7 August 2014

Install-CsDatabase : Command execution failed: Cannot find any suitable disks for database files.


The issue was seen when installing the latest CU. When installing the SQL part of a cumulative update you get the error:-

Install-CsDatabase : Command execution failed: Cannot find any suitable disks for database files. You must manually specify database paths.


The "suitable disks" error is triggered by the installer checks. The requirement is that a minimum of 16 GB of free space is available prior to installing\updating SQL. Simply cleaning up the drive where CSDATA lives to free up space gets it sorted.

25 July 2014

Office Web Apps Server Error


After following the basic install procedure I attempt to look at the Office Web Apps Farm configuration with the PS command Get-OfficeWebAppsFarm.
The following error is thrown..

Although many blogs explain that this issue is related to installing on a different drive than C, or that its specific to Windows Server 2008 or 2012


I found that (IMHO) the issues was unrelated to installation path or server version. Instead it appears to be an issue with the ASP.NET installation\registration with IIS.

This can be reinstalled\registered with the following command

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -ir

-ir - Installs ASP.NET and registers with IIS

Re-running Get-OfficeWebAppsFarm now works as expected

15 July 2014

Cant set port on IP/PSTN Gateway

There are some really good resources available on how to setup SIP trunking between Lync and Microsoft Certified gateways (such as Sonus and Audio codes).
One of my favorite resources is from Iain Smith at NorthernLync found here


Unable to set the port to 5061 when adding a PSTN gateway in Lync Topology builder.

Notice how finish is grayed out and we have an error next to the port.


The reason we have this is because by default the mediation servers are set to use TLS and thus listening on port 5067 and TCP isn't enabled. You can check this by expanding the Lync Server 2013 -> Standard Edition\Enterprise Edition. Right click on the Front End where the Mediaiation service is co-located and select Edit Propoerties

Scroll down to the Mediation Server details to see the Mediation Server configuration


Simply enable TCP by checking the check box and set the port range

Returning to the PSTN Gateway folder in Topology builder and selecting New IP/PSTN Gateway you will notice that you are now able to add the gateway as TCP using port 5060

Lync Management Shell not connecting


I came across an interesting issue yesterday..opening the Lync Management Shell I was presented with a blank shell window (nothing unusual there, just wait a few seconds, right?). However it just stayed right there, no connecting.

The environment is really a 4 site deployment with a total of 4 2013 front ends all running on Windows 2012 R2.

What was really interesting was that there was no errors, nothing...

I fired up power shell and tried importing the Lync module just in case my Lync Server Management Shell shortcut had somehow been corrupted and that worked fine.

So off to have a look at the shortcut I noticed that the decided to fire up the target manually in an attempt to isolate the culprit

Looking a little closer at the target I discovered that the closing quote was missing. Now how did that happen? 

Interestingly this issue happened on 2 of the 4 front ends within the same deployment. I have done many of these and not seen this before so am not sure what the underlying cause is. Perhaps a bug :-)


Simply edit the target and add the missing close quote as seen below.

Ripleys- Believe it, or not
I went back to the Front End where the Lync Management Shell was working..to my disbelief its target is missing the closing quote BUT it works anyway. Adding the closing quote to the working target made no difference. Unbelievable.
Go figure..

Of course you can simply fire up Power Shell and then import-module Lync

27 June 2014

Removing stale Lync references from AD


The old Lync 2010 Server\Pool was discovered when running ExchUCUtil. The image below depicts the 2 Pools I was expecting to see 1:2 and 1:1 BUT I wasn't expecting 1:4.

So when Lync is initially deployed a bunch of references are made in AD, of course if you remove Lync from the environment and don't do so gracefully then a bunch of unwanted references are ..still in AD.
 So far I haven't seen any other issues due to AD objects still referencing the old Lync 2010 Pool other than whats seen in the screen shot above, but (not being OCD of course) it needs to go as its messing with my Nirvana.


A deep dive into AD to remove the reference to the Lync 2010 Server\Pool showing up here as 1:4. 
ADSIEdit to the rescue in this case. We will need to find the specific references which will refer to servers and pools in Global Settings, Pools, Trusted MCUs, Trusted Services and Trusted WebComponentsServers.

So lets go and find these references then..
Open LDP by typing ldp in the run box and click OK

In the Connection window type the name of your DC in the Server Box and click OK

Select Connection - Bind

You need to Bind as a valid user,either use the currently logged on user, or specify an account with credentials

Next we need to view the tree

The BaseDN will depend on where the information is stored as follows:-
  • DC=domain,DC=com (information in System Container)
  • CN=Configuration,DC=Domain,DC=COM (information in Configuration

We need to drill down to the RTC Service container. Just a note that when you first see this view there is no indication that the container objects can be expanded, go ahead and double click on them anyway :-)

We can now search for the old server references. Right click on the RTC Service container and select search

Enter the following string in the Filter box (replacing the OldServerFQDN with the actual FQDN of the old server)

NOTEReturn to this step and do another search using the following 2 string formats to find Trusted Server and Trusted Web components:-

Be sure to select Subtree so it searches all the trees below this entry. Then click run.
The search should return results in the righthand pane.

