Archive for the ‘Lync Server/Skype for Business Server’ Category

Rebranding – A New Name, a New Domain, Same Focus

October 21st, 2016 1 comment
Download PDF

When I first started this blog, I was an Exchange consultant and MVP. I spent my work days working with clients and deploying Exchange, or migrating from one version to another, or migrating from a different solution, such as Notes or GroupWise, to Exchange. Times were fun and challenging. I picked the name Ehlo World for two reasons. First, “ehlo” is a command that two mail servers send to each other at the beginning of a conversation negotiation. The “world” part came as an homage to “Hello World”. If you’ve written scripts or code, you know that one of the first exercises in learning how to code was to issue a command that would output “Hello world” to the console screen. Since I was noodling with PowerShell, which got its first big push with Exchange server, the “ehlo world” kinda made sense to me.

Flash forward years later, and my coworker, Mark Smith, came to me and said “We’re going to start also doing OCS and Lync consulting. We need a Lync guy. Tag – you’re it.”. I could barely spell OCS or Lync at the time. I had never seen the admin console, let alone deployed it. But I dove in, and it’s been a fabulous ride. As I’ve gone along, I’ve also further honed my PowerShell skills. I’ve written some whopper sized scripts, including several that were more than 6000 lines a piece. When you tie (now) Skype for Business and Exchange and PowerShell and Office 365 together, you get a great Unified Communications platform. UC. While I don’t spend much time dealing with Exchange these days, I still noodle with scripts for it. Mostly those requested by coworkers, clients, and peers. But I’m primarily focused on the Skype for Business side, and the Ehlo World name was a little stale given my focus. So, I’m rebranding to UC Unleashed. UC for the previously mentioned reasons, and the Unleashed for several others. First being that I’ve written scripts, functions, and one liners that (at least try to) think outside of the box. Second, I was honored to be involved in the writing of the Skype for Business Unleashed book.

So there you have it. A new name, but with the existing content. Linked URLs should automatically redirect to the post on the new domain soon. A new logo and a new blog theme are in the works. I’m working on some cool stuff (well, *I* think it’s cool), and you’ll see that soon. Until then, feel free to comment on my posts, suggest new scripts and ideas, and more.

Until then…

Automatically Installing and Configuring WireShark for Skype for Business

October 7th, 2016 No comments
Download PDF

wiresharkI mention in the blog article Script: Set-Cs2013Features.ps1 – Easily Install Prerequisites and Tools for Microsoft Lync Server 2013 that one of the options in the menu, #30, is download, install, and configure WireShark. The configuration settings are based on those mentioned by Jeff Schertz (Wireshark Capture Tips) and Matt Landis (Getting Started With Lync and Wireshark: Tips & Quirks) , as well as those I’ve found useful. Most of these settings REALLY help when you’re looking at traces (and who doesn’t love an afternoon of doing that?). Among some of the configuration settings are:

  1. adds Source Port (resolved) column
  2. adds Destination Port (resolved) column
  3. adds DSCP column
  4. Configures RTP protocol “Try to decode RTP outside of conversations”
  5. Configures SIP protocol for ports 5060-5068 (instead of WireShark’s default of 5060)
  6. Sets the time format to human readable format

Why manually configure these on your server (or worse, many servers), if we can automate it? Let’s make our deployment life easier. Getting WireShark installed programmatically isn’t like other programs. There is no .msi file, or silent install switches. Methods I’ve used in other scripts just didn’t work. And believe me, I tried. And tried. And tried. So, I went medieval on it, and used AutoIt to create a macro that steps through the installer, clicking the right buttons. This works exceptionally well, and is fairly fast. But I wanted to also include the configuration steps mentioned above. And this is where it got interesting. WireShark’s config file seems to change formats and details often. So writing something that would change the config file directly seemed like it would be a losing battle. So, back to AutoIt. For 95% of the config, it worked great. But there seemed to be a need to click on the custom columns in order to set their name. AutoIt allows for moving the mouse to a certain vector, then clicking. But even with maximizing everything, the coordinates were never the same on different servers with different resolutions or RDP sessions. So that part of it would often not work. You’d get the columns, but they’d be named “New Column”. Not ideal. Finally, after taking a break from trying to figure that out, I rethought about it, and was able to figure out the right keyboard combination to accomplish the same thing. Success! There is one section right after that where the mouse is required to move the new columns into the desired order, but that seems to always work, and there’s no keyboard control for that.

