prior time in Huntsville, told me that he wanted to grow Summit 7’s very successful business, previously focused on SharePoint and business process consulting, to expand into Office 365, Lync, and Exchange. Would I be interested in helping? Yes, yes, I would. Summit 7 is already really well known in the SharePoint world, with customers such as NASA, Coca-Cola, Nucor Steel, and the State of Minnesota. SharePoint consulting is a very different world in many ways from what I’m used to, so it will be interesting, challenging, and FUN to carry the Lync/Exchange/365 torch into a new environment.

In my new role, I’ll be building a practice essentially from scratch, but I’ll be able to take advantage of Summit 7’s deep bench of project management, business process consulting, marketing, and sales talent. I’m excited by the opportunity, which is essentially the next step forward from my prior work as a delivery specialist. I am not yet taking over the role of Summit 7’s corporate pilot, but that’s on my to-do list as well. (A couple of folks have already asked, and the answer is: yes, I will be flying myself occasionally to customer gigs, something that Dell explicitly forbade. Can’t wait!)

This is an exciting opportunity for me and I relish the chance to get in and start punching. Stay tuned! (Meanwhile, you can read the official Summit 7 press release here.)

4 Comments

Filed under UC&C

Tagged as , , , ,

2014/05/02 · 17:45

Getting ready for TechEd 2014

Wow, this snuck up on me! TechEd 2014 starts in 10 days, and I am nowhere near ready.

A few years ago, I started a new policy: I only attend TechEd to speak, not as a general attendee or press member; the level of technical content for the products I work with has declined steadily over the years. This is to be expected; in a four-day event, there’s a finite number of sessions that Microsoft can present, and as they add new products, every fiefdom must have its due. There are typically around 30 sessions that involve unified communications in some way; that number has remained fairly constant since 2005 or so. Over the last several years, the mix of sessions has changed to accommodate new versions of Exchange, Lync, and Office 365, but the limited number of sessions means that TechEd can’t offer the depth of MEC, Exchange Connections, or Lync Conference. This year there are 28 Exchange-related sessions, including several that are really about Office 365— so about 25% the content of MEC.

I can’t keep track of how many previous TechEd events I’ve been to; if you look at the list, you’ll see that they tend to be concentrated in a small number of cities and so they all kind of blend together. (Interestingly, this 2007 list of the types of attendees you see at TechEd is still current.) The most memorable events for me have been the ones in Europe (especially last year’s event in Madrid, where I’d never been before).

This year I was asked to pinch-hit and present OFC-B318, “What’s New in Lync Mobile.” That’s right— so far this year, I have presented on Lync at Lync Conference and MEC, plus this session, plus another Lync session at Exchange Connections! If I am not careful I’ll get a reputation. Anyway, I am about ready to dive into shining up my demos, which will feature Lync Mobile on a variety of devices— plus some special guests will be joining me on stage, including my favorite Canadian, an accomplished motorcycle rider, and a CrossFitter. You’ll have to attend the session to find out who these people are though: 3pm, Monday the 12th— see you there! I’ll also be working in the Microsoft booth area at some point, but I don’t know when yet; stay tuned for updates.

Leave a comment

Filed under UC&C

Tagged as ,

2014/05/02 · 10:59

Speaking at Exchange Connections 2014

I’m excited to say that I’ll be presenting at Exchange Connections 2014, coming up this fall at the Aria in Las Vegas.

Tony posted the complete list of speakers and session titles a couple of days ago. I’m doing three sessions:

  • “Who Wears the Pants In Your Datacenter: Taming Managed Availability”: an all-new session in which the phrase “you’re not the boss of me” will feature prominently. You might want to prepare by reading my Windows IT Pro article on MA, sort of to set the table.
  • “Just Like Lemmings: Mass Migration to Office 365”: an all-new session that discusses the hows and whys of moving large volumes of mailbox and PST data into the service, using both Microsoft and third-party tools. (On the sometimes-contentious topic of public folder migration, I plead ignorance; see Sigi Jagott’s session if you want to know more). There is a big gap between theory and practice here and I plan to shine some light into it.
  • “Deep Dive: Exchange 2013 and Lync 2013 Integration” covers the nuts and bolts of how to tie Lync and Exchange 2013 together. Frankly, if you saw me present on this topic at DellWorld, MEC, or Lync Conference, you don’t need to attend this iteration. However, every time I’ve presented it, the room has been packed to capacity, so there’s clearly still demand for the material!

