Monday, June 30, 2014

Lync 2013 – installing databases failing with Access is denied


Had this unusual issue recently while deploying a Lync 2013 Enterprise infrastructure. All the Lync 2013 databases installed correctly, except for the rtcxds database, which is arguably the most important one. The generic error was system error 5: Access is denied.
"An internal error has occurred while trying to create or update the database."


Weird. I have all the correct permissions. I am a domain and enterprise Administrator and a member of CSAdministrator and RTCUniversalServerAdmins (This was a Lync 2010 to Lync 2013 migration)

 

So I started looking around at permissions. Here's the file I cannot access via the C drive:



 

And here it is via the C$ share – it's not even showing!



 

I didn't screen capture the permissions, but I didn't have rights to view permissions on the file either. The same was true for the rtcxds log files as well.

 

The resolution:
Rename the rtcxds.mdf and rtcxds.ldf files to _old, and then reattempt installing the databases. This recreated the files within the CsData folder, set the correct permissions, and then the database install succeeded. Never did find a root cause for why this one occurred.

Exchange 2010/2013 Delegates Report


One of the most important guidelines when moving mailboxes to the cloud is to make sure that you move mailboxes along with their delegates in the same batches to avoid issues. Rajkumar-MCITP has made this script a while back that worked very well.
However, I recently found that it didn't work as well as it once had for me in Exchange 2007. Here's the issues I had getting this to work.
  • For Exchange 2010/2013, you need to change get-MailboxCalendarSettings to get-mailboxCalendarConfiguration
  • The output file path is c:\MailboxReport.csv and the $attachment value is c:\temp\DelegatesReport.csv in the send-mailmessage cmdlet.  They'd need to match for the attachment to come through. 
  • In order for mail to work, you'll need to modify the $ToAddress and $fromAddress fields as well as the SMTP server in the send-mailmessage command
  • Additionally, if you don't have your localhost configured to accept the email, you likely won't get the file emailed to you.  Easier to just grab the CSV file to be honest.
  • Then, I noticed that the CSV had no delegates in the delegate column.

 

So I spent some time to find a better way to gather this data.

 

Here's the powershell one-liner:


 

Get-Mailbox -ResultSize unlimited | Get-CalendarProcessing | where { $_.ResourceDelegates -ne "" } | Select-Object identity,@{Name='ResourceDelegates';Expression={[string]::join(",", ($_.ResourceDelegates))}} | Export-csv -Path c:\temp\ResourceDelegates.csv
It doesn't email you, but if you want a second line to Send-MailMessage, you can easily add that.

Exchange 2010 Hybrid Configuration Wizard failing with “Execution of the Get-FederationInformation cmdlet had thrown an exception”



 

The Problem:
Exchange 2010, single server environment being used as the HCW.  No ISA/TMG, direct NAT/ACL through a Palo Alto Firewall.
The HCW fails with:
[6/25/2014 15:48:59] ERROR:Updating hybrid configuration failed with error 'Subtask Configure execution failed: Creating Organization Relationships.

Execution of the Get-FederationInformation cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.

Federation information could not be received from the external organization.

ExRCA passes for web services and for autodiscover
The Federation TXT DNS entry is in place and confirmed.
The SSL certificate was from Digicert, their utility showed it was properly chaining as well.
Testing the Get-federationinformation shows a 405 Method not allowed error:
[PS] C:\>Get-FederationInformation -DomainName orgname.net -Verbose
VERBOSE: [16:44:20.030 GMT] Get-FederationInformation : Resolved current organization: .
VERBOSE: [16:44:20.030 GMT] Get-FederationInformation : Using the following trusted host names: *.outlook.com.
VERBOSE: [16:44:28.142 GMT] Get-FederationInformation : The discovery process returned the following results:
Type=Failure;Url=https://autodiscover.orgname.net/autodiscover/autodiscover.svc;Exception=Discovery for domain orgname.net
failed.;Details=(Type=Failure;Url=https://autodiscover.orgname.net/autodiscover/autodiscover.svc;Exception=The request
failed with HTTP status 405: Method Not Allowed.;);
Type=Failure;Url=https://orgname.net/autodiscover/autodiscover.svc;Exception=Discovery for domain orgname.net
failed.;Details=(Type=Failure;Url=https://orgname.net/autodiscover/autodiscover.svc;Exception=Unable to connect to the
remote server;);
Federation information could not be received from the external organization.
    + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], GetFederationInformationFailedException
    + FullyQualifiedErrorId : A864F05C,Microsoft.Exchange.Management.SystemConfigurationTasks.GetFederationInformation

 

The resolution:
  1. Reset the Autodiscover Virtual Directory using the EMC:  http://technet.microsoft.com/en-us/library/ff629372.aspx
  2. Reset the WSSecurityAuthentication to $true
  3. IIS reset, then the get-federatedinformation worked!
Here's a side by side of the autodiscover virtual directory configurations…   you might notice other than GUID and date fields, there is nothing different.
Before:
http://chrislehr.com/blogpics/063014_1428_Exchange2011.png


 

After:
http://chrislehr.com/blogpics/063014_1428_Exchange2012.png


 

Monday, June 23, 2014

Lync 2010 and Lync 2013 Documentation script

Went out to Pleasanton, CA last week for ExtraTeam's MIcrosoft Camp, where one of my collegaues, Sean Kirkpatrick released this powershell script that pulls data from your Lync environment and formats it all in an awesome Excel spreadsheet.  Never again will I sit manually entering a normalization rule into Excel.

I frankly am surprised we are making this public domain..  it's that good.

Enjoy!

http://blog.lyncfreak.com/2014/06/12/lync-documentation-script/

And thanks, Sean!!

Tuesday, June 17, 2014

Dirsync changes and version history

I don't do a lot of Azure or Office 365 work, so it's infrequent enough that when I do use it, I commonly have to look up things, like the path to the DirSyncConfigShell.psc1 file for DirSync Azure PowerShell.

This month, I did the first DirSync install I've done in a while, and thought I was losing my mind when I couldn't find PowerShell.  And of course, this has been so heavily blogged and reblogged, that most all guidance pointed me right back at a file that was not installed.  So here are some great bits of information for you all.
  1.  The latest PowerShellinstall is always available at http://bit.ly/dirsync
  2.  Version information for DirSync is viewable in Add/remove programs, and here is a Technet Wiki on these versions:  http://social.technet.microsoft.com/wiki/contents/articles/18429.microsoft-azure-active-directory-sync-tool-version-release-history.aspx
  3. The latest version (June 5, 2014, version 6862.0000 as of this writing) has "New Features" that Import-Module DirSync is how you access DirSync PowerShellnow.  It should be noted that the old way to do so is missing.
Hope this helps some of you when looking for this!

UPDATE 8/27/2015
You really should not deploy DirSync any longer, but AADSync or AADConnect instead.