Archive

Archive for October, 2016

Script: Set-CsFeatures.ps1 – Easily Install Prerequisites and Tools for Lync Server 2013 and Skype for Business Server 2015

October 24th, 2016 26 comments

skype_for_business_secondary_blue_rgbDescription

Installing Skype for Business and Lync servers is usually boring if you’re a consultant who does it often. Making sure the server specs are right, installing OS features, configuring NICs, etc. It’s even more boring if you’re building a bunch of servers at one time. There’s always a chance for human error, too. So why not automate as much as possible? That’s what I was after when I built the Lync Server 2010 prereq script, then the Lync Server 2013 prereq script. And it’s certainly what I’m after for Skype for Business Server 2015. This time, however, I opted to not have a separate script for Skype for Business. Many of the requirements are the same, or just slightly different, than Lync Server 2013. So I just added the Skype for Business functionality to the 2013 script, and updated everything as a whole.

When calling the script, one only needs to specify the –Skype4b switch to put the script into “Skype for Business mode”. Not specifying that switch cause a pop-up to appear, asking what mode you’d like. The menus don’t change based on what mode the script is in. Options for only one platform are clearly noted. Otherwise, the options automatically adjust for the platform you’ve chosen. The menu starts out with core prerequisite options for common Lync/SfB roles, followed by Microsoft tools and resources, some third-party tools and options, and then some sub-menus. Sub-menus are broken down by Misc server config, Desktop shortcuts, Taskbar shortcuts, Downloads, and Security options. As you can see, there are TONS of options. I’m not going to list every menu and option here, as the nature of the script means I’ll be adding/updating things as people request them, or as vendors update/alter their offerings. Just note that the options from the 2013 script have been moved around a little bit as I try to keep things organized.

This version also uses my new method of checking for updates, as mentioned in Function: Get-UpdateInfo – Making It Easy for Your Users to Get the Latest Version of Your Scripts. When a new version is available, you’ll get a pop-up notifying you.

If you’re aware of a third-party product, or even Microsoft product, that is a good match for Skype for Business servers, let me know. I’m happy to take a look and see if it would make a good addition to the script.

Super big thanks to my beta testers for supplying bug reports, suggestions, and comments.

Syntax

C:\Set-CsFeatures.ps1 [-TargetFolder <String>] [-WindowsSource <String>] [-SQLPath <String>] [-InitialMenuOption <Int32>] [-IncludeSSMS ] [-IncludeTelnet ] [-IncludeFW ] [-IncludeHighPower ] [-IncludeStandard ] [-GetInfoFromRegistry ] [-OWASOveride ] [-DownloadOnly ] [-SkipCoreCheck ] [-Tail ] [-Skype4b ] [-SkipUpdateCheck ] [-DisableAutoUpdates ] [-IncludeLanguagePack ] [-SkipEdgeNicConfig ] [-WhatIf ] [-Confirm ] [-IncludeTotalCount ] [-Skip <UInt64>] [-First <UInt64>] [<CommonParameters>]

C:\Set-CsFeatures.ps1 [-TargetFolder <String>] [-GetInfoFromRegistry ] [-OWASOveride ] [-DownloadAll ] [-SkipCoreCheck ] [-Tail ] [-Skype4b ] [-WhatIf ] [-Confirm ] [-IncludeTotalCount ] [-Skip <UInt64>] [-First <UInt64>] [<CommonParameters>]

C:\Set-CsFeatures.ps1 [-GetInfoFromRegistry ] [-ClearRunningStatus ] [-WhatIf ] [-Confirm ] [-IncludeTotalCount ] [-Skip <UInt64>] [-First <UInt64>] [<CommonParameters>]

C:\Set-CsFeatures.ps1 [-GetInfoFromRegistry ] [-Skype4b ] [-WhatIf ] [-Confirm ] [-IncludeTotalCount ] [-Skip <UInt64>] [-First <UInt64>] [<CommonParameters>]

Examples

.\Set-CsFeatures.ps1 -Skype4b

Runs script in Skype for Business mode. Options chosen while running in this mode are tailored to Skype for Business. Not specifying this option will cause a pop-up prompt when the script starts, allowing a user to choose the desired mode.

.\Set-CsFeatures.ps1

Runs script with default values.

.\Set-CsFeatures.ps1 -WindowsSource "d:"

Runs script with the location defined for the Windows Server 2012/2012 R2 installation files.

.\Set-CsFeatures.ps1 -SQLPath "d:\sqlexpress"

Runs the script and installs any required SQL Express instances in the specified location.

.\Set-CsFeatures.ps1 -TargetFolder "d:\installbits"

Runs the script, and saves any downloaded files and written logs in the specified location instead of the default “c:\_install”.

.\Set-CsFeatures.ps1 -InitialMenuOption 3

Runs the script, and automatically starts option 3 (Front End server). Once it’s finished with that option, the script functions as normal, and displays the menu. NOTE: only options from the main menu can be specified. Options in sub-menus are not available with -InitialMenuOption.

.\Set-CsFeatures.ps1 -tail

Runs script with default values, but also shows an additional PowerShell window showing a live running log file.

Parameters

-TargetFolder

Defines the location for any downloaded files. Defaults to “c:\_install”. Additionally, log files generated by this script are located in a sub-folder of TargetFolder called “logs”. TargetFolder does not support paths with spaces, but does support non-hidden UNC paths.

-WindowsSource

Defines the location of the Windows Server installation files. This is needed to install .Net 3.5 since those files are not installed on the server by default. Defaults to first detected CD-ROM/DVD drive. This can be a local file path, path to an .ISO file, or a non-hidden UNC path.

-SQLPath

Defines the desired installation path for SQL Express. Defaults to “c:\Program Files\Microsoft SQL Server”.

-InitialMenuOption

Allows you to start the script with the option you want, without first displaying the menu.

-IncludeSSMS

If specified, will include SQL Server Management Studio automatically when prerequisites are installed for any server that has SQL Express instances. If not specified, a prompt will appear.