A remaining issue has been there since I first started this task. And that is the fact that AutoIt is written to take action based on app windows with certain titles. Usually not an issue at all, except that WireShark has always included the version number in the title bar. So every time there is a new version released, I’d have to open the source file, change the version number, re-compile to an .exe file, test, upload to my server, and update the prereq script. All in all, it is like 10 minutes of work, but I’ll need to continue to do that. As a result, I’m releasing the macros bundled the appropriate version of WireShark. Not sure if that violates some license with WireShark, but since they seem uninterested in making a silent installer method…

Download the file from the link below. Unzip anywhere, as long all of the files are in the same folder. You’ll see there are three files:

  1. The WireShark bits, which are named with the version number, such as Wireshark-win64-2.2.1.exe for version 2.2.1. This is the fire as it comes from WireShark.
  2. The installer macro, which is also named according to the WireShark version it applies to, such as WireShark_2.2.1-install.exe
  3. The config macro, which is also named according to the WireShark version it applies to, such as WireShark_2.2.1-config.exe

Run the installer macro first by double clicking on it. You’ll see it zip through the WireShark install routine. Once that closes, you can run the config macro. You’ll see it walk though the config. I do NOT recommend running the config macro more than once – lest you end up with a completely mangled config. It takes a minute or so to run. Once it’s done, you can open WireShark Legacy and use it. Once you start a trace, you should immediately be able to see the added columns:


Added columns in WireShark. Click for a larger version.



If you wander through the config menus, you’ll see the other settings as well.

The v2.x WireShark application that is also installed when you install WireShark is configured somewhat differently, and I’ll address that in the future. Right now, I’m not aware that it provides any added benefit for Skype for Business/Lync admins anyways. But really, WireShark, would it kill you to use an XML file for your config?! Or registry values?

If you have some specific config settings you use for WireShark, pass them along!


WireShark v2.2.1 – 10-07-2016 –


See the changelog for information on what’s changed/included in each version.

Writing a Book – A Labor of Love

October 5th, 2016 1 comment
Download PDF

book-coverAny tech types who’ve written tech books can attest to the fact that it’s a LOT of work. And this one was no different. Skype for Business is a very dynamic product, with features being added and updated on a continuing basis. Fortunately, I had the chance to work with some great tech luminaries – people far smarter than me, for Skype for Business Unleashed. That includes Phil Sharp, Rui Maximo, and Alex Lewis. But don’t let the fact that there are four names on the cover fool you. Plenty of others work behind the scenes, including contributing authors, editors, and publisher staff. I can’t possibly name them all, but I would like to point out a few. Stale Hansen stepped up and wrote a killer chapter on the VDI components of Skype for Business, while John Cook handled, what else, the Mac client chapter. Tom Morgan, one of Modality Systems’ ace developers, wrote on Developing Skype for Business Solutions. Former colleagues Tom Arbuthnot and Iain Smith also contributed. Even ‘The Hoff’ himself, Ken Lasko, added some great info. And to keep us all true to the product, Tim Harrington served as the tech editor. Jamie Stark, a beloved Program Manager in the Skype product group at Microsoft, wrote a killer forward.

During the project, several events occurred that seemed to derail the project. The publisher, Pearson, eliminated 4000 staff in a corporate downsizing. This was also around the time that Microsoft Press also underwent a significant restructuring. The project was in doubt for a while, but Pearson came back, committed to getting the book on to the shelves. Our normal full time gigs, family lives, and other interests also came into play. And unfortunately, someone involved in the book suffered a tragic loss. All of these caused the project timeline to slip. And during this time, the product group kept working on the product. Each time a Cumulative Update was released, we would have to review what had already been written to verify it still was valid, including details, screen shots, PowerShell commands, and more.