You can easily spot the results as they start with ***Searching...

In the image below you will notice that my environment found 2 entries

Be sure to make note of these results because they will be required to find them in ADSIEdit.

Next we will open ADSIEdit and connect to the configuration. The path to each CN is noted in the search we did just before so it really simple to find them.

In my example above I found both the containers and the 1:4 that was discovered when setting up UM (bonus..)

Before deleting each of these review them by looking at the properties and confirming that they are OK to delete. A tell tale is the references to the individual services and the machines they run on seen in the differentTrustedServicePort and ServiceType attributes

To delete simply navigate to the full DN, right click and select delete

At this point you could return to the search in ldp and perform additional searches for 
Trusted Server and Trusted Web components.

Running ExchUCUtil now shows just what I expected..

1:4 Gone!
Peace restored

25 June 2014

Lync Share permissions


From time to time you may find that the deployment wizard fails at setting the permissions required to the Lync Share folder.

Product Version - Lync 2013

What permissions are required?


Usually running the Topology builder as Administrator does the trick
Alternatively you could manually set the permissions from the Advanced Sharing button

16 April 2014

Solving Invalid_AD_Phone_Numbers.txt

OK so if you are OCD (and nothing wrong with that) then you may be compelled to make the event warning on your front end reporting on Invalid numbers every morning just after 1:30 am.

The Event ID 21034 explains as follows:

Its arguably one of the most comprehensive and helpful Cause and Resolution events you may ever see!

The Process
When Lync collects the user data from Active Directory a number check is done and only numbers that conform to the E.164 numbering format (I have noticed that an E.164 number with a x1234 on the end is also permitted by default) are imported. Hence the errors..

So looking into the text file (located at Lync File share...1-WebServices-1\ABFiles\00000000-0000-0000-0000-000000000000\00000000-0000-0000-0000-000000000000\ called Invalid_AD_Phone_Numbers.txt)
What do we see?

Edited for simplicity I have shown below just a sample of the  culprits.

Unmatched number: User: 'sip:peter.pan@lyncsorted.co.nz'  AD Attribute: 'telephoneNumber'  Number: '095504321'
Unmatched number: User: 'fb56a490-0e27-4cac-b6cc-fb17ae0d4dba'  AD Attribute: 'telephoneNumber'  Number: '1234'
Its VERY common to see entries with the strange SID looking user name, these are usually disabled accounts and can be hard to find the true user attribute. I usually do an advanced search and use the number attribute provided to find these. By the way, they do no harm just sitting there, its the valid accounts I concern myself with.

The number assigned to Peter Pan above is valid (but not an acceptable default format). To format this number to a recognised number for populate the Lync Address Book service a normalization rule set can be created. 
All numbers that do not comply to the E.164 format by default will parse through the AD normalization rule set to be transformed to E.164 (or any format you allow in the regex)

Do make sure that Lync ABS is configured to use this normalization rule set with the Lync Server Management Shell command:-


The name and location of the AD Normalization rule set is essential. The rule set must be called Company_Phone_Number_Normalization_Rules.txt and must be located in the central Lync File Share …\LyncShare\1-WebServices-1\ABFiles\

The contents of this txt file are documented in the table below:

## Sample AD Normalization rule set for populating AddressBook Service
##Created by PaulB
##Normalise to E.164
##Local format from Active Directory into E.164
##Auckland (New Zealand) National Prefix (9) & Country Code added as +649 (and 6 or more digits)


##National format from Active Directory into E.164
##New Zealand Country Code added as +64 and dropped 0 (and 6 or more digits)


##No DID, extension number only
## Assuming 4 digit extension and passing through to ABS transparently


Once the rules are added you can test by using ABServer.exe
ABServer.exe can be found at C:\Program Files\Microsoft Lync Server 2013\Server\Core (assuming default install directory)

Run ABServer.exe in the Command prompt window in the following format
 in the following format (where 095501234 represents the number to test)

ABServer.exe -testPhoneNorm "095501234"

In the below image I have run a valid number test not requiring additional normalisation, followed by a National format number. Notice how the first number (+6495501234 x5234) normalises to the expected line URI format used in Lync. It also mentions that the rule was matched by built in ABServer.exe rules

The Second test was in the national format (095501234), this was normalised by our Company_Phone_Number_Normalization_Rules.txt file to the Line URI +6495501234 as required.

Now to get the AddressBook syncrosised to Lync

From Lync Server Management Shell run:-

Update-CsAddressBook -verbose
Before adding these rules the non complying numbers don't show up in the users contact card, once the rules are in play and the address book has regenerated then the contact card show the numbers loaded from AD in the new accepted format.

Before                          After

25 March 2014

Lync 2013 Front End Service won't start

After a fresh install of Lync 2013 Standard Edition onto a Windows 2012 server, and its been running for about 2 weeks I may add...I came across the following issue


After a reboot of the Lync Standard Edition Server I found that the Lync Server Front End Server (RTCSRV) wouldn't start. It just sat there on "Starting"

Further Symptoms

Event ID 32174

Interestingly the Event ID reports that resetting the Quorum is a potential solution, not true in my case.

