Restoring Private Key from Windows Certificate

September 5, 2016 Leave a comment

Normally, when you created a request, got the certificate and imported it to your server, you should see that the certificate has Private key.

But for any reason if you deleted this certificate and re-imported it again, you will be surprised that the Private key is missing from this certificate.This may be also the situation if you are renewing the certificate without creating new Certificate request.

To solve this issue, you should assign the private key to your certificate. Follow below steps and you will be in safe side:

1- From the MMC, Double click your certificate that missed the private key.

2- From Details tab, select Thumbprint

3- copy the content of the Thumbprint

4- open CMD as Administrator and run below command:

  certutil -repairstore my “thumbprint”

Where “thumbprint” is the content you copied in step 3

 certutil -repairstore my “‎e2 72 36 4c ec 19 57 3b f7 53 d1 59 f4 b2 20 f7 df a7 26 ef”

5- You should receive a message that “CertUtil: -repairstore command completed successfully.” and  the private key assigned to your certificate.

Hope this is informative for you.

Lync Server 2013 Pool Readiness Troubleshooting

August 30, 2016 2 comments

First of all I’d like to thank my Colleague Ramy MESSIHA for guiding me to have this solution. Without your search and advice, we may still having a Busy pool.

During our changes on Lync 2013 platform, we may spent most of change time waiting for the Lync pool to be ready to allow rebooting another Front-End server.

You may wait for 20, 30 minutes, 60 minutes and more with no Luck. I’m not kidding if I said we may wait for days and it will not come.

So let us deep dive and discover what happens in the background and how to overcome this issue.

Behind the Scenes:

We are used to check the pool readiness using Get-CSPoolUpgradeReadiness cmdlet

So, behind this CmdLet Lync checks Certain Performance counters to decide if the Pool is Stable and Ready for Upgrade or NOT

If Lync for any reason unable to read these counters, so we may spent our life waiting for READY and it will not appear.

Troubleshooting:

When we Restart any Front End server, we should normally wait for 20 to 30 minutes according to number of users on this pool before getting READY on the pool readiness.

So if we wait for 1 hour and more and status is still Busy, we can run below steps to get pool READY.

  1. Find Performance Counter

           As we agreed the Get-CSPoolUpgradeReadiness CmdLet, read performance counters.            It is named “WRTCESPF“. This counter Should be Enabled. To be sure do the                            following:

           a- On front-End server Run C:\> LODCTR /Q >Counters.txt

           b- Open Counters.txt using notpad and search for  “WRTCESPF

            c- Be sure it is Enabled

ScreenShot062

  1. Reload the Performance Counters

           a- on the Front-End server, go to C:\program files\Microsoft Lync Server            2013\Server\Core

           b- Run below command

               regsvr32.exe /i /n wrtcespf.dll

           c- This will reload and reset permission on the performance counter

ScreenShot063

  1. Set the Correct Permissions in the Registry

            a- On the Front-End server, open Registry Editor (Regedit), and go to

              HKLM\system\currentcontrolset\services\wrtcespf\performance\parameters

             b- Right Click “Parameters” and select “Permissions”

             c- Click Add and change the Location to be the name of your FE Server

             d- Enter “RTC Server Local Group” and Click Check Names, then click OK

001

          e- On the Permissions for Parameters page click Advanced

           f- Select RTC Server Local Group and click Edit

002

           g- In the Drop Down Box next to Apply to: Select This Key only

           h- Select checkbox to Allow Full Control

          i- Click OK

  1. Recycle RTCSrv service or Restart FE server

           a- on the FE Server, Run below CmdLets to stop and start Front-End service

             stop-cswindowsservice rtcsrv

              start-cswindowsservice rtcsrv

           b- You should notice after the service restarted that another Registry Key appears

                 as below screenshot.

004

  1. Do the same steps on ALL Front-End servers on the Pool
  1. Checking

          After completing all Front-End servers, check the readiness of the Pool using

               Get-CSPoolUpgradeReadiness

And hope you enjoy that pool is READY

Here is the complete reerence:

https://blogs.technet.microsoft.com/nexthop/2016/03/18/get-cspoolupgradereadinessstate-showing-not-ready-or-busy/ 

Enable RSS on Lync Environment

Recently I was reading about the Windows features that enhance the Skype for Business / Lync Environment, and one of Microsoft recommendation is Enable Receive Side Scaling (RSS).