-IncludeTelnet

If specified, will include Telnet automatically when prerequisites for Front End servers, Director servers, Mediation servers, Edge servers, and/or Persistent Chat servers are installed. If not specified, a prompt will appear.

-IncludeFW

If specified, will include the firewall rules for Get-CsConnections automatically when prerequisites for Front End servers are installed. If not specified, a prompt will appear.

-IncludeHighPower

If specified, tells the script to automatically set the Power Config on the server to High Power. This is instead of the script prompting. This option is available for all server roles.

-IncludeStandard

If specified, tells the script to include the extra SQL Express instance required for Standard Edition front end servers. This is instead of the script prompting.

-GetInfoFromRegistry

This value is only used during mid-prereq reboots. It is automatically set and read by the script, and should never be manually specified.

-OWASOveride

Don’t use this parameter. It’s for internal testing only. Using it can render the server unusable.

-DownloadOnly

Tells this script to not install or configure anything – just download the files. This is useful if you’re going to be building servers that do not have Internet access and want to fetch the files beforehand. The big difference between this option and -DownloadAll, is that this option presents the normal menus, and allows you to download files for the options you pick. The -DownloadAll option downloads ALL files needed for ALL options.

-DownloadAll

Tells this script to not install or configure anything – just download ALL of the files. This is useful if you’re going to be building servers that do not have Internet access and want to fetch the files beforehand from a desktop computer. The big difference between this option and -DownloadOnly, is that this option downloads ALL files needed for ALL options, whereas -DownloadOnly allows a user to download files for specific options they choose.

-ClearRunningStatus

This switch forces the running status to be reset. This option should ONLY be used if the script exits/aborts dirty, and attempts to run the script again yield a “Script is already running” message.

-SkipCoreCheck

When specified, skips the check for Server Core. It is not meant to be called manually, as it’s used when the script needs to restart after a server reboot.

-Tail

When specified, opens another PowerShell session and tails the log file, similar to *nix. This is really only beneficial during troubleshooting.

-Skype4b

When specified, uses values specific to Skype For Business Server 2015 for prerequisites. If this option is NOT specified a pop-up will appear, asking which mode the script should operate in: Lync Server 2013 or Skype for Business Server 2015.

-SkipUpdateCheck

When specified, skips the check for a newer version of the script. This option is included mainly for when the script reboots the server.

-DisableAutoUpdates

When specified, skips the prompt and automatically disables auto updates for Windows Server. If not specified, a prompt is displayed.

-IncludeLanguagePack

When specified, skips the prompt for the installation of the Office Online Server English language pack. If not specified, a prompt is displayed.

-SkipEdgeNicConfig

When specified, skips the configuration of the NICs on edge servers. This requires that you manually complete those steps.

Installation

No installation is necessary.

Execution Policy: Third-party PowerShell scripts may require that the PowerShell Execution Policy be set to either AllSigned, RemoteSigned, or Unrestricted. The default is Restricted, which prevents scripts – even code signed scripts – from running. For more information about setting your Execution Policy, see Using the Set-ExecutionPolicy Cmdlet.

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Known Issues

The only issue I’m aware of at the release of the latest version is that pinning shortcuts to the taskbar in Windows Server 2016 doesn’t seem to be working. If you come across something, please let me know. Contact info is in the header of the script, and the script also has option 96, ‘how to report a bug’ that will tell you what information is critical when reporting a problem.

Frequently Asked Questions

Question: Does this script support Windows Server 2016?

Answer: Yes – starting with version 4.20, prerequisites for Windows Server 2016 are included.


Question: Why doesn’t this script support Windows Server 2008 R2 and earlier?

Answer: I get asked this all the time. There are several reasons. The first is that out of the box, Server 2008 R2 has PowerShell 2.0 installed, and this script is written in PowerShell 3.0. Requiring you to upgrade to PowerShell 3.0 first, before running a script that installs prerequisites, seems counter-intuitive. And converting the script to just use PowerShell 2.0 is taking a step backwards, especially considering that the current version of PowerShell is 5.0, and even as this is written, 5.1 is in preview.

Next is sheer time. I test changes I make. And then I test them again. And then I choose different options and combinations and test them. Testing on just Server 2012 and Server 2012 R2 is exhausting. Adding Server 2008 R2 would mean even more testing, plus I’d have to add those resources in my already overtaxed test labs. That would slow down my ability to add new features and test fixes.

Third is that Server 2008 R2 is three versions back. Get with the times already!


Question: Does the script support Windows Server 2016?

Answer: No, and the primary reason is that Lync Server 2013 and Skype for Business Server 2015 are not supported on Windows Server 2016. Once they are supported on Windows Server 2016 (and it will likely only be Skype for Business Server 2015 that’s supported), I’ll adjust the script as needed. I’ve already done some preliminary work.


Question: Can you add feature x?

Answer: I LOVE getting feature requests. Seriously! Best method to suggest features is to send me an email. My email address is in the comment section at the top of every script I publish. Please be detailed in what you’d like to see, as well as any scenarios you’d use the option (so I can try to duplicate testing). This also goes for additional tools, whether Microsoft or third-party.


Question: How do I submit bug reports?

Answer: Email is best. Grab my email address from the comment section at the top of the script. Please be VERY detailed. Please include screen shots if possible, and ALWAYS include the log file. If the script will start, select option 96, “Report a bug/problem with this script”. If you’re not using the latest version of the script, please download it from the Downloads section below and see if you can duplicate the problem before reporting it.


Question: What if my server doesn’t have Internet access?

Answer: Fear not. Download the required files using either the -DownloadOnly or -DownloadAll options from another machine and place them in the TargetFolder, which is c:\_install by default. The script looks to see if the file is available locally before attempting to download. An exception to this is the latest cumulative update, which is always downloaded, since the URL and file name don’t change, even when the version does.


