Bay Area Microsoft Cloud User Group

I have started a new user group in the San Francisco Bay Area. This user group is dedicated to IT professionals looking to share experiences and learn from others about Microsoft cloud technologies. We plan on meeting both in San Francisco and Mountain View/Sunnyvale, at Microsoft facilities, on a regular basis. Here are some of the topics we are looking to discuss:

  • Office 365
  • Azure IaaS
  • Azure SQL
  • Enterprise Mobility Suite
  • Operations Management Suite
  • Azure Active Directory
  • Azure Stack
  • Azure Storage

It is a very exciting time of transition for Microsoft partners as we move from on-premises deployments to helping our customers migrate to the cloud. Nobody enjoys change but if we don’t then life move on past us.

Please join our Meetup group here: http://www.meetup.com/Microsoft-Cloud-User-Group/

DirSync Error SignInName

Scenario

 

I recently helped a customer troubleshoot an issue with a DirSync error. They had an existing “Cloud Only” account that was created when they implemented an Azure tenant. This account matched an existing on-premises shared mailbox.

The ultimate solution to this issue was found in a TechNet forum: LINK

Environment

 

On-Premises Active Directory

ADFS 2.0

Existing Azure tenant

Office 365 tenant associated with Azure tenant

Azure AD Connect (Upgraded from DirSync)

Issue & Solution

 

The primary issue is that the on-premises shared mailbox was not sync’ing to Office 365. The error in Azure AD Sync was as follows:

Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [SignInName itprocurement@contoso.com;]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.

This error, of course, was not very informative and the ultimate solution came from the TechNet Forum, link above. The issue is that the person who created the “Cloud Only” account used the SMTP address of the on-premises shared mailbox as the setting for “Alternative Email Address”. So, the error was related to “SignInName” which is directly tied to the “AlternativeEmailAddresses” setting. Also, the “Cloud Only” account had an UPN value that included “#EXT#” which points to the fact that this account was used to setup the Azure tenant.

The solution was to change the alternative email address to be something hosted on an external email solution, I.E. Outlook.com, Gmail or Yahoo. This can be done via the Office 365 Portal but if you want to do this via PowerShell then here is the command-line:

Set-MsolUser –UserPrincipalName 'itprocurement_contoso.com#EXT#contoso.onmicrosoft.com' –AlternateEmailAddresses 'itprocurement.contoso@outlook.com'

Hey George, I moved my Blog to Azure

Why did I move my Blog?

 

I recently started giving Azure IaaS and Office 365 more attention. When I realized that not a lot of training and information was available I decided to take the usual approach, just use it until you know it.

This lead me to doing a general overview of the Azure IaaS service and what option were available. So, when I noticed a templated version of WordPress I knew immediately what I wanted to do.

My blog was being hosted on Google’s Blogger service and I could not use the Microsoft Word Blog template with it. But now that I have moved my blog to an Azure VM running WordPress 4.2 that is no longer an issue.

So, as you may have already figured out, this blog entry is my first one using the Word 2016 template. I have high hopes for this as it will allow me to quickly pen new entries and hopefully result in a Microsoft MVP nomination.

Navigating the Azure Portal

 

The previous IaaS deployment on Azure was not very straight forward, as it was an add-on to the PaaS offering. So, once I heard that Microsoft had revamped the entire IaaS system I was very happy and excited to try it out.

Since I have a MSDN account through my existing employer, SPS, I figured I would leverage that to get started. So, I logged onto my MSDN subscription and navigated to the Azure Portal: http://portal.azure.com

The new portal is beautiful and very easy to use. The nice thing about Azure is that there is a marketplace where you can find resource templates. I did a basic search for “WordPress” and found more than a few options.

So, at that point, I decided to go with a “Azure Certified” template from a partner/publisher named “Bitnami”. The template contained a preconfigured deployment of Linux and WordPress 4.2

I clicked on “Create” and away I went on creating the new Virtual Machine. What I ended up with was a few resources in my list:

WordPress Azure VM Configuration

 

Once everything was fully deployed I logged onto the WordPress site using the FQDN provided by Azure. I was then off to the races on configuring WordPress to host my blog.

When I completed the new design, still work in progress, I updated my DNS entry for “blog.ucparticles.com” to point to the Azure WordPress FQDN and it worked.

Here are some before and after images:

Before

 

After

 

Conclusion

 

Well, I have to say that I was really impressed at how easy it was to setup a WordPress VM on Azure, customize and then migrate my blog content.

My blog now has the theme that I want to move forward with, which is more Microsoft Cloud centric.

You can look forward to more Microsoft Cloud based blog entries in the future.