Exchange Connections always has a more relaxed, intimate feeling about it than the bigger Microsoft-themed conferences. This is in part because it’s not a Microsoft event and in part because it is considerably smaller. As a speaker, I really enjoy the chance to engage more deeply with the attendees than is possible at mega-events. If you’re planning to be there, great— and, if not, you should change your plans!

1 Comment

Filed under Office 365, UC&C

Tagged as , ,

2014/02/13 · 09:38

Getting ready for Lync Conference 2014 (bonus Thursday Trivia #106)

So, first: here’s the view from my second-floor home office:

PaulR Dell 20140213 003

Actually, I had to walk across the street to get this particular shot, but it was worth it. We got about 4” or so of snow in my neighborhood; I got out of Raleigh just in time to miss their snowmageddon, which suits me fine. The boys and I had a good time about 10pm last night throwing snowballs and watching big, fat flakes fall. The roads are passable now and will get better as it warms, but tonight it’ll be cold again and they’ll probably refreeze.

I’m making my final preparations for Lync Conference 2014 next week. I’m presenting a total of four times:

  • VOICE401, “Deep Dive: Exchange 2013 and Lync 2013 Unified Messaging Integration”, is on Wednesday at 1pm in Copperleaf 10. This session will cover some of the internals of Exchange UM; it’s targeted at Lync admins who may not have much knowledge of Exchange but are already familiar with SIP signaling and the like.
  • SERV301, “Exchange 2013 and Lync 2013: ‘Better Together’ Demystified”, is on Tuesday at 2pm in Copperleaf 9, and there is a repeat scheduled for Wednesday at 430p (also in Copperleaf 9). This session covers all the places where Exchange and Lync tie together so that you get a bette experience when both are deployed.
  • On Tuesday at 430p, I’m taking part in an informal session on Exchange-y stuff at the Microsoft booth in the exhibit hall. This is super informal, so it’s probably the best place to drop by and say hello if you can.

Dell has a pretty heavy presence at the show; Michael Przytula is presenting a session covering the Lync device ecosystem (Wednesday, 230p, Bluehorn 1-3) that I think will be pretty neat, because who doesn’t love shiny devices? George Cordeiro and Doug Davis are both doing sessions around how to identify the actual ROI of a Lync deployment, which is something customers often ask about before deployment. Even if that doesn’t sound interesting, the Dell booth will be staffed by some of our hotshot Lync guys (including Louis Howard and Scott Moore), and we’re giving away a Venue 11 Pro and a bunch of very nice Jabra and Plantronics headsets.

Now, your trivia for the week:

Leave a comment

Filed under General Stuff, UC&C

Tagged as , ,

2013/12/23 · 09:15

Office 365 beta exams: a few thoughts

Last week I took the beta versions of the two MCSA exams for Office 365: 71-346 is Managing Office 365 Identities and Requirements and 71-347 is Enabling Office 365 Services. I thought it might be useful to write up a few NDA-safe notes on the exams and the topics they cover. Keep in mind that the questions on the beta exam are there because they’re being tested; the objective domains (ODs), or areas of knowledge being tested, won’t change but the specific questions probably will as the beta identifies “bad” questions (those that everyone gets right or everyone gets wrong are immediately suspect!) The Microsoft exam development process is really complicated; to summarize, by the time the exams hit beta, the knowledge areas to be tested are set in stone but the questions themselves can be modified, or thrown out, based on beta exam feedback.

First, be forewarned that there are no formal study materials for these exams. I hear that Office 365 Admin Inside Out from MS Press is decent, but haven’t read it yet. Be prepared to do a lot of binging to look up specific things that you want to know how to do.

Second, the absolute best way to prepare for the exam is to sign up for a trial Office 365 E3/E4 tenant and make sure that you know how to do everything mentioned in the exam objectives in both PowerShell and the GUI. This is baloney, and it has been a hot topic of debate in the MVP community. IMHO there is little value in asking an examinee to show that they know how to do something in PS which is trivial to do in the GUI, especially if it’s a one-time task like setting up Azure RMS. Nonetheless, that’s the requirement.