So why write this book? We certainly aren’t getting rich doing it. In fact, we’d all likely agree that you can’t survive on writing books at this pace. And time spent away from family and friends, and other interests can be tough. But seeing it on the shelf is rewarding on so many levels. It’s great to add the publication to your resume, LinkedIn profile, and more. Name recognition is always nice. But more importantly, getting the knowledge and experience into a format that can be beneficial to others is extremely personally rewarding to me. Is every little tidbit in there? Of course not. The book is 1100 pages. Decisions were made on how much space we could to allocate to each topic. Some chapters could be exponentially larger. But we tried to touch on the important stuff. Enough to get an environment properly designed, build, configured, and administered. And I think we did pretty well in that regard. And of course, as soon as we turned in the final edits, new features were released by the product group.

Books don’t sell unless people know about them. So we don our marketing hats and get on LinkedIn, Twitter, Facebook, blogs, and other online resources and let the world know it’s out there. Modality Systems was generous enough to put together a book signing event at Microsoft Ignite, and gave away some signed copies, as well. Twitter followers even started sending in pictures of where the book had been sighted, including the Microsoft Conference Store, MIT, and more. A signed copy even made its way to Gurdeep Pall‘s desk. Gurdeep is the Corporate Vice President of the Skype business unit at Microsoft, and he tweeted a selfie of himself holding the book. As I write this article, the book is the highest ranked Skype for Business book on Amazon. And that’s no easy task, as the other books were also written by some other top notch nerds like us.


Book signing event at Microsoft Ignite 2016. From left to right: Stale Hansen, Phil Sharp, me, Rui Maximo, and Tom Morgan.

I again want to thank everyone involved. It would not have been possible without them. I’d also like to thank the entire Product Group, as well as the Skype for Business MVPs. Both of these groups were instrumental in answering questions that popped up throughout this process.

I hope you enjoy the book, and welcome any comments or concerns.

One Liner: Add Trusted Root Cert Authorities to Edge Servers

September 19th, 2015 2 comments
Download PDF

Chris Hayward (@WeakestLync) wrote a great blog post with a neat & easy way to add trusted root certificates for your edge servers. Of course, everything in Lync and Skype for Business uses certificates, so ensuring you have all of the certificates is crucial for federation with other organizations.

Once I saw Chris’s method, I, of course, thought that PowerShell could do this as well. Voila, a one-liner to do it. This example uses the same list from Chris’s blog post, and suppresses the output so you can use it your provisioning scripts.

"", "", "", "", "", "", "", "", "" | ForEach-Object {Invoke-WebRequest -Uri $_ | Out-Null}

This method essentially just cycles through each item in the array, and does a web request for each. As each web request is completed, any new certificates are automatically added to the trusted root cert store. Usually, some of these already exist, so don’t be surprised if the total certificate count doesn’t increase by the same number of items in the array.

One liner: Find Lync/Skype for Business Users Whose Extension Doesn’t Match Part of Their DID

September 18th, 2015 2 comments
Download PDF



Get-CsUser -Filter {LineURI -ne $null} | Where-Object {$_.LineURI.Split("=")[1] -NotMatch $_.LineURI.Substring($_.LineURI.Split(";")[0].Length -4,4)} | Select-Object DisplayName,LineURI | Sort-Object DisplayName

One Liner – See Number Of Connected Users, Endpoints On A Lync Front End Server

January 22nd, 2015 4 comments
Download PDF

A question went around an internal DL at work today asking if anyone knew off the top of their head the name of performance counters that show connected users and endpoints. While digging up the answer, I started thinking – this would be a great little one liner.

My esteemed colleague Ron Cook (@roncook925) beat me to supplying the answer to the DL question. The two counters are:

LS:USrv – Endpoint Cache\USrv – Active Registered Endpoints
LS:USrv – Endpoint Cache\USrv – Active Registered Users

Endpoints is always higher than users, in my experience. There are always some users who are connected via mobile devices and rich client, or via OWA, or LPE. So I like to query both.

PowerShell has a great cmdlet called Get-Counter which, as you can guess, can query performance counters. There’s a pretty good tutorial on how to retrieve perfmon counter data for Lync related counters by the Lync PowerShell group at Microsoft in How Do We Love Performance Counters” Let Us Count the Ways. So let’s take a look at how we can get the data we need.

In this case, we’ll query the two counters mentioned above with one line. This is supported in Get-Counter by just separating the counters with a comma. We’ll select an expanded property called CounterSamples, which holds the data we need (among other info). And lastly, we’ll output the path (counter name), and something called the CookedValue, which is the actual counter value contained within CounterSamples. I know, CookedValue sounds like it could be just made up numbers, like those you get from a shifty accountant. But it is truly the value we want.

Plug this into your console as one long line:

Get-Counter "\LS:USrv - Endpoint Cache\USrv - Active Registered Endpoints","\LS:USrv - Endpoint Cache\USrv - Active Registered Users" | Select-Object -ExpandProperty CounterSamples | Format-Table Path,CookedValue -Auto

That will give you a quick point-in-time snapshot of the number of users and endpoints connected to the front end, as shown below.


The blurred text is just the front end name. If you’d like to query a remote front end, just tack on the ComputerName parameter, such as:

Get-Counter "\LS:USrv - Endpoint Cache\USrv - Active Registered Endpoints","\LS:USrv - Endpoint Cache\USrv - Active Registered Users" -ComputerName | Select-Object -ExpandProperty CounterSamples | Format-Table Path,CookedValue -Auto

For those wondering why I’m using Format-Table and the -Auto parameter, it’s because the counter path value is so long that it would otherwise get truncated short enough to where you wouldn’t know which counter was tied to which value.

One Liners: Finding Elevated Accounts That Are Enabled For Lync

November 18th, 2014 No comments
Download PDF

Lync 2013 logo 128x128One thing I see while doing Lync environmental health checks for some customers is some elevated accounts that are enabled for Lync. An example is members of the Domain Admins group. This can be somewhat problematic, especially for administration of those elevated accounts. For security reasons, it is not recommended to enable members of Domain Administrators group for Lync.

You cannot use Lync Server Control Panel to manage users who are members of the Domain Admins Active Directory group. For Domain Admins users, you can use Lync Server Control Panel only to perform read-only search operations. Attempting to perform write operations (such as enable or disable for Lync Server Control Panel, change pool or assigned policies, telephony settings, SIP address) on an elevated user will yield an “Access Denied” error. To perform write operations on a member of Domain Admins, you must use Lync Server Management Shell (PowerShell) cmdlets while logged on as a member of Domain Admins.

For more information please refer to this Microsoft page: User accounts enabled for Lync Server 2013

To query an elevated group, such as Domain Admins, for Lync enabled users, use the following:

(Get-ADGroupMember "Domain Admins").DistinguishedName | Get-CsUser -ErrorAction SilentlyContinue | Format-Table DisplayName,SipAddress

You can replace the “Domain Admins” with the name of any group, really. When you run it, you’ll end up with something like:

PS C:\> (Get-ADGroupMember "Domain Admins").DistinguishedName | Get-CsUser -ErrorAction SilentlyContinue | Format-Table DisplayName,SipAddress

DisplayName                                                 SipAddress
-----------                                                 ----------
Dan Giles                                         
Neil Armstrong                                    
Dawn Lopes                                        
Bob Seger                                         
Gail O'Grady                                      
Troy Dallas                                       
Steve Carrell                                     

You can Lync disable these users for Lync, using the Disable-CsUser cmdlet. This can be done either individually using the -Identity parameter, or everyone at once by pipeline, with something like:

(Get-ADGroupMember "Domain Admins").DistinguishedName | Disable-CsUser -ErrorAction SilentlyContinue

If you have some accounts that were previously members of an elevated group like Domain Admins, but no longer are, then the AdminCount parameter on their account may still be set. This will cause the Access Denied issue to continue. You can manually change this on the user object using ADSIEDIT, or via a script such as Set-AdminUser.

Quality of Service (QoS) Calculator – Plan Your Network, GPO, and Lync/Skype for Business Config More Easily

November 5th, 2014 8 comments
Download PDF


When deploying Microsoft Lync/Skype for Business Server, network health and configuration can be crucial.

The QoS Calculator allows you to pick and choose what components and clients will be used in your environment as well as which specific clients. You’re also able to pick a starting port number, port count, and DSCP value for each modality. The calculator will ensure that port ranges are consecutive, and that they don’t extend past 65535. The calculator will list all relevant Group Policy Object (GPO) settings, as well as the PowerShell commands needed to configure Lync/Skype for Business Server. Clients available for configuration include Lync 2010 and Lync 2013 full client, Lync 2010 Attendant and Landis Computer’s Attendant Pro attendant clients, Windows Store App client, Lync Phone Edition, and more. Server side options include A/V conferencing, application sharing, Response Group Service applications, Conference Announcement service, Call Park, UCMA apps, PSTN audio, A/V Edge services, Exchange UM, and the VDI client.

To start with, go to the INPUT tab. Any of the green cells can be changed. Reset buttons allow you to set port and port count settings back to their original values. Future releases will also reset the DSCP values as well (just need to figure out how to do that in Office VBA). Red cells indicate an error (missing or incorrect data).


Enter your Front End and Edge pool FQDNs. If you have a separate mediation pool, enter that name as well. The values defined here are used to compose the PowerShell commands needed to configure Lync/Skype for Business Server.


You can show/hide different policy types using the appropriate check boxes.


If your Mediation role is collocated with your Front End servers, check the box. This will combine the appropriate GPO policies together.


Changes to green cells are immediately reflected elsewhere in the calculator.

Once you have the values entered/verified, go to the POLICIES tab to see a list of GPO settings needed. Check out Elan Shudnow’s awesome Enabling QoS for Lync Server 2013 and Various Clients and Jeff Schertz’s Lync Quality of Service Behavior for a deep dive into setting up QoS.

Next, go to the POWERSHELL-SERVER tab, and you’ll see the relevant Lync/Skype for Business Management Shell commands to configure the server side based on the info you supplied. Copy and paste each into Lync/Skype for Business Server Management Shell.

Now, go to the POWERSHELL-GPO tab, and you can copy and paste PowerShell code into a PowerShell console on a domain controller to automatically create and configure the Group Policy Objects for server and client machines.

Lastly, the Registry-Edge tab contains the PowerShell code that updates the local security policy on the edge servers is used to configure QoS, since GPOs aren’t used in non-domain joined machines. It’s important that these commands be run in an elevated PowerShell session.

I have tons of ideas for more features and functionality. Feel free to comment below on things you’d like to see in future versions.




None. Just open the file in Excel. As this is a macro based file, you’ll need to enable content when prompted.




v1.4 – 09-13-2016 – QOS Calculator v1.4.xlsm

v1.3 – 04-26-2016 – Lync 2013 QoS Calculator v1.3.xlsm

v1.2 – 02-27-2015 – Lync 2013 QoS Calculator v1.2.xlsm

v1.1 – 01-26-2015 – Lync 2013 QoS Calculator v1.1.xslm

v1.0 – 11-5-2014 – Lync 2013 QoS Calculator v1.0.xlsm


See the changelog for information on what’s changes/included in each version.