Adding a Secondary UM DialPlan to an Office 365 Mailbox – Issue transferring a caller directly to voicemail

Background

My company recently was acquired and being a Microsoft Gold partner we already had an Office 365 tenant. Due to the acquisition we needed to move all of our mailboxes from on-premises to Office 365. The company is also a Cisco Gold partner so, as you can imagine, we have a mix of technologies deployed internally, specifically Cisco Call Manager and Microsoft Lync 2013. But the Cisco UCM system has always been the primary for inbound/outbound PSTN calls.


Cisco/Lync Integration

A good portion of our employee’s work out of home offices but we also have 10-15 people in our home office. So, as a result we ended up with a couple of different integrations and user setups.

  • Cisco UCM Only users
  • Lync 2013 Only users
  • Cisco/Lync users

Cisco/Lync Integration with UM

This special integration requires that two (2) UM dial plans are associated with the users mailbox. The primary was always Lync and Call Manager set as the secondary.

Exchange Online UM

We had deployed an AudioCodes Mediant 1000 as a SBC between Cisco UCM and Office 365, for the “Cisco Only” users. The Lync 2013 environment was configured to support UM in Office 365 and worked without issue.

Primary Issue

Once we migrated the mailboxes of the Cisco/Lync users to Office 365 then an issue ensued. The office receptionist was no longer able to transfer calls directly to voicemail. Here is what we found and how we were able to fix this issue:

Solution

The transfer to VM method involved a special route pattern on CUCM in the format “* + 4 digit ext”. So, the receptionist presses the transfer button, dials *extension and then presses the transfer button again. During this process the receptionist is able to hear the UM mailbox announcement. This was not the case when this issue was being experienced. The receptionist received a busy signal after *extension.

Upon initial research it was determined that the user’s secondary UM dial plan association was removed after the migration to Office 365. We are still validating this so stay tuned for an update to this blog post.

Here is where things got interesting. We could not add a secondary UM dial plan via the Exchange Online web portal. It would allow you to open the window and configure but clicking “OK” did nothing at all.

So, after some internet searching we found the following Office 365 community post by Microsoft: LINK. This did fix the busy signal that the receptionist was experiencing but once the transfer was completed all audio stopped working, in both directions.

Finally, after working with one of our amazing Cisco Voice engineers we were able to fix this by enabling MTP on the SIP trunk between Cisco UCM and the AudioCodes Mediant 1000 SBC.

This is a really niche issue but I hope it helps others get through it.

Office 365 Groups – How to update primary SMTP Address

UPDATE 5/14/2015:
Microsoft has changed the PowerShell commands. See Tony Redmond’s blog entry here: LINK


Information:

I recently worked with a large Semiconductor company to migrate them from a hosted environment to Office 365. When Office 365 Groups feature was released I started to use on this customers tenant. I immediately found a major shortcoming, the primary SMTP address for the group was the *.onmicrosoft.com domain. After looking through the Office 365 portal I could not find a way to change this.

Fix:

After opening a ticket with Microsoft they informed me that PowerShell commands existed that could make the change I wanted. Microsoft is still working on updating all tenants to enable this feature in the web interface.

  • Connect to the Office 365 tenant via Powershell

  • Using “Get-OrganizationConfig” verify that the tenant is at least: RBACConfiguration = 0.1 (15.1.16.13) and AdminDisplayVersion = 0.2 (15.0.16.13)

  • Get-OrganizationConfig | FL RBACConfiguration, AdminDisplayVersion

     
  • Obtain a list of existing Office 365 Group mailboxes

      Get-GroupMailbox

         

      • Use the following one-liner to update the primary SMTP address

          Set-GroupMailbox –Identity Name PrimarySMTPAddress groupname@defaultdomain.com (Insert primary domain here)

        References:
        Use PowerShell to manage Groups


        PowerShell – Script to update all existing “groups”:

        NOTE: Remeber to change the domain name in the $primarysmtp variable

        CSV File:

        Alias
        group1
        group2

        Script:

        function Select-FileDialog
        {
        param([string]$Title,[string]$Directory,[string]$Filter=”CSV Files (*.csv)|*.csv”)
        [System.Reflection.Assembly]::LoadWithPartialName(“System.Windows.Forms”) | Out-Null
        $objForm = New-Object System.Windows.Forms.OpenFileDialog
        $objForm.InitialDirectory = $Directory
        $objForm.Filter = $Filter
        $objForm.Title = $Title
        $objForm.ShowHelp = $true
        $Show = $objForm.ShowDialog()
        If ($Show -eq “OK”)
        {
        Return $objForm.FileName
        }
        Else
        {
        Exit
        }
        }

        Start-Transcript -Path .Update-GroupMailbox.txt
        $FileName = Select-FileDialog -Title “Import an CSV file” -Directory “c:”
        $csvFile = Import-Csv $FileName
        foreach($user in $csvFile)
        {
        $alias = $user.alias
        $primarysmtp = $alias + “@domain.com”
        Set-GroupMailbox -Identity $alias -PrimarySMTPAddress $primarysmtp -Verbose }
        Stop-Transcript
         

        Cannot Connect to Sharing Server, error code 141

        Background:
        I have seen this issue blogged about, Elan Shudnow, and on the Microsoft forums. The fix has never really been detailed, although the suggestion of restarting services fixed it for Elan.