For 346, specific things you should probably know include:

  • How to add a new tenant, from scratch. This includes choosing a region (and what effect that has), setting the domain purpose, and confirming domain ownership.
  • How to configure DNS records and firewall settings: SRV, CNAME, and MX records, what they point to, etc.
  • How to design ADFS: how to size it, when to use SQL Server instead of WID, and so on. Note that actually doing HA or DR with ADFS is not one of the topics listed in the OD, but you’ll need to know how to do it anyway. The ADFS 2.0 documentation content map is very helpful here.
  • How to administer (parts of) ADFS, including installing it (prerequisites too) on both Windows 2008 and 2012 (but not R2), controlling filtering, and managing dirsync. I have heard that there are questions in the pool that cover ADFS 3.0 but don’t know if that’s true.
  • How you’d conduct a pilot, including how to use connected accounts and mail forwarding.
  • What the different administrative roles in 365 are for and what they can do, including how to manage delegated admins.
  • How to provision / license users through the 365 Admin Center.
  • Basic account management through PowerShell: creating users, modifying their properties, licensing them, etc. Nothing too exotic; I expect most Exchange and Lync admins can do these types of things now without difficulty.
  • How to provision, enable, and administer AD RMS, a surprisingly cool technology that Brian Reid has written about at length already.
  • What the mail flow/message hygiene reports are and what you can do with them
  • How to do daily admin tasks: checking service health, using the RSS feeds, opening service tickets, etc.
  • Troubleshooting using the Remote Connectivity Analyzer and MOSDAL

347 is a little more of a mixed bag because it contains both admin-level material similar to ODs in 346 plus a smorgasbord of other stuff. The most important thing to know here: you must know how to do stuff with SharePoint Online. Out of the 53 questions on my beta exam, 12 of them (22.6%) were related to SPO.  Given that about 0.5% of my actual knowledge relates to SPO, that was a problem. I don’t use it, and I haven’t worked on the SPO-related parts of any deployments for Dell customers, so I was unprepared. Don’t be like me. Be prepared to demonstrate that you know:

  • All about Click-to-Run, including how it differs from MSI installations, how you customize what gets installed, how the installs themselves work, etc.
  • All about Office Telemetry. Never heard of it? Neither had I. Its inclusion in these exams seems a bit odd, since I suspect you’d see people running it before deploying Office 2013 on-prem too. It’s been a while since I was directly involved in the world of desktop deployment, though, so maybe everyone but me knows about them.
  • How to manage SPO site collections, including how to share and unshared them, set quotas, etc.
  • How to provision (including how to license) Excel and Visio Services
  • How to manage proxy, reply-to/default addresses, resource mailboxes, external contacts, and groups in Exchange— standard stuff for working Exchange admins.
  • How to work with archiving policies on both Exchange and Lync, including integration with Exchange 2013’s in-place hold mechanism
  • How to set up Lync settings for external access, including visibility of presence and per-user access to PIC

Again, you need to know how to do these things in both PowerShell and the GUI, despite the fact that many of the tasks in the ODs will be things you do once (or maybe quarterly, at most).

Should you take the beta exams? It depends, I guess. They cost the same as the “real” exam, and they’re subject to the same “Second Shot” MS program that grants you one retake of a failed exam. So you could sign up and take the beta now for $150, then take the real exam for free if you don’t pass. Based on the state of the exam questions I saw, and the lack of structured training materials, I don’t recommend that you rush to take the exam, though; the real version goes live on 17 February. Until then, your time would probably be better spent setting up a scratch tenant that you can play with, then running through the list of ODs to make sure that you know how to do the things on the list.

I’d be interested in hearing from people who took the exam to see how well you think the exam actually matches up with what Office 365 admins and designers need to know in the real world.

1 Comment

Filed under Office 365, UC&C

Tagged as , , ,

2013/12/15 · 09:45

MEC and Lync Conference 2014 session list (partly) released

The fine folks in charge of organizing the Microsoft Exchange Conference have released a partial list of the sessions that will be on offer, as well as a list of speakers (oddly enough, the speakers are in alphabetical order by first name… ooops). There are some surprises in the mix, and I expect a few more once the full list of sessions is released in the near future.

First, there’s clearly a heavy emphasis on panel-style discussions: there are no fewer than 8 “Experts Unplugged” sessions featuring product managers from the Exchange team. I’m moderating the UM panel session, which should be a good opportunity for people to have their in-depth UM questions answered by the PMs who own the features in UM. In addition, the support team has a session called “Experts Unplugged: Exchange Top Issues – What are they and does anyone care or listen?” that I can almost guarantee will be worth your time. Amir, Jennifer, Scott, Shawn, Tim, and Nino did a very similar panel at the MVP summit and it was extremely informative— plus they’re a fun bunch to talk to. I expect the other panels to be of equal quality, and the fact that there’s one per track is a good sign that the Exchange team is interested in getting two-way feedback from the community.