Event ID 32178

There were many other Events triggered by the inability of numerous processes being able to connect etc etc


A common cause of this issue is if non self-signed certificates are imported into Trusted Root Certification Authorities instead of Intermediate Certification Authorities. Although this was not an issue in Windows Server 2008, Windows 2012 requires a high level of trust dependant on certification authentication.The result is that HTTP communication between Lync servers is broken.


Check the Trusted Root Certification Authority Store for any NON self-signed certificates. Self signed certificates have the same value for the Issued To and Issued By field. The screen shot below shows the highlighted certificate as not being self-signed (whilst residing in the Trusted Root Certification Authority Store)

Another quick way to check, especially when there are many entries, is to run the following PowerShell command:

Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File "c:\computer_filtered.txt"

The output file will contain the details of the culprit.

Now simply move the NON Self-Signed Certificate to the Intermediate Certification Authorities.
and the Self-Signed Certificates to the Trusted Root Certification Authorities

Microsoft KB article http://support.microsoft.com/kb/2795828
Lync Server 2013 Front-End service cannot start in Windows Server 2012

5 February 2014

Lync Deployment Wizard fails - Input string was not in the correct format

The Problem
When Running the Lync Server Deployment Wizard - Install oe Update Lync Server System - Step 2: Setup or Remove Lync Server Components I get an error immediately after Disabling unused roles

The Error
Input string was not in the correct format

at System.Text.StringBuilder.AppendFormat(IFormatProvider provider, String format, Object[] args)
at System.String.Format(IFormatProvider provider, String format, Object[] args)
at Microsoft.Rtc.Internal.Tools.Bootstrapper.BootstrapperTask.OutStatusLine(String format, Object[] args)
at Microsoft.Rtc.Internal.Tools.Bootstrapper.BootstrapperTask.DeactivateRemovedRoles()
at Microsoft.Rtc.Management.Internal.Utilities.LogWriter.InvokeAndLog(Action action)

The Culprit
This turned out to be the Lync Admin account, I couldn't find any evidance pointing me to the cause other than a feeling of discomfort with the format of the Lync Admin User account name.
The Lync Admin account was similar to this:

Couldn't find any documentation saying the curly brackets may be an issue, but tried with an account that had a simpler format and the required permissions and tada...

The Solution
Initially I had the account renamed to something like LyncAdmin but it still misbehaved, recreating the account without curly brackets did the trick

29 January 2014

LPE wont sign in to Lync externally

The Problem

Lync Phone Edition (in my case Polycom CX500 and CX600) wont sign in to Lync from externally. Internally working fine.

The phone goes through the steps of finding the time server, then finding the Lync Server - OK. Then gets stuck on Signing in... Connecting to Lync Server
This also happened to the CX600 EVEN when pairing to my desktop over USB for sign in...

The Evidence

Checking the Lync Edge Server logs I found...nothing! Same as the Front End, also nothing!
Since everything else seemed to be working I started to wonder how the LPE's are different from the desktop client.
Going through the motions of validating the DNS using the RUCT.exe tool I found that when I tried to test the port availability on selected records on the SRV record for -sip._tls I got an error stating that the host was not found.

What I found was very interesting. The SRV record for  _sip._tls.sipdoamin.com resloved to sip.sipdomain.com BUT the Public Certificate Common Name was LyncEdge.sipdomain.com with the name sip.sipdomain.com as a Subject Alternate Name.

The Solution

I changed the the SRV record so that the target was the published public name LyncEdge.sipdomain.com. Effectively this meant that the SRV target was also the Common Name on the Public Certificate.

The Common Name on the Public Lync Certificate should always be a resolvable target for the SRV records

21 January 2014

canceled due to internal error - CX500 and CX600

The Lync phones (CX500 and CX600) no longer sign in to Lync 2013. Error message states "Please verify that the domain entered is correct"

After factory resetting the phone I still got the same error briefly followed by "Sign-in canceled due to internal error.Please try again"

I tested to see if the credentials were working with:

Test-CsPhoneBootstrap -PhoneOrExt "2705" -PIN "12121"

I checked the DNS setup
Lync Phones usually require as a minimum Option 42 and Option 120 (then enable DHCP Options on the Front End with .

set-CsRegistrarConfiguration -EnableDHCPServer $true

I tested the DHCP options with the DHCPUtil.exe -emulateclient
I also ran wireshark to see the client getting the DHCP options, connecting to Lync, negotiating certificates and then just stop as if the credentials were incorrect

Even though the traces showed that the phone was getting all the required DHCP options and the phone was chatting to the Lync Front End, I still had no success signing in.

I am not hugely excited about the Phone Logs so before I resorted to digging into them I simply ran through the Lync Deployment Wizard (Step 2)...

That did the trick "sigh"

Other potential causes