Changelog: QoS Calculator

November 5th, 2014 No comments
Download PDF

This is the changelog page for QoS Calculator. You will find a complete list of released versions, their dates, and the features and issues addressed in each. Please refer to the script’s main page for more information including download links, installation details, and more.

v1.4 – 09-13-2016

  1. Fixed an issue with PowerShell code throwing an error when attempting to configure the registry on Edge servers.
  2. Fixed an issue where selecting/deselecting certain check boxes didn’t show/hide all of the related lines in the PowerShell-GPO worksheet.
  3. Added the executable name for VDI clients running Citrix HDX RealTime Optimization Pack 2.0 – Thanks to Ari for the info.

v1.3 – 04-26-2016

  1. Now generates the PowerShell code to create GPO for domain joined edge servers
  2. Now generates the PowerShell code to create local security policy for non-domain joined edge servers
  3. Now generates the PowerShell code to create GPO for Exchange UM
  4. Fixed issue with first trusted application port not processing correctly
  5. Disabled the UserConfiguration branch of GPOs for faster evaluation/processing
  6. Added buttons to copy policy code, config code, etc.
  7. Clarified polices required between Edge & Exchange UM based on executable info from Tony Smith @ Microsoft.
  8. Corrected Exchange UM DSCP value to match client audio value – was mistakenly set to match client video value. Thanks to @bricomp.
  9. Fixed two typos on PowerShell-Server tab in the verification code column. Thanks to @UCMadeEasy for pointing them out.
  10. Updated some naming to include both Lync and Skype for Business names”

v1.2 – 2-27-2015

  1. “PowerShell code for creating and configuring GPOs has been added. Note that since edge servers are not joined, GPOs have no effect on them. You must create the edge policies manually using the Local Security Policy on each edge server.
  2. SDN control port value (which is 9333 by default) can now be included, and a button checks to make sure the entered port is not within the defined port ranges.
  3. Up to 3 trusted app ports can also be defined, with the same button verifying there is no conflict. Examples of trusted apps include sefautil (port 7489).”

v1.1 – 01-26-2015

  1. Fixed server app sharing end port calculation. It was incorrectly showing an end port that was 1 higher than the correct amount.
  2. Moved edge server port definitions to destination instead of source
  3. Added fields to define trusted app ports, and SDN port. This will be used in the future to ensure there is no conflict in port assignments.
  4. Added configuration verification commands to PowerShell tab
  5. Fixed typo in PowerShell code for mediation server. Thanks to Andy.

v1.0 – 11-05-2014

  1. Initial version

Norway, Here I Come!

October 3rd, 2014 No comments
Download PDF

One of the great things about being involved in The UC Architects is all the people we meet. I’m part of a team of 15 of some really smart UC guys with TONS of experience. Nearly all are MVPs, some are MCMs, and all have a great deal of knowledge. With the collective reach of the individuals, we’ve made some amazing contacts.

So I was really excited (and honored) when I was invited to attend & host an episode at Norwegian Lync day on October 14. The Norwegian Lync Day will take place in Oslo, Norway, a locale I’ve yet to visit. It’s a one day conference with two tracks of sessions around Lync. Everything from Wi-Fi and BYOD, analytics and validation, to topics such as Hybrid, Skype, telephony and mobility. See the full session list in English here. With the exception of the keynote, everything else will be presented in English, which is good, because my Norwegian is pretty sad.

A pile of MVPs will be there, from fellow UC Architects host Steve Goodman and fellow Modality Systems colleague Tom Arbuthnot, to others including Martin Lidholm, Ståle Hansen, Tommy Clarke, Johan Delimon, and Adam Gent. MVPs will be participating in an Ask The Experts style event that will include Q&A, white boarding, etc. There will be tons of vendors there, so you can check out hardware, software, and services that are compatible with Lync.

My MVP and UC Architects colleague Stale Hansen has done a great video describing the event. Check it out below.

If you’re attending Norwegian Lync Day, stop by our live recording at 1600 and say hi! Or find me. I’ll be wearing a UC Architects t-shirt.

See you there!