Second, there’s a nice mix of topics covered: a number of sessions promise to compare or contrast the on-premises and service environments (I’m particularly looking forward to “Engineers vs Mechanics”), and there seems to be a balance between architectural-focused sessions that explain design principles and sessions focused more narrowly on how to administer, manage, or use features such as RBAC (presented by Bhargav Shukla, who taught RBAC for the late lamented MCM program) and archiving. This balance between explaining why features work a particular way and how to use them was a hallmark of MEC last year, and I’m pleased to see it continuing in the sessions this year.

There are a couple of sessions whose abstracts are missing or incomplete. For example, the “Enterprise Social” session promises to “discuss Social experiences in the MSFT suite beyond e-mail.” I’d bet $5 that this is a code phrase for “talking about Yammer,” but we’ll see. As we get closer to MEC, expect to see more detailed abstracts, as well as additional sessions.

Turning abruptly to Microsoft’s other major unified communications conference: I’m speaking for the first time at Lync Conference (which lacks a catchy acronym so far: I suggest “LyC”, pronounced “like”). The session list is worth a careful review; I don’t know if there are more sessions forthcoming, but the ones that are there focus much more heavily on on-premises topics than the MEC sessions do, and there’s an entire track titled “Business Value” dedicated to helping attendees identify areas where Lync can add value to their environments and then squeeze that value out as rapidly as possible. There is also a “Lync Online” track shown in the track selection pulldown but it shows no sessions right now— I’m sure they’ll appear in the near future. It looks like the content for the developer-focused track will be super technical; it will be interesting to see how the level of detail in those sessions compares to the developer-track session at MEC. I get the sense that there will be more admins-who-are-interested-in-development at MEC and more developers-who-write-code-every-day at LyC, but I could be wrong.

My Lync Conference session is a 300-level look at integration between Exchange 2013 and Lync 2013. It’s nicely complemented by Jens Trier Rasmussen’s 400-level session on the same topic; we’ll be working together to coordinate topics. The Lync Conference also features sessions presented by sponsors; Dell (or, more precisely, Michael Przytula, my boss) will be presenting one. I’ll have more to say about its contents when we get closer to showtime.

I’m looking forward to both shows— meeting with the community is always really energizing, and both shows have a great session lineup. If you haven’t already registered for one or both, you should strongly consider it while early registration is still ongoing. What you learn in a single session can easily save you (or make you) enough money to make the entire trip worthwhile, and the social and community benefits of attending are icing on the cake. See you there!

Leave a comment

Filed under General Stuff, UC&C

Tagged as ,

2013/12/05 · 12:25

Microsoft, encryption, and Office 365

So the gloves are starting to come off: Microsoft general counsel Brad Smith wrote a long blog post this morning discussing how Microsoft plans to protect its customers’ data from unlawful interception by “unauthorized government access”. He never specifically mentions NSA, GCHQ, et al, but clearly the Five Eyes partners are who he’s talking about. Many other news outlets have dissected Smith’s post in detail, so I wanted to focus on a couple of lesser-known aspects.

First is that Microsoft is promising to use perfect forward secrecy (PFS) when it encrypts communications links. Most link-encryption protocols, including IPsec and SSL, use a key exchange algorithm known as Diffie-Hellman to allow  the two endpoints can agree on a temporary session key by using their longer-term private/public key pairs. The session key is usually  be renegotiated for each conversation. If Eve the eavesdropper or Mallet the man-in-the-middle intercept the communications, they may be able to decrypt it if they can guess or obtain the session key. Without PFS, an attacker who can intercept and record a communication stream now and can guess or obtain the private key of either endpoint can decrypt the stream. Think of this like finding a message in a bottle written in an unknown language, then next year seeing Rosetta Stone begin to offer a course in the language. PFS protects an encrypted communication stream now from future attack by changing the way the session keys are generated and shared. Twitter, Google, and a number of other cloud companies have already deployed PFS (Google, in fact, started in 2011) so it is great to see Microsoft joining in this trend. (A topic for another day: under what conditions can on-premises Exchange and Lync use PFS? Paging Mark Smith…)

Second is that Microsoft is acknowledging that they use data-at-rest encryption, and will be using it more often. Probably more than any other vendor, Microsoft is responsible for democratizing disk encryption by including BitLocker in Windows Vista and its successors, then steadily improving it. (Yes, I know that TrueCrypt and PGP predated BitLocker, but their installed bases are tiny by comparison.) Back in 2011 I wrote about some of the tradeoffs in using BitLocker with Exchange, and I suspected that Microsoft was using BitLocker in their Office 365 data centers, a suspicion that was confirmed recently during a presentation by some of the Office 365 engineering team and, now, by Smith’s post. Having said that, data-at-rest encryption isn’t that wonderful in the context of Office 365 because the risk of an attacker (or even an insider) stealing data by stealing/copying physical disks from an Office 365 data center is already low. There are many layers of physical and procedural security that help keep this risk low, so encrypting the stored data on disk is of relatively low value compared to encrypting the links over which that data travels.

The third aspect is actually something that’s missing from Smith’s post, expressed as one word: Skype. Outlook.com, Office 365, SkyDrive, and Azure are all mentioned specifically as targets for improved encryption, but nothing about Skype? That seems like a telling omission, especially given Microsoft’s lack of prior transparency about interception of Skype communications. Given the PR benefits that the company undoubtedly expects from announcing how they’re going to strengthen security, the fact that Smith was silent on Skype indicates, at least to suspicious folks like me, that for  now they aren’t making any changes. Perhaps the newly-announced transparency centers will provide neutral third parties an opportunity to inspect the Skype source code to verify its integrity.

Finally, keep in mind that nothing discussed in Smith’s post addresses targeted operations where the attacker (or government agency, take your pick) mounts man-in-the-middle attacks (QUANTUM/FOXACID)  or infiltrates malware onto a specific target’s computer. That’s not necessarily a problem that Microsoft can solve on its own.

Leave a comment

Filed under Office 365, UC&C

Tagged as , , ,

2013/10/12 · 10:02

2-factor Lync authentication and missing Exchange features

Two-factor authentication (or just 2FA) is increasingly important as a means of controlling access to a variety of systems. I’m delighted that SMS-based authentication  (which I wrote about in 2008), has become a de facto standard for many banks and online services. Microsoft bought PhoneFactor and offers its SMS-based system as part of multi-factor authentication for Azure, which makes it even easier to deploy 2FA in your own applications.

Customers have been demanding 2FA for Lync, Exchange, and other on-premises applications for a while now. Exchange supports the use of smart cards for authentication with Outlook Anywhere and OWA, and various third parties such as RSA have shipped authentication solutions that support other authentication factors, such as one-time codes or tokens. Lync, however, has been a little later to the party. With the July 2013 release of Lync Server 2013 CU2, Lync supports the use of smart cards (whether physical or virtual) as an authentication mechanism. Recently I became aware that there are some Lync features that aren’t available when the client authenticates with a smart card– that’s because the client authenticates to two different endpoints. It authenticates to Lync using two-factor authentication, but the Lync client can’t currently authenticate to Exchange using the same smart card, so services based on access through Exchange Web Services (EWS) won’t work. The docs say that this is “by design,” which I hope means “we didn’t have time to get to it yet.”

The result of this limitation means that Lync 2013 clients using 2FA cannot use several features, including

  • the Unified Contact Store. You’ll need to use Invoke-CsUcsRollback to disable Lync 2FA users’ UCS access if you’ve enabled it.
  • the ability to automatically set presence based on the user’s calendar state, i.e. the Lync client will no longer set your presence to “out of office”, “in a meeting,” etc. based on what’s on your calendar. Presence that indicates call states such as “in a conference call” still works.
  • integration with the Exchange-based Conversation History folder. If you’ve configured the use of Exchange 2013 as an archive for Lync on the server side, that still works.
  • Access to high-definition user photos
  • The ability to see and access Exchange UM voicemail messages from the Lync client

These limitations weren’t fixed in CU3, but I am hopeful that a not-too-distant future version of the client will enable full 2FA use. In the meantime, if you’re planning on using 2FA, keep these limitations in mind.

1 Comment

Filed under General Tech Stuff, UC&C

Tagged as ,

2013/07/10 · 19:40

Changing the Lync 2013 XMPP listening port

After being asked whether it was possible to change the port on which the Lync 2013 edge role listens for XMPP traffic, I spent some time searching the intertubes for answers, all to no avail. Then I got sidetracked and forgot about it; meanwhile, the person who’d originally asked came back with the answer:

  1. Log in to a Lync front-end server using an account that has CSAdministrator permissions
  2. Run 
    Set-CsEdgeServer -Identity fqdn of edge -XMPPInternalPort portYouWant
  3. Restart the Lync Server XMPP Translating Gateway Proxy service.

Voila! Your Lync edge server will now use the port you specify.

Leave a comment

Filed under UC&C

Tagged as ,