Here is Microsoft recommendation:

Skype for Server 2015 capacity planning using the user models

To improve the media performance of the co-located A/V Conferencing and Mediation Server functionality on your Front End Servers, you should enable receive-side scaling (RSS) on the network adapters on your Front End Servers. RSS enables incoming packets to be handled in parallel by multiple processors on the server. For details, see Receive Side Scaling (RSS) in the Windows Server 2012 documentation. For details about how to enable RSS, you’ll need to refer to your network adapter documentation.

While planning to deploy it on environment, i thought to apply it per site as a precaution to not impact all sites in case any thing happened. So i developed a Script to apply and test the status of RSS on Domain Controllers, Front-End, Mediation, SQL, Office Web App Servers per site. You can use or customer below script if you have same situation. ############################################################### #Script Developed by Fady Naguib, will Enable Receive-side scaling (RSS) feature on DC, FE, MED, WAC and SQL Servers per site

###############################################################

#Defining Global Variables
$Site = Read-Host “Enter Site Name”
$site_Name = “Site:$Site”
# Updating Domain Controllers in the site selected#
Write-Host “Updating Domain Controllers in $Site” -ForegroundColor Cyan
$ADSItes= Get-ADDomainController -Filter {Site -eq “$Site”} | Select HostName
foreach ($ADSite in $ADSItes.HostName) {
$NIC_Status = get-netadapterrss -cimsession $ADSite | Enable-NetAdapterRss -NoRestart

# Checking Status of Domain Controllers
Write-Host “Checking Status of Domain Controllers on $Site” -ForegroundColor Yello
if ( ($NIC_Status).Enabled -eq $true ){
Write-Host “$ADSite has been Updated” -ForegroundColor Green
}
else {
Write-Host “Failed to Update $ADSite” -ForegroundColor Red
get-netadapterrss -cimsession $ADSite | select PSComputerName, Name, Enabled
}
}

#updaing Front-End servers in the Selected Site

Write-Host “Updating Front-End Servers in $Site” -ForegroundColor Cyan
$Computers = @()
$Pools = Get-CsService -Registrar | where {$_.siteId -like “$Site_Name*”}
foreach ($pool in $pools.PoolFQDN) {
$Computers += (Get-CsComputer -Pool $pool).FQDN }

foreach ($Computer in $Computers) {
Get-netadapterrss -cimsession $Computer | Enable-NetAdapterRss -NoRestart }

# Checking Status of Front-End servers
Write-Host “Checking Status of Front-End servers on $Site” -ForegroundColor Yello
$FE_Status = Get-netadapterrss -cimsession $Computers
if ( ($FE_Status).Enabled -eq $true ){
Write-Host “$Computer has been Updated” -ForegroundColor Green
}
else {
foreach ($Computer in $Computers) {
Write-Host “Failed to Update $Computer” -ForegroundColor Red
get-netadapterrss -cimsession $Computer
}
}

#updaing Mediation servers in the Selected Site
Write-Host “Updating Mediation Servers in $Site” -ForegroundColor Cyan
$MED_Pools = Get-CsService -MediationServer | where {$_.siteId -like “$Site_Name*”}
foreach ($MED_Pool in $MED_pools.PoolFQDN) {
$MED_Computers += (Get-CsComputer -Pool $MED_Pool).FQDN }

foreach ($MED_Computer in $MED_Computers) {
Get-netadapterrss -cimsession $MED_Computer | Enable-NetAdapterRss -NoRestart }

# Checking Status of Mediation servers
Write-Host “Checking Status of Mediation servers on $Site” -ForegroundColor Yellow
Write-Host “===========================================” -ForegroundColor Yellow
$MED_Status = Get-netadapterrss -cimsession $MED_Computers
if ( ($MED_Status).Enabled -eq $true ){
Write-Host “$MED_Computer has been Updated” -ForegroundColor Green
}
else {
foreach ($MED_Computer in $MED_Computers) {
Write-Host “Failed to Update $MED_Computer” -ForegroundColor Red
get-netadapterrss -cimsession $MED_Computer
}
}
#updaing SQL servers in the Selected Site
Write-Host “Updating SQL Servers in $Site” -ForegroundColor Cyan
$DB_Computers += Get-CsService -ApplicationDatabase | where {$_.siteId -like “$Site_Name*”}
foreach ($DB_Computer in $DB_Computers.PoolFQDN) {
Get-netadapterrss -cimsession $DB_Computer | Enable-NetAdapterRss -NoRestart }
# Checking Status of DB servers
Write-Host “Checking Status of SQL servers on $Site” -ForegroundColor Yellow
Write-Host “===========================================” -ForegroundColor Yellow
$DB_Status = Get-netadapterrss -cimsession $DB_Computers.PoolFQDN
if ( ($DB_Status).Enabled -eq $true ){
Write-Host “$DB_Computer has been Updated” -ForegroundColor Green
}
else {
foreach ($DB_Computer in $DB_Computers.PoolFQDN) {
Write-Host “Failed to Update $DB_Computer” -ForegroundColor Red
get-netadapterrss -cimsession $DB_Computer
}
}