        So, that being said, I came across this issue with a current customer and was able to fix it.

        Environment:

        2 x Lync Server 2010 Enterprise Front-End servers
        1 x Lync Server 2010 Edge server
        1 x Microsoft TMG 2010 Reverse Proxy server

        ** All virtualized on VMware ESXi hosts

        Issue:
        External Powerpoint, whiteboard and poll sharing attempts result in an error message “Cannot Connect to Sharing Server, error code 141” 

        Error: Occurs ONLY when sharing between internal and external/federated users.


        Troubleshooting:
        We followed the suggestions of Elan and Microsoft. Also, we double and triple checked the reverse proxy, TMG in this case. Everything looked in good running shape.

        So, we narrowed it down to the Lync Edge Web Conferencing role and performed some Wireshark traces. We could see that the connection broke during SSL certificate negotiation. We validated the SSL certificates and chains on both ends, still did not work.

        Fix:
        When all else fails my go to troubleshooting check, especially in a VMware virtualization environment, is time sync. I have experienced very random issues when the Lync Front-End server was set to sync its time with the ESXi host.

        So, I checked the Lync Edge server and BINGO it was set to sync time with the ESXi host. Once I removed the check from the box on the VMware tools and updated the time from an internal NTP source all was well with the world again.

        Let me know if this was helpful.

        Installing Wireshark on Windows 8

        Environment:

        • Windows 8 Enterprise
        • Wireshark 1.8.2
        • WinPcap 4.1.2

        Issue: This version of Windows is not supported by WinPcap 4.1.2. The installation was aborted.

         





        Fix:

        1. Download the Wireshark 64bit installer to a local drive
        2. Right-Click on the installer (Wireshark-win64-1.8.2.exe)
        3. Click on “Properties”
        4. Click on the “Compatibility” tab
        5. Under “Compatibility mode” check the box labeled “Run this program in compatibility mode for”
        6. Pull down the Operating System selection and click on “Windows7”
        7. Click “OK”
        8. Right-Click on Wireshark 64bit instaaller and select “Run as Administrator”
        9. Ignore any compatibility warnings and just click through them.
        10. WinPCap Install will complete
        11. FINISHED

        Lync 2010, AudioCodes and T1 Trunk – Outbound calls fail

        Environment:

        • Lync 2010
        • AudioCodes Mediant 1000 MSBG
          • T1/E1 Trunk Card
        • AT&T PRI Line

        Issue: Outbound calls fail from Lync client or phone

        Reason:

        • “Display Name” field is populated
        • “Type of Number” or TON is not set on AudioCodes
        • “Number Plan” or NPI is not set on AudioCodes
        • Syslog on AudioCodes shows the following message:
          • Abnormal Disconnect cause:50#GWAPP_REQUESTED_FAC_NOT_SUBSCRIBED

        Fix:

        (AudioCodes firmware 6.2 or greater)

        Remove “Calling Name” at the Trunk level

        1. Open the AudioCodes web management console
        2. Click on “Full” radial button
        3. Expand “PSTN”
        4. Click on “Trunk Settings”
        5. Change the setting “Remove Calling Name” to “Enable”
        6. Click “Submit”
        7. Click “Burn”

        Set TON and NPI Values

        1. Open the AudioCodes web management console
        2. Click on “Full” radial button
        3. Expand “GW and IP to IP”
        4. Expand “Manipulations”
        5. Click on “Source Number IP –> Tel”
        6. If no lines exist then click “Add” (1)
          1. Destination Prefix = *
          2. Source Prefix = *
          3. NPI = “E.164 Public”
          4. TON = “National”
          5. Presentation = “Allowed”
        7. Click “Apply”
        8. Click “Burn”

        Deploying Lync Monitoring Server Reports Fails – Server committed a protocol violation

        Issue: Lync Monitoring Server Reports fail to deploy to a SQL Server Reporting Services instance

        Error: The server committed a protocol violation. Section=ResponseStatusLine

        Fix: The customer had an internal web proxy solution in place. So, if Internet Explorer has the “Automatically detect settings” box checked under Internet options/Connections/LAN Settings then “Uncheck” and deploy the reports.