Question: When I run the script again, I get “Script already running”

Answer: This is because the script didn’t exit gracefully. Many reasons this can happen, such as rebooting the server while it’s still running. If you’re positive it’s not running anywhere else (including by other users logged into the same server), run the script with the -ClearRunningStatus switch to clear that flag. Then run it as normal.


Question: Is there an option to specify where (i.e. path) all of the various tools are installed?

Answer: No. And not for a lack of trying. Some tools don’t support automated installs with a specified path. And some of those that DO, actually still dump some core files in a “default” location. The more I tried to come up with the solution, the more I realized that it would entail a substantial amount of overhead in the script.


Question: Why does the script report an unsupported version of .NET Framework?

Answer: Because Lync Server 2013 and Skype for Business Server 2015 don’t support the version detected. Once they do, I’ll adjust the script accordingly.


Download

v4.4 – 11-12-2017 – Set-CsFeatures.v4.40.zip

v4.30 – 10-11-2017 – Set-CsFeatures.v4.30.zip

v4.20 – 09-04-2017 – Set-CsFeatures.v4.20.zip

v4.10 – 05-15-2017 – Set-CsFeatures.v4.10.zip

v4.09 – 05-13-2017 – Set-CsFeatures.v4.09.zip

v4.08 – 04-19-2017 – Set-CsFeatures.v4.08.zip

v4.07 – 04-14-2017 – Set-CsFeatures.v4.07.zip

v4.06 – 02-05-2017 – Set-CsFeatures.v4.06.zip

v4.05 – 11-04-2016 – Set-CsFeatures.v4.05.zip

v4.04 – 11-02-2016 – Set-CsFeatures.v4.04.zip

v4.03 – 11-01-2016 – Set-CsFeatures.v4.03.zip

v4.02 – 10-28-2016 – Set-CsFeatures.v4.02.zip

v4.01 – 10-25-2016 – Set-CsFeatures.v4.01.zip

v4.0 – 10-24-2016 – Set-CsFeatures.v4.0.zip

Changelog

See the changelog for information on what’s changed/included in each version.

Changelog: Set-CsFeatures.ps1

October 24th, 2016 No comments

This is the changelog page for Script: Set-CsFeatures.ps1 – Easily Install Prerequisites and Tools for Lync Server 2013 and Skype for Business Server 2015. You will find a complete list of released versions, their dates, and the features and issues addressed in each. Please refer to the script’s main page for more information including download links, installation details, and more.

v4.40 – 11-12-2017

  1. Added more bugs to fix later. 🙂
  2. Bypass of the 32/64 bit PowerShell process check when using -DownloadOnly or -DownloadAll – NEEDS TESTING
  3. Updated Silverlight to v5.1.50907.0
  4. Updated WireShark to v2.2.10
  5. Added 80-17 – Skype for Business Basic Client (32 and 64 bit) v16.0.4417.1000 and Lync Basic Client (32 and 64 bit) v15.0.4420.1017 [DOWNLOAD ONLY]
  6. Added 80-18 – Skype Room System Administrative Web Portal v1525.1 [DOWNLOAD ONLY]
  7. Added 80-19 – Key Health Indicators for Lync Server 2013 and Skype for Business Server 2015 v2.0 [DOWNLOAD ONLY]
  8. Fixed an issue with option 9 (Create a file share) to deal with the user selecting a root drive instead of an existing or new subfolder. If a root drive is selected, a folder called SkypeShare (or LyncShare if running in Lync mode) is created and it is shared. Thanks to @JDubyaeber for reporting the issue.
  9. Option 50-19 updated to also block .NET v4.7.1 (in addition to v4.7). MS hasn’t released guidance into how to block v4.7.1 yet, but this apparently works to block this version for Windows Updates. I can verify this method does NOT block manual installation. Both versions are still unsupported for Skype for Business Server 2015.
  10. Option 50-5 (Set recovery of SfB/Lync/OOS services to restart) updated to also include the SfB Statistics Manager (“statsman”) agent service.
  11. Added warning to 50-23 (Enable Enhanced Experience for Meetings Hosted on Skype for Business On-premises) to rerun option if more front end servers are deployed in the environment.
  12. Added option 50-24 – MS Teams PowerShell module.

v4.30 – 10-11-2017

  1. Added a prompt if more than 1 NIC is detected in servers other than Edge.
  2. Fixed check for edge domain name before forcing it to be changed (like when script is run a second time after the domain name is set).
  3. Changed from using netdom.exe for some of the edge config changes to directly making the changes in the registry.
  4. Set ‘Set recovery of SfB/Lync/OOS services to restart’ (Option 50/5) to only set the first two failures to restart, and leave the subsequent failures to ‘take no action’. This should prevent issues where problematic services get stuck in a perpetual restarting loop.
  5. Added some code to detect if FIPS is enabled. This is based on some feedback around issues that arise when FIPS is enabled and you try to install some of the prereqs. More will be added later. Thanks to Sean for bringing it up.
  6. Added option 80-14 – Call Quality Dashboard [DOWNLOAD ONLY].
  7. Added option 80-15 – Real-Time Statistics Manager (StatsMan) [DOWNLOAD ONLY].
  8. Added option 90-10 – Configure longer Diffie-Hellman ephemeral (DHE) key shares for TLS servers. This option sets it to 2048 (from the default 1024). See https://technet.microsoft.com/en-us/library/security/3174644.aspx for more info. This should help get higher scores at sites such as https://www.ssllabs.com/ssltest. Thanks to @greiginsydney & Mike S. for the info.
  9. Added option 90-11 – Disable PCT 1.0.
  10. Added option 90-12 – Disable other weak ciphers – includes NULL, DES 56/56 and RC2. Tons more security options coming soon.
  11. Updated option 50-11 – Edit hosts file – to ensure it opens notepad elevated.
  12. Fixed option 15 – Lync Connectivity Analyzer – MS has killed the download page for it. I fixed it so it grabs from an alternate source, and removed the restriction that the option only work when the script is in ‘Lync’ mode.
  13. Added option 80-16 – IIS Crypto [DOWNLOAD ONLY].
  14. Bypass the virtualization function code when the script is called with either the -downloadall or -downloadonly options. This is because that code can cause exception errors when run on a Win 10 machine. I’ll make this a little more graceful in the future. Thanks to @JDubyaeber for the heads up.
  15. Re-added the admin/elevated check when -downloadall or -downloadonly options are used. This is because some of the logging code needs elevated access to right to the registry, such as when the script starts/finishes.

v4.20 – 09-04-2017

  1. Minor corrections to the edge NIC configuration code. Thanks to @JapNolt for pointing it out and supplying a solution for one of the issues.
  2. Now log the number of NICs that are enabled. This will be used in the future to throw some alerts, if needed.
  3. Added NET-WCF-HTTP-Activation45 to the list of Windows Features installed for OOS (option 5).
  4. Added detection for Visual C++ 2013 when using OOS (option 5). If it’s not detected, it will install it. This resolves an issue where OOS servers could show ‘unhealthy’.
  5. Updated WireShark to 2.2.9.
  6. Added ‘Enable Enhanced Experience for Meetings Hosted on Skype for Business On-premises‘ (50-23).
  7. Fixed some minor error message text that mentioned ‘Lync Server’ instead of ‘Skype for Business Server’.
  8. Tweaked the code for ‘Add Trusted Root Certification Authorities to Edge Servers’ (50-22) to deal with that option being selected before the initial IE configuration prompts are dealt with. Also added some more certification authorities.
  9. Added detection code and related error to determine if the script is running in an x86 PowerShell session – Thanks to Brennan.
  10. Fixed a minor logging issue when using options in the ‘Third Party’ menu.
  11. Fixed an issue where the WireShark installer macro would try to run even if the WireShark exe file failed to download.
  12. Fixed an issue where the script would exit to allow downloading a new version, but wouldn’t clear the ‘running’ flag. Thanks to @greiginsydney for noticing.
  13. Fixed an issue where the script would throw an unintended error if the rtclocal SQL instance failed, and the script tried to apply the firewall exceptions for the Get-CsConnections script. Thanks to @greiginsydney for the heads up.
  14. Fixed an issue where the pick list for internal edge NICs was sometimes blank. Thanks to Korbyn for pointing it out.
  15. Fixed a minor logging issue when removing the Windows Store App from the taskbar (50-12).
  16. Updated option to temporarily block the installation of .NET (option 50-19) to block version 4.7 (from 4.62) as 4.7 is not supported for Skype for Business Server (yet). Script will also stop if 4.7 is installed.
  17. Added -DisableAutoUpdates switch to bypass the prompt about disabling auto windows updates when installing roles. When specified for any role (1-6), automatic updates are disabled, and not prompt is displayed. When not specified, a prompt will be displayed.
  18. Added -IncludeLanguagePack switch to bypass the prompt about installing the english language pack when building OOS servers (option 5).
  19. Included the June, 2017 security update for OOS servers (option 5).
  20. Added -SkipEdgeNicConfig option to skip the NIC config when building edge servers (option 2). If you use this option, understand that you must manually configure those components on the server. Thanks to @greiginsydney for the suggestion.
  21. Disabling SSL3 (option 90-2) now disables both the server and client components.
  22. Disabling SSL2 (option 90-1) now disables both the server and client components.
  23. Added security option 90-7 – Set LmCompatibilityLevel to 5 (NTLMv2 only). See https://technet.microsoft.com/en-us/library/cc960646.aspx for more info. Also, the LmCompatibilityLevel when the script is started is also logged.
  24. Added security option 90-8 – Disable Link-Local Multicast Name Resolution (LLMNR).
  25. Re-engineered some of the code around how the script reboots and restarts. This was due to some limitations in the RunOnce registry key in Windows.
  26. Fixed the problem with the latest Skype for Business Debugging Tools (option 12). It now requires Visual C++ 2015, whereas the previous builds required Visual C++ 2013, so the script was updated to install that if needed.
  27. Some minor updates to what gets logged at the beginning of the log file.
  28. Added support for Windows Server 2016.
  29. Fixed an issue where the script would throw an error when restarting after a reboot if a menu option hadn’t been selected initially.
  30. Fixed URL for Skype Adoption Portal.

Known issues

  1. Looks like pinning of shortcuts to the taskbar & desktop are not working in Windows Server 2016.

v4.10 – 05-15-2017

  1. Write-Log function upgraded to v3.1
  2. fixed logic in 90-6 (disable SMBv1)

v4.09 – 05-13-2017

  1. Minor menu cleanup
  2. Added a reboot check after Wireshark is installed, and before the config macro runs. Two people have reported spontaneous server reboots at that point. It’s not the script – it’s WireShark.
  3. Upgraded SQL Server Management Studio to v17.
  4. fixed a couple of typos – thanks to @greiginsydney for pointing them out.
  5. fixed an issue with disabling NetBIOS over TCP/IP
  6. option 50-22 (Add Trusted Root Certification Authorities to Edge Servers) added. See https://www.ucunleashed.com/3029 for more info.
  7. Minor adjustments to basic function code

v4.08 – 04-19-2017

  1. Added Lync Edge Server Replication failed FALSE with red cross (option 90-5)
  2. added Disable SMBv1 (option 90-6). See https://technet.microsoft.com/en-us/library/security/ms17-010.aspx for more info.
  3. Fixed issue with Windows Source files when installing prereqs for Persistent Chat servers. Thanks to Steve for sending me the bug report.

v4.07 – 04-14-2017

  1. added Meeting Migration Tool (option 80-11) to the download menu. This option downloads both the 32 and 64 bit versions. Because both versions have the same file name, they are downloaded to individual sub folders.
  2. added Cloud Center Edition v1.4.2 (option 80-12) to the download menu
  3. Substantial code optimization utilizing PsScriptAnalyzer and PsSharper (literally like 2000 lines of code tweaked)
  4. removed Test-ScriptUpdate function since it was replaced with the newer update method
  5. updated Test-InvalidCert function to v1.3 (adds checking of Intermediate Store & moves certs in the incorrect store to the correct store). Note that this function runs automatically when the script is started. Results are written to the log file.
  6. updated Write-Log function to v3.0 (adds a verbose level)
  7. fixed a typo in the virtualization detection code (how did I miss THAT?)
  8. Updated download URL for network assessment download
  9. removed download URL for RASK Resources file, as it seems to no longer be available for download
  10. updated .NET check to only throw an error if the detected version is > v4.6.2, since v4.6.2 is now supported (assuming CU 4)
  11. Updated Wireshark (option 30-1) to v2.2.6
  12. Updated Windows Features required for Director role. Thanks to @greiginsydney for pointing it out.
  13. added Windows Features for Skype for Business 2015 stand-alone Mediation server. Thanks to @greiginsydney for the info.

v4.06 – 02-05-2017

  1. Added some additional code for OOS (option 5) to deal with (& log) potential issue where OOS ISO image isn’t mounted, or takes a while to mount.
  2. Added option 80-10: Skype for Business Adoption Portal [DOWNLOAD ONLY]
  3. Re-enabled the static route section of the edge server config (option 2). I forgot this was disabled. This has always been a real pain to deal with. This is because sometimes, when you programmatically remove the gateway on the internal NIC and reboot the machine, Windows will clear ALL of the config for that NIC. This usually means that when the machine is back up and running, you can’t connect to it. I have yet to find a rhyme or reason as to what causes this. If you can’t RDP to the edge server once it reboots, check the internal NIC config.
  4. Added option 90-4 to disable the RC4 Ciper. See https://support.microsoft.com/en-us/kb/2868725 and https://support.microsoft.com/en-us/kb/245030 for more info.
  5. Updated option 5 (OOS) to November 2016 build
  6. Added option 70-13 – WireShark taskbar shortcut
  7. Fixed an issue with 50-19 (Block install of .NET 4.6.1) that would thow an error when checking for specific registry values
  8. Updated option 6 (Persistent Chat) for Skype for Business Server 2015
  9. Fixed an issue in option 6 (Persistent Chat) where if a reboot was required, and the user chose to reboot, the server wouldn’t reboot automatically.
  10. Updated option 30-1 (WireShark) to prompt if you want a taskbar shortcut created for WireShark.
  11. Updated option 50-18 (Skype federation) to ensure that the provider config is enabled if it already exists.
  12. Minor tweaking to Write-Log (logging function)
  13. Minor tweak to detection of last boot time
  14. Updated option 30-1 (WireShark) to v2.2.4
  15. Updated Get-UpdateInfo function to v1.2
  16. Updated 50-14 (Install Skype for Business Online Admin components) to include all requirements for management of Skype for Business in O365, including “Microsoft Online Services Sign-in Assistant”, “Windows Azure Active Directory Module for Windows PowerShell”, and “Skype for Business Online, Windows PowerShell Module”
  17. Updated 80-6 (Download Skype for Business Online Admin components) to include all requirements for management of Skype for Business in O365, including “Microsoft Online Services Sign-in Assistant”, “Windows Azure Active Directory Module for Windows PowerShell”, and “Skype for Business Online, Windows PowerShell Module”

v4.05 – 11-04-2016

  1. Updated GUID for Message Analyzer as MS rolled out a new version (4.0.8112.0), and the script was hanging looking for the old GUID.
  2. Fixed an issue where the SMB file share would get the wrong share name when not specifying -skype4b option, and choosing “yes” on the prompt.

v4.04 – 11-02-2016

  1. Fixed some URL references that still pointed to the old version of the script & its related downloads. No functionality changes as a result of this. More of just a housekeeping issue. Added a variable that will eliminate this issue going forward.
  2. Fixed an issue where a file download fails (for any reason), and the retry fails because the filename has a space in it. Stupid missing quotes….
  3. Fixed an issue where the SQL Express code wouldn’t run when using -skype4b and selecting options 1, 2, 4, or 6.
  4. Updated .NET warning to include a link to Jeff Guillet’s article on removing .NET framework 4.6.1
  5. Updated SQL Express 2014 and SQL Server Management Studio to SP2 (from RTM). Dunno why I didn’t see that earlier. – Thanks to @pilzi for pointing it out to me.
  6. The usual code optimization as I find better, faster, more efficient/consistent ways of doing things.
  7. Preliminary work around supporting Windows Server 2016 – NOTE: Lync Server 2013 and Skype for Business Server 2015 are NOT supported on Windows Server 2016. Yet.

v4.03 – 11-01-2016

  1. Fixed issue with option 60-6 in Skype4b mode not recognizing resource kit installed (it was looking for the old executable name)
  2. Changed -Win2012Source parameter to -WindowsSource (in anticipation of Windows 2016 support for Skype for Business Server 2015)
  3. Created option 30 – Third Party Tools menu, and moved WireShark and Customized PortQryUI to it
  4. Code optimization
  5. Moved option 24 (UCMA) to the Misc Server Config menu (50)
  6. Moved option 16 (Windows Update) to the Misc Server Config menu (50)
  7. fixed URLs in comment help for the script (they were still pointing at the old version)
  8. added the SQL Express and SQL Server Management Studio (SSMS) code for -Skype4B. Selecting appropriate options will now install the SQL Express 2014 instances and/or SSMS. -SQLPath works as intended, as well.
  9. Updated the function that checks for an update. It should now properly show the changelog info in the popup message.
  10. minor changes to some test functions

v4.02 – 10-28-2016

  1. Added option: 40-4 – Show Response Groups with no agents
  2. Added option: 50-19 – Temporarily block the installation of .NET Framework 4.6.1 – this does not remove any existing installation of .Net 4.6.1. See https://support.microsoft.com/en-us/kb/3133990 for more info on the method used, and http://www.expta.com/2016/02/how-to-uninstall-net-framework-461.html for info on how to remove .NET Framework 4.6.1.
  3. Fixed main menu not displaying option 40 (reports)
  4. Fixed issue with some downloads not working – Thanks to Martijn for pointing it out

v4.01 – 10-25-2016

  1. Fixed a minor display issue when submitting bug reports.
  2. Fixed a minor issue when the script can’t connect to the web site to retrieve update info.
  3. Fixed an issue where errors would occur if the person running the script isn’t a Domain Admin.
  4. Added option 40 to main menu for reports, and added:
    1. 40-1) Show AD disabled accounts that are still enabled in Lync/SfB
    2. 40-2) Show elevated accounts that are enabled in Lync/SfB
    3. 40-3) Show users whose SMTP address doesn’t match their SIP address

v4.0 – 10-24-2016

  1. Initial version

Rebranding – A New Name, a New Domain, Same Focus

October 21st, 2016 3 comments

When I first started this blog, I was an Exchange consultant and MVP. I spent my work days working with clients and deploying Exchange, or migrating from one version to another, or migrating from a different solution, such as Notes or GroupWise, to Exchange. Times were fun and challenging. I picked the name Ehlo World for two reasons. First, “ehlo” is a command that two mail servers send to each other at the beginning of a conversation negotiation. The “world” part came as an homage to “Hello World”. If you’ve written scripts or code, you know that one of the first exercises in learning how to code was to issue a command that would output “Hello world” to the console screen. Since I was noodling with PowerShell, which got its first big push with Exchange server, the “ehlo world” kinda made sense to me.

Flash forward years later, and my coworker, Mark Smith, came to me and said “We’re going to start also doing OCS and Lync consulting. We need a Lync guy. Tag – you’re it.”. I could barely spell OCS or Lync at the time. I had never seen the admin console, let alone deployed it. But I dove in, and it’s been a fabulous ride. As I’ve gone along, I’ve also further honed my PowerShell skills. I’ve written some whopper sized scripts, including several that were more than 6000 lines a piece. When you tie (now) Skype for Business and Exchange and PowerShell and Office 365 together, you get a great Unified Communications platform. UC. While I don’t spend much time dealing with Exchange these days, I still noodle with scripts for it. Mostly those requested by coworkers, clients, and peers. But I’m primarily focused on the Skype for Business side, and the Ehlo World name was a little stale given my focus. So, I’m rebranding to UC Unleashed. UC for the previously mentioned reasons, and the Unleashed for several others. First being that I’ve written scripts, functions, and one liners that (at least try to) think outside of the box. Second, I was honored to be involved in the writing of the Skype for Business Unleashed book.

So there you have it. A new name, but with the existing content. Linked URLs should automatically redirect to the post on the new ucunleashed.com domain soon. A new logo and a new blog theme are in the works. I’m working on some cool stuff (well, *I* think it’s cool), and you’ll see that soon. Until then, feel free to comment on my posts, suggest new scripts and ideas, and more.

Until then…

Function: Get-UpdateInfo – Making It Easy for Your Users to Get the Latest Version of Your Scripts

October 10th, 2016 No comments

updatepromptDescription

As a PowerShell developer, you always want your users to have the latest version of a script. It makes support a lot easier, while also making sure that users have the latest features and bug fixes. But how to encourage that? Well, for me, users of my scripts are typically not within the same environment as me. So Group Policy Objects, logon scripts, etc, aren’t a solution. Having the script automatically check for an update is much easier, and doesn’t require anything from the user1. So let’s take a look at a quick and easy method.

First, we need a repository where the update information will be held. XML is perfect for this. In this example, I created the following file, and saved it as version.xml:

<?xml version="1.0"?>
<catalog>
<article id="1697">
<title>Set-CsFeatures.ps1</title>
<author>Pat Richard</author>
<version>3.9.57</version>
<publish_date>2016-10-08</publish_date>
<description>Installs all required Windows 2012/Windows 2012 R2 components & optional tools.</description>
</article>
</catalog>

This file can reside anywhere. A file path, a web site, wherever. I chose a website for the reasons I mentioned above. You can see the above file in action at http://www.ucunleashed.com/downloads/version.xml. Some key points to the file. Each article I publish going forward will have it’s own “article” node. The ID I chose to tie to it is also the ID of the article’s URL, for consistency sake. In this example, 1697 is the prereq script seen at http://www.ucunleashed.com/1697. The version value is the version of the latest general availability (“GA”) build. We’ll query that value, compare it against the version of the script running the query, and see if it’s newer. Note that there is some other info in the XML file, and that’s irrelevant to what we’re discussing here.

[xml] $xml = (New-Object System.Net.WebClient).DownloadString("http://www.ucunleashed.com/downloads/version.xml")
$Ga = ($xml.catalog.article | Where-Object {$_.id -eq $article}).version

We supply the $article value when making the call. After that, it’s a simple comparison. In the prereq script, near the beginning, I assign a variable, $version, with a value. Let’s say it’s “3.9.55”. We compare $Ga against $Version

$Ga -gt $Version

If it’s true, we know a newer version exists. If it’s false, we know the currently running script is the latest version. In theory, we could also use this to alert of a regression in case we needed to downgrade (gasp!). So let’s put this together. We assign a variable, $xml, to the results of downloading an xml file. Then, we assign $ga to the value of “version” for the specific node within the xml file that contains the info for the article. Lastly, we do our comparison and give some output if there is an update.

[xml] $xml = (New-Object System.Net.WebClient).DownloadString("http://www.ucunleashed.com/downloads/version.xml")
$Ga = ($xml.catalog.article | Where-Object {$_.id -eq $article}).version
if ($Ga -gt $Version){Write-Output "A new version is available!"}

Now, obviously, we can pretty this up a bit. But before we do that, let’s think of issues we could run into. The big one is making sure we have an Internet connection to use to check the XML file. As much as we can often assume there will be one, a LOT of organizations block Internet access to servers as part of their security posture. So we shouldn’t assume. We can check using the following:

[bool] $HasInternetAccess = ([Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]'{DCB00C01-570F-4A9B-8D69-199FDBA5723B}')).IsConnectedToInternet)

And then using an IF loop against $HasInternetAccess. So let’s throw this all into a function we can incorporate into our scripts and modules:

function Get-UpdateInfo {
  [CmdletBinding(SupportsShouldProcess, SupportsPaging)]
  param (
    # Article/script to check for updates
    [parameter(ValueFromPipeline, ValueFromPipelineByPropertyName)]
    [string] $article
  )
  [bool] $HasInternetAccess = ([Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]'{DCB00C01-570F-4A9B-8D69-199FDBA5723B}')).IsConnectedToInternet)
  if ($HasInternetAccess){
    [xml] $xml = (New-Object System.Net.WebClient).DownloadString("http://www.ucunleashed.com/downloads/version.xml")
    $Ga = ($xml.catalog.article | Where-Object {$_.id -eq $article}).Version    
    if ($Ga -gt $version){
      Write-Log -Level Warn -Message "Outdated version. Version $Ga is latest version. Prompting user" -NoConsole
      $wshell = New-Object -ComObject Wscript.Shell -ErrorAction Stop
      $updatePrompt = $wshell.Popup("A new version ($ga) of the script is available. Would you like to download it?",0,"A new version is available",68)
      if ($updatePrompt -eq 6){
        Start-Process "http://www.ucunleashed.com/$article"
      }
    }
  }else{
    Write-Output "No Internet connectivity. Unable to check online for update info."
  }
} # end function function Get-UpdateInfo

Here we incorporate a simple ComObject popup message to ask if the user wants to download the new version. Since we have assigned the GA number to $ga, we can use that in the popup text, as well, as shown in the image at the beginning of this article. If $updatePrompt is “6”, then the user clicked “Yes” on the popup, and we can take action such as opening a browser window and navigating to the articles page. Or we could download a file, or any of a number of actions. If $updatePrompt is “7”, then the user clicked “No”.

So, as you can see, it’s really not that hard to add an update checker to your scripts. When you release a new version, simply update the XML file to reflect accordingly.

Note: Take care in what kind of characters are in the XML file. Some special characters, such an ampersand (“&”), aren’t handled very well. When in doubt, open a browser window and navigate to the file.

1 – Depending on the action you require once it’s known an update is available.

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Automatically Installing and Configuring WireShark for Skype for Business

October 7th, 2016 2 comments

wiresharkDescription

I mention in the blog article Script: Set-Cs2013Features.ps1 – Easily Install Prerequisites and Tools for Microsoft Lync Server 2013 that one of the options in the menu, #30, is download, install, and configure WireShark. The configuration settings are based on those mentioned by Jeff Schertz (Wireshark Capture Tips) and Matt Landis (Getting Started With Lync and Wireshark: Tips & Quirks) , as well as those I’ve found useful. Most of these settings REALLY help when you’re looking at traces (and who doesn’t love an afternoon of doing that?). Among some of the configuration settings are:

  1. adds Source Port (resolved) column
  2. adds Destination Port (resolved) column
  3. adds DSCP column
  4. Configures RTP protocol “Try to decode RTP outside of conversations”
  5. Configures SIP protocol for ports 5060-5068 (instead of WireShark’s default of 5060)
  6. Sets the time format to human readable format

Why manually configure these on your server (or worse, many servers), if we can automate it? Let’s make our deployment life easier. Getting WireShark installed programmatically isn’t like other programs. There is no .msi file, or silent install switches. Methods I’ve used in other scripts just didn’t work. And believe me, I tried. And tried. And tried. So, I went medieval on it, and used AutoIt to create a macro that steps through the installer, clicking the right buttons. This works exceptionally well, and is fairly fast. But I wanted to also include the configuration steps mentioned above. And this is where it got interesting. WireShark’s config file seems to change formats and details often. So writing something that would change the config file directly seemed like it would be a losing battle. So, back to AutoIt. For 95% of the config, it worked great. But there seemed to be a need to click on the custom columns in order to set their name. AutoIt allows for moving the mouse to a certain vector, then clicking. But even with maximizing everything, the coordinates were never the same on different servers with different resolutions or RDP sessions. So that part of it would often not work. You’d get the columns, but they’d be named “New Column”. Not ideal. Finally, after taking a break from trying to figure that out, I rethought about it, and was able to figure out the right keyboard combination to accomplish the same thing. Success! There is one section right after that where the mouse is required to move the new columns into the desired order, but that seems to always work, and there’s no keyboard control for that. A remaining issue has been there since I first started this task. And that is the fact that AutoIt is written to take action based on app windows with certain titles. Usually not an issue at all, except that WireShark has always included the version number in the title bar. So every time there is a new version released, I’d have to open the source file, change the version number, re-compile to an .exe file, test, upload to my server, and update the prereq script. All in all, it is like 10 minutes of work, but I’ll need to continue to do that. As a result, I’m releasing the macros bundled the appropriate version of WireShark. Not sure if that violates some license with WireShark, but since they seem uninterested in making a silent installer method… Download the file from the link below. Unzip anywhere, as long all of the files are in the same folder. You’ll see there are three files:

  1. The WireShark bits, which are named with the version number, such as Wireshark-win64-2.2.1.exe for version 2.2.1. This is the file as it comes from WireShark.
  2. The installer macro, which is also named according to the WireShark version it applies to, such as WireShark_2.2.1-install.exe
  3. The config macro, which is also named according to the WireShark version it applies to, such as WireShark_2.2.1-config.exe

Run the installer macro first by double clicking on it. You’ll see it zip through the WireShark install routine. Once that closes, you can run the config macro. You’ll see it walk though the config. I do NOT recommend running the config macro more than once – lest you end up with a completely mangled config. It takes a minute or so to run. Once it’s done, you can open WireShark Legacy and use it. Once you start a trace, you should immediately be able to see the added columns:

ports

Added columns in WireShark. Click for a larger version.

If you wander through the config menus, you’ll see the other settings as well. The v2.x WireShark application that is also installed when you install WireShark is configured somewhat differently, and I’ll address that in the future. Right now, I’m not aware that it provides any added benefit for Skype for Business/Lync admins anyways. But really, WireShark, would it kill you to use an XML file for your config?! Or registry values? If you have some specific config settings you use for WireShark, pass them along!

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Downloads

WireShark v2.1.10 – 10-22-2017 – WireShark_2.2.10-install.zip

WireShark v2.2.9 – 09-04-2017 – WireShark_2.2.9-install.zip

WireShark v2.2.7 – 06-01-2017 – Wireshark_2.2.7-install.zip

WireShark v2.2.6 – 04-12-2017 – Wireshark_2.2.6-install.zip

WireShark v2.2.5 – 03-06-2017 – Wireshark_2.2.5-install.zip

WireShark v2.2.4 – 01-31-2017 – Wireshark_2.2.4-install.zip

WireShark v2.2.3 – 12-23-2016 – Wireshark_2.2.3-install.zip

WireShark v2.2.2. – 11-24-2016 – WireShark_2.2.2-install.zip

WireShark v2.2.1 – 10-07-2016 – WireShark_2.2.1-install.zip

Changelog

See the changelog for information on what’s changed/included in each version.

Changelog: WireShark Installation and Configuration Macros

October 7th, 2016 No comments

This is the changelog page for Automatically Installing and Configuring WireShark for Skype for Business. You will find a complete list of released versions, their dates, and the features and issues addressed in each. Please refer to the script’s main page for more information including download links, installation details, and more.

v2.2.10 – 10-22-2017

  1. Support for latest version

v2.2.9 – 09-04-2017

  1. Support for latest version

v2.2.7 – 06-01-2017

  1. Support for latest version

v2.2.6 – 04-12-2017

  1. Support for latest version

v2.2.5 – 03-06-2017

  1. Support for latest version

v2.2.4 – 01-31-2017

  1. Support for latest version

v2.2.3 – 12-23-2016

  1. Support for latest version

v2.2.2. – 11-24-2016

  1. Support for latest version

v2.2.1 – 10-07-2016

  1. Initial version
Categories: Exchange Server Tags:

Writing a Book – A Labor of Love

October 5th, 2016 1 comment

book-coverAny tech types who’ve written tech books can attest to the fact that it’s a LOT of work. And this one was no different. Skype for Business is a very dynamic product, with features being added and updated on a continuing basis. Fortunately, I had the chance to work with some great tech luminaries – people far smarter than me, for Skype for Business Unleashed. That includes Phil Sharp, Rui Maximo, and Alex Lewis. But don’t let the fact that there are four names on the cover fool you. Plenty of others work behind the scenes, including contributing authors, editors, and publisher staff. I can’t possibly name them all, but I would like to point out a few. Stale Hansen stepped up and wrote a killer chapter on the VDI components of Skype for Business, while John Cook handled, what else, the Mac client chapter. Tom Morgan, one of Modality Systems’ ace developers, wrote on Developing Skype for Business Solutions. Former colleagues Tom Arbuthnot and Iain Smith also contributed. Even ‘The Hoff’ himself, Ken Lasko, added some great info. And to keep us all true to the product, Tim Harrington served as the tech editor. Jamie Stark, a beloved Program Manager in the Skype product group at Microsoft, wrote a killer forward.

During the project, several events occurred that seemed to derail the project. The publisher, Pearson, eliminated 4000 staff in a corporate downsizing. This was also around the time that Microsoft Press also underwent a significant restructuring. The project was in doubt for a while, but Pearson came back, committed to getting the book on to the shelves. Our normal full time gigs, family lives, and other interests also came into play. And unfortunately, someone involved in the book suffered a tragic loss. All of these caused the project timeline to slip. And during this time, the product group kept working on the product. Each time a Cumulative Update was released, we would have to review what had already been written to verify it still was valid, including details, screen shots, PowerShell commands, and more.

So why write this book? We certainly aren’t getting rich doing it. In fact, we’d all likely agree that you can’t survive on writing books at this pace. And time spent away from family and friends, and other interests can be tough. But seeing it on the shelf is rewarding on so many levels. It’s great to add the publication to your resume, LinkedIn profile, and more. Name recognition is always nice. But more importantly, getting the knowledge and experience into a format that can be beneficial to others is extremely personally rewarding to me. Is every little tidbit in there? Of course not. The book is 1100 pages. Decisions were made on how much space we could to allocate to each topic. Some chapters could be exponentially larger. But we tried to touch on the important stuff. Enough to get an environment properly designed, build, configured, and administered. And I think we did pretty well in that regard. And of course, as soon as we turned in the final edits, new features were released by the product group.

Books don’t sell unless people know about them. So we don our marketing hats and get on LinkedIn, Twitter, Facebook, blogs, and other online resources and let the world know it’s out there. Modality Systems was generous enough to put together a book signing event at Microsoft Ignite, and gave away some signed copies, as well. Twitter followers even started sending in pictures of where the book had been sighted, including the Microsoft Conference Store, MIT, and more. A signed copy even made its way to Gurdeep Pall‘s desk. Gurdeep is the Corporate Vice President of the Skype business unit at Microsoft, and he tweeted a selfie of himself holding the book. As I write this article, the book is the highest ranked Skype for Business book on Amazon. And that’s no easy task, as the other books were also written by some other top notch nerds like us.

cth_vttw8aij5ka-jpg-large

Book signing event at Microsoft Ignite 2016. From left to right: Stale Hansen, Phil Sharp, me, Rui Maximo, and Tom Morgan.

I again want to thank everyone involved. It would not have been possible without them. I’d also like to thank the entire Product Group, as well as the Skype for Business MVPs. Both of these groups were instrumental in answering questions that popped up throughout this process.

I hope you enjoy the book, and welcome any comments or concerns.