#updaing WAC servers in the Selected Site
Write-Host “Updating WAC Servers in $Site” -ForegroundColor Cyan
$WAC_Pools = Get-CsService -WacServer | where {$_.siteId -like “$Site_Name*”}
foreach ($WAC_Pool in $WAC_pools.PoolFQDN) {
$WAC_Computers += (Get-CsComputer -Pool $WAC_Pool).FQDN }

foreach ($WAC_Computer in $WAC_Computers) {
Get-netadapterrss -cimsession $WAC_Computer | Enable-NetAdapterRss -NoRestart }

# Checking Status of WAC servers
Write-Host “Checking Status of WAC servers on $Site” -ForegroundColor Yellow
Write-Host “===========================================” -ForegroundColor Yellow
$WAC_Status = Get-netadapterrss -cimsession $WAC_Computers
if ( ($WAC_Status).Enabled -eq $true ){
Write-Host “$WAC_Computer has been Updated” -ForegroundColor Green
}
else {
foreach ($WAC_Computer in $WAC_Computers) {
Write-Host “Failed to Update $WAC_Computer” -ForegroundColor Red
get-netadapterrss -cimsession $WAC_Computer
}
}

###############################################################

 

And here is a script to Enable RSS on Edge servers. you should Run the script on each Edge server or if you can use Remote PowerShell, it will be nice idea.

 

########################################################
# Script Developed by Fady Naguib, will Enable Receive-side scaling (RSS) feature on Lync Edge Servers. You should run it on each server or use Remote PoewerShell.

########################################################

# Updating Edge Server
$Edge_Name = (Get-WmiObject -Class Win32_ComputerSystem).Name
$Edge_FQDN = $Edge_Name + “.zo1jti.local”
Write-Host “Updating $Edge_FQDN Server” -ForegroundColor Cyan
Get-netadapterrss -cimsession $Edge_FQDN

#Checking Status of Edge Server
Write-Host “Checking Status of $Edge_FQDN serve”
$ED_Status = Get-netadapterrss -cimsession $Edge_FQDN
if ( ($ED_Status).Enabled -eq $true ){
Write-Host “$ED_FQDN has been Updated” -ForegroundColor Green
}
else {

Write-Host “Failed to Update $Edge_FQDN” -ForegroundColor Red
get-netadapterrss -cimsession $Edge_FQDN
}

###############################################################

Hope this is useful for you🙂

 

Categories: Lync 2013, Skype for Business Tags: , ,

Useful PowerShell Cmdlets for Administrators

To list all Domain Controllers in your Environment:

Get-ADDomainController -Filter *

To list Domain Controllers in specific site:

Get-ADDomainController -Filter {Site -eq “AD_Site_Name”}

List Lync / Skype for Business Front-End Servers in a site:

Get-CsService -Registrar | where {$_.siteId -like “Site_Name”}

Get Lync Pool that computer related

Run below Cmdlets on the Computer you want to get its Lync pool and you may use                it inside a script:

$Compinfo = Get-WmiObject -Class Win32_ComputerSystem
$server = $Compinfo.Name + “.” + $Compinfo.Domain
$pool = (Get-CsComputer | Where-Object {$_.identity -eq $server}).pool
$pool
To Get SQL Server related to this Pool:

$sysinfo = Get-WmiObject -Class Win32_ComputerSystem
$server = $sysinfo.Name + “.” + $sysinfo.Domain
$FEpool = (Get-CsComputer | Where-Object {$_.identity -eq $server}).pool
$sql = ((get-csservice -identity UserServer:$FEPool).UserDatabase).split(“:”)[1]

 

 

 

 

Offline Message in Skype for Business

March 31, 2016 Leave a comment

Finally the feature has been developed by Microsoft.

Now with Skype for Business you can send a peer-to-peer IM message to offline colleague.

01

Offline colleague will be notified by Skype for Business and also via Windows Alerts.

02

03

This feature depend on “EnableIMAutoArchiving” and “DisableSavingIM” parameters in the Client Policy to be set to True. If either setting is set to False, offline messaging will not be enabled

To edit the Client Policy, use below cmdlet:

Set-CsClientPolicy -Identity Policy_Name -DisableSavingIM $True -EnableIMAutoArchiving $True

For more information refer to https://support.office.com/en-us/article/Use-offline-messaging-in-Skype-for-Business-ffdc6a43-71a1-40ee-bfcc-640d21324a3d

Categories: Lync 2010

Lync 2013 Databases

August 16, 2015 Leave a comment

Most of us dealing with Lync settings and configuration on daily basis and it is well known that all these settings & configuration are stored on Back-End Databases. But do we know the use of each Database?!!

May be it is not important for some of us as we are not database Expertise but I see it is useful to know at least where is Lync Data stored.

As all of you know Lync 2013 Enterprise Edition require Separate SQL Server as Back-End although Lync 2013 Standard Edition use SQL Express locally installed on the Front-End Server.

Hence, we will talk about Enterprise Edition and if you have Standard Edition you will find all Databases owned by the FE Server.

Also for the Enterprise Edition, there are some Databases homed on the Front-End Servers in the RTCLOCAL & LYNCLOCAL Instances.

As per TechNet, we can divide the Databases as below:

Central Management

  • XDS: This is the main database of Lync server which contains the Topology information, Configuration and Policies.

A Read only copy of this DB should be replicated to each Lync Server.

  • LIS: This is the Location Information Service Database which contains configuration about Subnets, Ports, Switches,… used for E-911.

Application Databases:

  • Cpsdyn: maintains the dynamic information for Call Park application
  • Rgsconfig: maintains the Response Group service data file for the configuration of the services
  • Rgsdyn: contains the Response Group service data file for runtime operations

Archiving & Monitoring Databases:

  • Lcslog: This is the Archiving Database for the Instant Messaging and Conferencing Data
  • LcsCdr: Call Detailed Recording Database for Monitoring
  • QoEMetrics: Quality of Experience used by Monitoring.

Lync Core

  • XDS: a read only copy of xds database which is part of central management store and resides in SQL
  • Rtc: maintain the Persistent user data (Contact List, Schedule Conference,…). It will be founded under Front-End servers (RTCLOCAL Instance).
  • Rtcdyn: Maintains transient or dynamic user data (Presence).
  • lyss:it is  stands for “Lync storage service” data and specifically work for paired pool configuration. It is part of the Front End servers under Lync Local named instance.

Users

  • RTCXDS: it maintains the backup for user data
  • RTCShared: it maintains conferencing directory
  • RTCAB: maintains Address Book service information

Also there are other databases:

  • Lync Persistent Chat Database: It is used as the main repository for Persistent Chat service (Known previously with Group Chat) and maintain user persistent chat data.
  • Lync Persistent Chat Compliance Database: maintain compliance data for this user service Lync uses mgccomp database.
Categories: Lync 2013 Tags: ,

Modifying DNS Zone Transfer

March 27, 2015 Leave a comment

Sometimes you have multiple DNS Servers and you would like to allow Zone Transfer on one or more Reverse Zone. This is Manual process but and if you have multiple DNS Servers, you will suffer from doing the same Task many times.

dnscmd” is a tool allow you to administer DNS using command lines.

So in our topic to allow Zone Transfer on Reverse Zone, you can simple use below command:

Dnscmd Server_Name /Zoneresetsecondaries “FQDN of Zone” /SecureList “List of IPs to be added”

Example: dnscmd DNSServer_FQDN.Domain.local /ZoneResetSecondaries “3.2.1.in-addr.arpa” /SecureList 1.2.3.1,1.2.3.2,1.2.3.3

 For more information you can refer to TechNet:

https://technet.microsoft.com/en-us/library/cc772069.aspx?f=255&MSPPError=-2147217396

For complete list of dnscmd commands:

https://technet.microsoft.com/en-us/library/jj649850(v=wps.620).aspx

%d bloggers like this: