Introducing Skype for Business (a.k.a. Lync 2014)



In coming series of blogs, we’ll be evaluating and sharing as much information as we can for Skype for Business, next chapter in Lync platform.

Through course of these blogs, we’ll be referring Skype for Business as SFB.

On 11th November, Microsoft announced that the Lync Server product will be rebranded as Skype for business. This basically means that the next on-premises server, clients, and Office 365 releases of what would be Lync will now simply be renamed, and the Lync name will be apparently be deemphasized. Surely this does not mean that the existing consumer Skype platform would be positioned to businesses, or mean the death of Lync as a platform. For all intents and purposes the two separate products must still exist : the consumer ad-driven solution known as Skype, and the enterprise-grade solution known to all as Lync which will simply be rebranded as Skype for Business.


Currently we notice many administrators referring to SFB as Lync 2014, however that’s not right. It’s strongly recommended that you accept the change and come on-board with Skype for Business. :)

What are the new features introduced with Skype for Business?

Name for Lync Server platform isn’t changed for just namesake. Skype for Business at its core integrates familiar Skype design with enterprise grade Lync platform solution. So the first change that you’ll notice with Skype for Business is client UI itself.

Universal Communications: SFB allows people to do more by using rich communications for all their relationships. It provides them with consistent experience with its simple, elegant, pervasive looks. The client scales from mobile to meeting room with same user experience. It provides them with interconnection with different platforms (like Tandberg room) and keeps their presence everywhere.

Color and minimum Chrome: The user interface will be using familiar color & minimum chrome layout available with Skype and merge it with Lync client to give users more comfortable and friendly client without too much of changes for end users.













Improved Chat Experience: SFB provides with text in bubbles which is another signature feature of Skype. If the next message is sent within 60 seconds window, the message is combined within single bubble. This helps prevent that spinning circle mostly seen on mobile clients due to slow data network. It also provides with file preview feature during file transfers making it more user friendly.


Common Icons and Placement: Beside improving & re-arranging common icons placement like IM/add a contact, product team has also worked on providing more easier & faster access mid-call control features like call transfer/forwarding based on feedback from many power users that earlier had difficulty finding these buttons in middle of call.


Always visible call monitor: This is a signature Skype feature which will now be available in enterprise applications as well. The call monitor appears in all audio & video calls and provides easier access to mid-call control discussed above. It shows picture or video of active speaker and if closed between call cannot be brought back. Double clicking on call monitor brings back your main SFB window


Video between enterprise and Skype applications: SFB makes it easier to connect to people everywhere. Lync already offers instant messaging and audio calling with Skype users. Skype for Business adds video calling and the Skype user directory making it possible to call any Skype user on any device.

Coaching for First time Users: Many organizations might feel strongly that changing or upgrading client can create nuisance for end users. With an upcoming patch for Lync 2010/2013, you’ll be able to apply SkypeUI using client policy setting from Lync Server 2013 itself. This will allow you certain training time phase where you can introduce users with this new client and train them as needed. We’ll be sharing more details on how to do same with our next blog covering SFB server in details. However, there will be certain features that only work with full SFB client and not just UI, detailed below.


Call via Work: The main expansion in enterprise voice capabilities for SFB is with call via work feature where SFB can call out to user desk phone via PBX/PSTN system and then dial-out the far-end number user is trying to call using his/her work phone. This provides user with enhanced presence on SFB client indicating that user is on call and also provides mid-call control available with SFB as discussed above. If someone calls user on his/her desk phone, then SFB doesn’t comes into picture, it is just for outgoing calls. Below is quick snap-in on how call via work setting will look on end user side/settings:


Above are just major features that we can see with Skype for Business client. There are few other minor features which includes Rate My call, Skype Emoticons, First Run tutorials etc.

In the next blog series, we’ll be seeing what’s new in Skype for Business server for administrators and different features & control options that will be available for you guys.

Stay tuned !


March 2, 2015  Tags: , , , , , ,   Posted in: Lync 2013, Lync Server, Lync Server 2010, Skype for Business  No Comments

Predicted Actions Enabled

Categories & Subject Descriptors: User Interface evaluation, Interaction Styles.

General Terms: Experimentation, Human Factor, Performance.

Keywords: Customization, interaction Techniques, menu design, user study, Adaptable Interface, Adaptive actions, Predict actions.


As Administrators we are very much aware of every user friendly mailbox policies and features which might help the everyday user in your organizations. I would like to touch upon a topic which might not be that very important and useful from an admin point of view but something which most of the Microsoft office administrators may be familiar with. It’s not a widely used feature but is very much similar to Adaptive menus in legacy MS Office applications like word, excel etc..

What is it all about?

Here, we are speaking about an OWA MAILBOX POLICY which is by default disabled for all Outlook Web App (OWA) users and which can be enabled by exchange administrators. PredictedActionsEnabled is an Outlook Web App Feature, and which helps an Outlook Web App user to customize the commands and icons they see according to what they are doing. This is very similar to Adaptive Menus feature from earlier Office applications. This is a very complex approach which is appreciated by users who have a regular pattern of use, but can be disliked by users who do not want their menus or available buttons to be constantly changing. This is a feature which is NOT a USER CONTROLLED Feature. Even then we do not know much about the PredictedActionsEnabled feature as it’s not widely in use by users in OWA, so if it’s beneficial or a pain is yet to be identified. We aren’t even sure if users are aware that they have such a feature available to be explored.

Setting values for this Policy:

As administrators are aware, there are many OWA mailbox policies which are only available through Exchange Management Shell (EWS). PredictedActionsEnabled is one of them.

To check if it’s there in your environment try this cmdlet

Get-OWAMailboxPolicy XXX |fl

This is what you’ll probably see…

RecoverDeletedItemsEnabled                          : True
InstantMessagingEnabled                             : True
TextMessagingEnabled                                : True
ForceSaveAttachmentFilteringEnabled                 : False
SilverlightEnabled                                  : True
InstantMessagingType                                : None
DisplayPhotosEnabled                                : True
SetPhotoEnabled                                     : True
AllowOfflineOn                                      : AllComputers
SetPhotoURL                                         :
PlacesEnabled                                       : False
AllowCopyContactsToDeviceAddressBook                : True
PredictedActionsEnabled                             : False
UserDiagnosticEnabled                               : False
FacebookEnabled                                     : True
LinkedInEnabled                                     : True
WacExternalServicesEnabled                          : True
WacOMEXEnabled                                      : False
ReportJunkEmailEnabled                              : False
WebPartsFrameOptionsType                            : SameOrigin
AdminDisplayName                                    :
ExchangeVersion                                     : 0.10 (
Name                                                : Enterprise
DistinguishedName                                   : CN=Enterprise,CN=OWA Mailbox Policies,CN=ENTERPRISE,CN=Microsoft

Although, this feature has a “FALSE” Value by default, it can be set to “TRUE” by using a simple power shell cmdlet.

Set-CASMailbox -Identity Default -OWAMailbox policy -PredictedActionsEnabled $true


Now to the icing on the cake:

Thanks for reading the article but the bad news is, that this feature/parameter currently can’t be changed in EXCHANGE 2013. Feedback has been sent to Exchange product/testing team         (Confirmed by Microsoft Contingent Staff).


Closing comments:

Hopefully in your environment (apart from EXC 2013) you can try and use these feature and come up with questions and suggestions.

Join the Forum discussion on this post

December 21, 2014  Tags: , , ,   Posted in: Exchange Server 2013, Exchange Server General, Outlook, Uncategorized  No Comments

Office 365 & Exchange 2013 In-Place Hold & E-Discovery

Data Governance and preserving Email has always been an important security concern in almost every type of business environments.

Attorneys in particular need access to search emails that are relevant for legal and compliance purposes.

With Office 365 – The process of searching, preserving and accessing email records was available all the time. The Technical terms that every Office 365 Admin should know when dealing with preserving emails are:

1. Litigation Hold … now, In-Place eDiscovery & Hold.

2. Discovery Management

3. Multi-Mailbox Search

With Exchange 2013 and Office 365, Multi-Mailbox Search is known as In-Place eDiscovery. The one place to visit in Office 365 portal to manage the email preservation is “In-Place eDiscovery & Hold ”

Let’s talk Technical now with Office 365. Consider the below Scenario.

SCENARIO: I’m an Office 365 Admin for my company. My Attorney wants to search and access emails and if required export the emails and he wants full access. The Attorney also wants to know how he can do this?

I login to the Office 365 portal first @

Once I login, I click on Admin at the top side of the portal and select Exchange. This opens up Exchange Admin center.


Now, I need to give the Attorney guy required permissions to perform Discovery Search and also place mailboxes or mail items he wants in-hold or to perform query based search.

All I need to do is to add Attorney to an admin role called ‘Discovery Management’,



Now, I need to train my Attorney so that he can do his legal work.

Attorney said: ‘I want to access emails for all users in the Org which has ‘confidential’ term in the subject.

Ok, Here you go, Mr. Attorney. You have been given an Admin role which means you are a Discovery Manager now.

Following steps are done on Attorney’s mailbox. His OWA in particular.

Open Exchange Control Panel. The ECP portal is:

Since the Attorney user has been added as a member for Discovery Management admin role group, The Attorney’s ECP will show Compliance Management tab where he can create in-place hold like shown below:

Attorney user created a new in-place eDiscovery & hold query with keywords ‘Confidential’ and hold indefinitely and specified Mailboxes for the Search query to be kept in-hold.

Attorney user can search, export the search results to PST, preview the search results & even copy the results to the Discovery Mailbox. The steps are very user-friendly and easy to do.







The Search results can be previewed and also copied to the DiscoverySearch mailbox.





  • In-Place Hold in Exchange 2013 and Exchange Online includes additional features like Query-based Search, types of items to preserve (email, calendar, notes), maximum of 5000 users per In-place hold object and placing multiple holds on a mailbox.
  • By default, the Discovery Management role group doesn’t contain any members. Administrators with the Organization Management role are also unable to create or manage discovery searches without being added to the Discovery Management role group.
  • Members of the Discovery Management role group have Full Access mailbox permissions for the Discovery mailbox that’s created by Exchange Setup.
  • You can open Discovery Mailbox from OWA by removing the mailbox attribute to hide from GAL.

July 24, 2014   Posted in: Microsoft Office 365 Integration  One Comment

Office 365 – Attachment Enhancements in OWA

Hello All




Earlier in the year at the Microsoft Exchange Conference, Office 365 team announced an enhanced document collaboration experience in Outlook Web App for Office 365 users. Today office 365 team introduced few of these enhancements, which aims to improve the way people interact with files as attachments in their email.


What’s new in Office 365 OWA? Below are features listed briefly that were introduced today by Office 365 team:

  1. Side-by-Sideview of document and email: When you open the attachment, you can now see the contents of that document in context (or “side-by-side”) with the email itself; you can see both at the same time. No more flipping back and forth between windows to get all the information you need. You can perform all of the standard messaging actions (reply, forward, and so on) right from within this view


  1. Easy document editing and reply: When you’re ready to edit the attachment and send your comments back, you no longer need to download the attachment, make your changes, rename the file, reattach it, and send your email reply back. You can now do all of this without leaving this new side-by-side view. To do this, you simply click Edit a Copy right above the attachment and message.


This new copy of the attachment is live, and any changes you make are automatically saved. Once you’re finished with your changes, you can simply type a response in the email and click Send.

  1. Bigger attachment view: The user experience for attachments in the attachment well has been updated, so now when you attach files, they’re bigger and better looking than they’ve ever been before.


  1. Download all attachments: This feature was available with from quite a while now.  You can now download multiple attachment at once in the form of a single zip file.

Note: This feature only supports attachment created with office 2007 and above. It will support viewing all Microsoft Word, Excel, and PowerPoint files, as well as .PDF files and most types of pictures.

Conclusion: Above enhancement will give end users richer experience in OWA clients and make emailing more efficient platform for them.

References: View article…

July 3, 2014  Tags: , , , , ,   Posted in: Office 365  No Comments

You Do not have permissions to Schedule Lync Meetings

Hello All



Many times I’ve seen delegates complaining that they’re unable to create Lync meeting on their manager’s or boss’s Outlook calendar, even though they’ve appropriate permission to create normal meetings. Today we’ll cover what permissions are required by delegate to carry out same operation and look at sefautil.exe as our rescue tool in these scenarios.


Issue: Delegates receive error “You do not have permissions to schedule Lync meetings on behalf of the owner of this account. Please contact owner of this account to get delegate permission in Microsoft Lync”


Cause: As the error states, the issue is due to lack of appropriate permissions for delegate on manager’s or owner’s calendar OR Lync account.

Resolution: For delegate to be able to create Lync meetings on their manager’s calendar, they should have:

  1. Editor or above access on user’s Outlook calendar: To achieve this, you can
    1. Add assistant as delegate in Outlook by going to File – Account Settings – Delegate Access.


    1. Alternatively, you can add the calendar permission by going to user’s Outlook calendar section and selecting Calendar Permission under Home tab


    1. If you do not wish to manage permissions from user’s workstation and rather would prefer to manage it from server (my favorite), you can run below cmdlet on Exchange Management shell to configure calendar permissions:

    Add-MailboxFolderPermission <manageralias>:\calendar -user <delegatealias> -AccessRights Editor Get-MailboxFolderPermission <manageralias>:\calendar -user <delegatealias>

  2. You can configure AccessRights as Editor/PublishingEditor/Owner as per requirements. If you wish to check permissions before adding:
  3. Assistant should be added as Lync delegate on manager’s Lync account: Once you’ve ensured permissions on Outlook calendar are correct, you need to ensure that delegate is added as Lync delegate on manager’s Lync account. To do same, you can:
    1. Add assistant as delegate using manager’s Lync client. On manager’s Lync client, go to Settings – Tools – Call Forwarding Settings – Edit My Delegate Members as shown below.


    1. Again, if you are not fan of disturbing high end users with assistants to configure small settings and would prefer to manage it from backend, you can use Sefautil.exe for same which is discussed in later portion of this post below.

Once you configure both Outlook and Lync delegate access as described above, assistant should see a prompt stating “<Manager> has added you as delegate” on his/her Lync client and should now be able to create Lync meetings on their manager’s calendar without any issue.

What is Sefautil?

SEFAUtil (secondary extension feature activation) is a command-line tool that enables Microsoft Lync Server communications software administrators and helpdesk agents to configure delegate-ringing and call-forwarding settings on behalf of a Lync Server user. The tool also allows administrators to query the call-routing settings that are published for a particular user.

The SEFAUtil tool allows the administrator to enable/disable/modify call forwarding on behalf of the user. The administrator can specify the target (in the form of a SIP URI) or use a target that has already been published by the user. This tool also allows administrators to add or remove delegates on behalf of the user. The tool supports enabling or disabling simultaneous ringing, delayed ringing, or call forwarding to delegates

This tool requires administrators create a trusted application in the central management store for Sefautil using Lync Topology Builder.

The features in this tool allow administrators and helpdesk agents to do the following:

  • View all call routing settings for a user (includes call forwarding, delegation, team ringing, and simultaneous ringing)
  • Enable/disable/modify call-forwarding setting (includes destination and no-answer timer)
  • Enable/disable/modify call-forwarding immediate configurations
  • Enable/disable/modify delegation settings

How to use Sefautil for managing delegates?

The SEFAUtil tool can be run only on a computer that is a part of a Trusted Application Pool. UCMA 3.0 must be installed on that computer. To run the tool, a new Trusted Application with the sefautil application ID must be created on that pool.

  1. To Check user’s or manager’s existing call forwarding setting:

SEFAUtil.exe /


User Aor:

Display Name: Katarina Larsson

UM Enabled: True

Simulring enabled: False

User Ring time: 00:00:20

Call Forward No Answer to: voicemail

Set the Call Forward/No Answer Destination

  1. To add delegate for user’s or manager’s Lync account:

SEFAUtil.exe /server: /


User Aor:

Display Name: Katarina Larsson

UM Enabled: True

Simulring enabled: False

Delay Ringing Delegates (delay:10 seconds):

  1. To remove delegate for user’s or manager’s Lync account:

SEFAUtil.exe /server: /


User Aor:

Display Name: Katarina Larsson

UM Enabled: True

Simulring enabled: False

User Ring time: 00:00:30

Call Forward No Answer to: voicemail

Conclusion: Troubleshooting Lync meeting permission issue is mostly straight forward i.e. if you’ve configured Outlook calendar and Lync delegate access properly, you should not see this issue coming. You can find more details regarding above information in our reference section below.



Occasionally it might get more typical in nature. If you have encountered such typical scenarios, please do mention same in comment box below.

Thank you for reading, in the next blog we will be covering automation of Lync server performance monitors and discuss Call Quality management (CQM) and Key Health Indicators (KHI) for Lync server environment.

July 3, 2014  Tags: , , , , , , , ,   Posted in: Lync 2013, Lync Server 2010, Office 365, Outlook  3 Comments

Lync cannot connect to the Exchange Server

Hello All




I was working with couple users today who had issue with Lync conversation history not saving within their Outlook clients even though the option was enabled to save conversation history within client.




Issue: Conversation history folder appears in Outlook, however the Lync conversation history is not saving in the folder.

We covered similar thread few months ago where we explained scenario where conversation history folder doesn’t appears itself and conversation history doesn’t saves in Outlook:

As covered in our previous post, The conversation environment feature leverages both Exchange Web Services (EWS) and MAPI to manage Conversation History items. Unlike previous versions of Lync, EWS is now the primary method used to provide Microsoft Exchange integration features for the Lync client.  MAPI will be used if EWS is unavailable, but only in a limited capacity. For more details, we encourage you to read resource kit chapter Understanding & Troubleshooting Exchange server integration

Today’s issue was different from above though as conversation history folder was present, just conversations were not saving in the folders.

In idle scenario, under Lync configuration information, the MAPI and EWS status should show OK:


And we should see EWS cached data in user’s registry HKCU\Software\Microsoft\Communicator\[User SMTP Address]\Autodiscovery

When we checked the Lync configuration information, two users had two different EWS status which we’ll cover in this post.

Scenario 1 – EWS Status – EWS Unavailable: For first user, under Lync configuration information, EWS status showed as unavailable and below error was shown on Lync client:

EWS Unavailable

User had EWS Internal and External URLs populated in his client i.e. Lync was able to extract EWS URLs using Autodiscover service, however wasn’t able to connect to it. Hence the status.

Troubleshooting Scenario 1: EWS unavailable is generally caused due to:
1. Proxy/PAC file configuration on user’s workstation: In certain environments, all internal & external URLs are configured to go via proxy server and depending on infrastructure configuration, the proxy server may or may not be able to communicate directly with Exchange server on behalf of Lync client. At this point the communication breaks between Lync & Exchange server causing the issue. To resolve this issue, make sure EWS/OWA namespace is bypassed from proxy either using Internet explorer/group policy or hard coded in PAC/Proxy file itself
2. Invalid IP address or configuration issue: In this scenario, Lync was able to resolve the Autodiscover DNS values but was unable to contact the site due to invalid IP address or reverse proxy configuration.
3. Invalid Windows Credentials: User is logged in to windows using different credentials than normal user account (like admin account) due to which either Lync is unable to authenticate against EWS service OR Proxy server is unable to authenticate on behalf of user. In either scenario, EWS connection will fail and status will stay unavailable. To resolve the issue, ensure user is logged in using proper account and authentication is working without issue.

Resolution 1 – In my case, it was point 3 above i.e. user was logged in using his admin account into Windows which wasn’t authenticating as expected into EWS. Once user logged in using his normal windows account, the EWS status turned OK and conversation history started to save as expected.

Scenario 2 – EWS Status – EWS is not fully initialized: In this scenario, user doesn’t has EWS URLs populated in the Lync configuration/client altogether and EWS status stays in “EWS is not fully initialized”

User gets same error notification on Lync client stating “Lync cannot connect to the Exchange Server”

Lync client’s MAPI status was ok, Lync & Outlook Autodiscovery was working ok as well. However, Lync client wasn’t able to determine internal and external EWS URLs.

Troubleshooting Scenario 2: The issue can be caused due to one of following:
1. Invalid DNS or DNS Lookup failure: If Lync client is unable to find appropriate DNS A or SRV record to reach out Exchange autodiscovery service for looking up EWS URLs, it fails to populate them in Lync client itself. To check if this is issue, you can use nslookup command for troubleshooting and ensure proper DNS records are populated.
2. Invalid certificate or untrusted certificate: If Exchange certificate authority is not trusted by local client/workstation, Lync cannot reach out to Autodiscover URL and hence doesn’t gets any response back with appropriate EWS information. To fix this issue, ensure certificate authority used to generate exchange certificates is also trusted by workstations in your environment.
3. Untrusted Server name for Sign-in Address: If client is  connecting to a server that is unknown to Lync. Lync must have your permission to verify whether to trust this server.


Above prompt can come for Lync client trying to connect to Lync server during sign-in OR Lync trying to connect to Exchange server after sign-in. This doesn’t reflects any issue in configuration, it is a security feature. Lync will not connect to any unknown server until you confirm that it is trusted.

Resolution 2 – In my case, it was point 3 above i.e. when Lync was trying to connect to Exchange server, above prompt was displayed, however user ignored the prompt due to which Lync didn’t process the autodiscover response from Exchange server. Hence the EWS information stayed blank on Lync client.

To prevent the dialog box from being displayed, you can edit the following REG_SZ registry value:
Lync 2010 – HKEY_CURRENT_USER\Software\Microsoft\Communicator\TrustModelData\
Lync 2013 – HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Lync

Add the Fully Qualified Domain Name (FQDN) of the server-based computer that is displayed in the Trust Model Dialog to the existing value data that is listed in the TrustModelData registry value. This will be the Lync Server/Exchange Server/Exchange CAS array for which you’re getting the prompt shown above.

If you have an Active Directory environment, you can push this registries via Group Policy as well. You can find sample GPO HTML report attached below for reference.


In above example, we’ve added Exchange CAS arrays name, to existing value of TrustModelData. You can also download this file from Onedrive ->

Conclusion: Lync not saving conversation history to Outlook client OR Lync status not changing based on Outlook calendar information are couple of most common issues encountered with Lync/Outlook integration. Depending on environment configuration and client side configuration, the troubleshooting can be complex. Hopefully above information gives you some starter points to check and reduce the troubleshooting time for you accordingly.

For more information regarding above post, please refer to reference section below.


In our next post, we’ll be discussing about Outlook delegate and Lync meeting issues. Till Next Time !

June 28, 2014  Tags: , , , , , ,   Posted in: Exchange Server, Exchange Server 2010, Exchange Server 2013, Exchange Server General, Lync 2013, Lync Server 2010, Office 365  One Comment

Exchange – OABGen Encountered Error

Hello All



I was working with a client who recently moved their public folder databases to a dedicated public folder server such that they can remove that load from production mailbox servers, which made sense.

Part of this movement included moving of Offline Address Book (OAB) generation server as well, as they wanted to keep public folder distribution of offline address book available (even though with Exchange 2010 onwards, it uses web distribution method unless Outlook client is older than Outlook 2007 SP2) and to keep OAB generation server same as public folder server


Issue 1 – Everything went as per plan (I will write up the details of movement in other post), however, post movement of OAB generation server, we encountered below errors on the public folder server with respect to OAB generation:

Log Name:      Application
Source:        MSExchangeSA
Date:          6/25/2014 5:12:32 AM
Event ID:      9330
Task Category: (13)
Level:         Error
Keywords:      Classic
User:          N/A
OABGen encountered error 80040115 (internal ID 50004ca) accessing Active Directory Server-DC00 for ”.
– \Default Offline Address Book

Log Name:      Application
Source:        MSExchangeSA
Date:          6/25/2014 5:12:32 AM
Event ID:      9334
Task Category: (13)
Level:         Error
Keywords:      Classic
User:          N/A
OABGen encountered error 80040115 while initializing the offline address book generation  process. No offline address books have been generated. Check the event log for more information.
– \Default Offline Address Book

The error generally is caused if one of following condition is true:
• Server is not added properly to Active Directory domain and is unable to read the configuration partition properly. Since all other services were running properly, it didn’t seem like issue.
• Authenticated users do not have read/list permission on offline address book object. Since the issue started happening post movement, this didn’t seem like cause of issue either and when double checked, permissions were there correctly for Authenticated Users group.
• Server is unable to reach the domain controller reported with Error 9330. When I pinged and did some network troubleshooting, this didn’t seem like an issue either since both domain controller and exchange server were on same subnet.

On further digging, I realized that domain controller and exchange server are in different AD domains and client used Append these DNS suffixes option on NIC to try out all AD domains in particular order.


When checked the NIC, it was missing the AD domain which Server-DC00 was in and hence exchange server was unable to reach out to Server-DC00 for OAB generation.

Resolution 1- We added all required AD domains in the Append these DNS suffixes configuration of primary NIC so that it can contact all required domain controllers in environment without any issue.

Issue 2 – Once the domain controller issue was fixed and we used Update-OfflineAddressBook command to force update the OAB files, we encountered below errors in the logs:

Log Name:      Application
Source:        MSExchangeSA
Date:          6/25/2014 8:57:28 AM
Event ID:      9331
Task Category: (13)
Level:         Error
Keywords:      Classic
User:          N/A
OABGen encountered error 80004005 (internal ID 50103b7) accessing the public folder database while generating the offline address list for address list ‘/’.
– \Default Offline Address Book

Log Name:      Application
Source:        MSExchangeSA
Date:          6/25/2014 8:57:28 AM
Event ID:      9335
Task Category: (13)
Level:         Error
Keywords:      Classic
User:          N/A
OABGen encountered error 80004005 while cleaning the offline address list public folders under /o=Contoso/cn=addrlists/cn=oabs/cn=Default Offline Address Book.  Please make sure the public folder database is mounted and replicas exist of the offline address list folders.  No offline address lists have been generated.  Please check the event log for more information.
– \Default Offline Address Book

The above errors are pretty straight forward, basically stating that system attendant mailbox is unable to find copy or replica of OAB on public folder database referred by mailbox database of the same server. This generally happens if:
• Public folder database is inaccessible.
• MAPI connection issue to public folder server if it is on a different network.

In our case, since the public folder database was on same server and accessible, above two reasons weren’t cause of issue


Resolution 2 – We added the public folder server as replica of Offline address book system public folder and after the contents were replicated, the OAB generation process started to work without any errors or as expected.

For reading more about troubleshooting OAB generation in an Exchange 2013 environment, refer to our blog below:

Hope above information save some troubleshooting time on your side. You can read more about above issues on below reference articles.

In our next post, we’ll be discussing about moving public folders in an Exchange 2010 environment and moving & forcing OAB generation process for end user clients.



June 27, 2014  Tags: , , , , , , ,   Posted in: Exchange Server, Exchange Server 2007, Exchange Server 2010, Exchange Server General, Outlook  No Comments

IMPORTANT – Security Vulnerability in Lync

Hello All




Microsoft has released security bulletin on June 10th identifying security vulnerabilities in Lync Server 2010/2013 web components and Lync 2010/2013 desktop clients.




Security Risk Involved: An information disclosure vulnerability exists when Lync Server fails to properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.

The vulnerabilities could allow remote code execution if a user opens a specially crafted file or webpage. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Recommendation: For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software

Note: The security updates in MS14-036 and MS14-032 are not related. Customers should install the updates in both bulletins for the software installed on their systems. MS14-036 is related to Lync client on user workstations and is not related to Lync Server.

Microsoft Security Bulletin MS14-036 – Critical
Microsoft Security Bulletin MS14-032 – Important
MS14-032: Vulnerability in Lync Server could allow information disclosure: June 10, 2014
MS14-036: Description of the security update for Lync 2010: June 10, 2014

June 13, 2014   Posted in: Lync 2013  No Comments

Backup Up Lync Server Environment

Hello All

LyncIn this post we’ll be discussing Lync Server environment backup requirements and how we can assist in streamlining this process for you.



On a broad scale, Lync components backup can be categorized into following:


Settings and Configuration Requirements: The following table outlines settings & configuration that you need to backup and restore.

Type of data

Where stored

Description / When to back up

Topology configuration information

Central Management store (database: Xds.mdf)

Topology, policy, and configuration settings. Back up with your regular backups and after you use Lync Server Control Panel or cmdlets to modify your configuration or policies.

Location information

Central Management store (database: Lis.mdf)

Enterprise Voice Enhanced 9-1-1 (E9-1-1) configuration information. This information is generally static. Back up with your regular backups.

Response Group configuration information

Back End Server or Standard Edition server (database: RgsConfig.mdf)

Response Group agent groups, queues, and workflows. Back up with your regular backups and after you add or change agent groups, queues, or workflows.

Data Requirements: Here is a list of the Lync Server data that you need to back up so that you can restore Lync Server service in the event of a failure.

Type of data

Where stored

Description / When to back up

Persistent user data

Back End Server or Standard Edition server (database: RTCXDS.mdf)

User rights, user Contacts lists, server or pool data, scheduled conferences, and so on. This user data does not include content uploaded to a conference.

Archiving data

Archiving database (database: LcsLog.mdf)

Instant messaging (IM) and meeting content.

Monitoring data

Monitoring databases (LcsCDR.mdf and QoeMetrics.mdf)

Call detail records (LcsCDR.mdf) and Quality of Experience (QoE) metrics (QoeMetrics.mdf).

Persistent Chat data

Persistent Chat database (mgd.mdf).

Persistent Chat Data is actual chat content being posted in chat rooms. This data is often business critical.

File Store Data Requirements: In an Enterprise Edition deployment, the Lync Server file store is typically located on a file server. In a Standard Edition deployment, the Lync Server file store is located by default on the Standard Edition server. Typically, there is one Lync Server file store that is shared for a site. The Persistent Chat file store uses the same file share as the Lync Server file store.

Type of data

Where stored

Description / when to back up

Lync Server file store

Typically on a file server, file cluster, or a Standard Edition server

Meeting content, meeting content metadata, meeting compliance logs, application data files, update files for device updates, audio files for Response Group, Call Park, and Announcement applications, and files posted into Persistent Chat rooms.

Additional Backup Requirements: Other necessary components that are not part of Lync server itself:

○ Active Directory Domain Services

○ Certificate authority and certificates

○ System Center Operations Manager

○ PSTN Gateway Configuration

○ Infrastructure Information

○ Microsoft Exchange and Exchange UM

Now that’s a lot of variety of data to backup. Not good for lazy administrator within you at all. So our lazy administrator gets to work and writes two scripts that will help you backup this data in one go. You can download the scripts from below:

What do these scripts do? These scripts helps you backup your Lync server environment based on above guidelines by Microsoft.

What do these scripts backup? These scripts backup following for your Lync infrastructure:

• Lync Server settings and configuration which includes topology zip file, Lis Information and response group configuration Information.

• Lync File Share

• User contacts and conferencing data.

• Lync server certificates along with their private key with password as server’s name in CAPS

• (Additional) Lync SQL databases. Currently we haven’t provided parameter for same but you can expand script to do same as well. Since most environment prefer their own SQL backup routine independent of application itself.

How do these scripts work? Ah good question, the scripts take BackupLocation as parameter which specifies any location local or on network. Script then creates folder within that location with server name from where its been run from. In there, it backs up or dumps the data depending on other parameters you’ve chosen.

You can choose to include all three components to be backed up i.e. Configuration, Data, Certificate OR you can choose only one of component to be backed up. For example, to backup certificates, you need to run script from local server but you don’t need to backup Configuration & user data from each server. They can be done from only 1 server.

The script keeps the previous copy of folders created for 1 day i.e. when you run script second time, it’ll rename the previous created folder and create a new one accordingly. If you run third time, it’ll remove the folders created on first run.

It also dumps certificate store information into a csv file within same folder. Now why do you need it is discussed below.

For more details on how to use these scripts, download the scripts locally and run below commands in powershell to read help:

• Get-Help .\Get-Lync2010Backup.ps1 -Detailed

• Get-Help .\Get-Lync2013Backup.ps1 -Detailed

Why do I need csv with certificate information? Basically I was having hard time tracking all certificate expiry dates in Lync environment. Sure we have SCOM which alerts us 1 week prior to expiry and we can modify the rule to alert us more in advance/frequently but if by any chance we miss that alert and certificate expires, well it’ll be “I LET CERTIFICATE EXPIRE ! EVERYBODY PANIC !”

To help with same, we wrote below script that helps us keep track of expiry dates on weekly basis. You can download the script from below


How this script works? It reads all the csv files created in backup location by LyncBackup script and it populates them into a nice looking HTML which can be sent via email automatically as required. This way you’ve a customized report and alerting of your own that fits your need. Some might argue that if you still miss this email, true, but at-least this one is not hidden between swarm of other alerts SCOM generates, so makes it easier compared to same.

For more details on how to use this script, download the script locally and run below command in Powershell to read help:

Get-Help .\Get-LyncCertificateDetails.ps1 -Detailed

You can find these scripts in this folder as well ->

Update (06/27/2014): We’ve added another column in Get-LyncCertificateDetails which depicts number of days remaining in certificate to expire from the day of report run and color codes the data accordingly. If any certificate is close to expire, it changes the subject line of report accordingly as well.

Conclusion: Lync backups can be tricky at times, specially due to variety of components involved like SQL/DFS/CA etc. Hopefully you find above information helpful and above scripts help make your job easier and make you a Rockstar in front of your boss ! :-)

Thanks for reading !

June 5, 2014  Tags: , , , , , , , , , , ,   Posted in: Lync 2013, Lync Server 2010  One Comment

What is Enterprise Vault?

Hello All

EV IconNew on our site, we’ll be starting posting blogs and knowledge articles about Symantec Enterprise vault server but before we start doing same, we should know what it exactly is first.

What is Enterprise Vault in a nutshell?
Enterprise Vault, the industry leader in archiving, enables organizations to efficiently store, effectively manage, and easily discover and retrieve unstructured information as needed for business



Primarily Enterprise vault is used in environments to archive emails from Exchange server environment. Additionally, it can also be used to archive file servers, SharePoint environment and SMTP archiving i.e. archiving emails from servers running Windows SMTP service.

Symantec is placed highest in Gartner’s Magic Quadrant as of 11th November 2013 for vision & execution in Enterprise Information Archiving:


Release information:
• Current Major Release used in production: Enterprise Vault 10.0.4
• Newest Release for production: Enterprise Vault 11
• Newest Release in beta: Enterprise Vault 11.0.1

Key Features
• Unified Document Archiving Software Platform moves less-frequently accessed information off of expensive primary storage to lower-cost storage
• Global deduplication of Archived Content (i.e. email, files, sharepoint, IM, databases.)
• Easy to use Compliance and an E-Discovery options to enable roles-based search and access for self-service users to search, preserve, review and export electronically-stored information and messages
• Policy-based management and workflow to automate archiving processes and take control of data sprawl
• Supports virtualization infrastructure for flexible deployment without additional hardware

Additional Archiving Features
• Built-in Data Classification Services (DCS): Based on Symantec Data Loss Prevention technology, add context and relevance for more granular control over identification, retention, and deletion of Exchange messages Identify and flag email with private and sensitive information, such as social security numbers, bank accounts and phone numbers
• Discovery Accelerator Custodian-based Search: Quickly find all relevant information across email, SharePoint, files, IMs, etc., based on custodian Target searches to individual custodians within a case for increased search precision and recall
• Archive Microsoft File Servers and SharePoint Content: Extend governance to file servers and SharePoint. Archive SharePoint document libraries for storage optimization and compliance. Archive SharePoint document libraries, wiki’s custom SharePoint lists, social content and more.
• Social Media and Website Archiving: Extend compliance policies to sites such as Facebook, Twitter, and LinkedIn Preserve social media communications for eDiscovery requests
• Archive to the Cloud: Leverage Cloud Storage Connectors to designate AT&T Synaptic, Amazon S3 and others providers as a storage tier for archiving.

Key Benefits
• Enterprise archiving reduces storage footprint and costs by up to 60% or more by moving deduplication and compression closer to the source while retention and deletion policies keep information for only as long as it is needed
• Streamlines backup and recovery times by moving older, infrequently accessed data from production sources into a centralized archive
• Enables an in-depth search of Electronically-Stored Information (ESI) across the enterprise, giving organizations clear visibility into and control of the discovery, assessment, and management of unstructured and semi-structured information
• Allows for immediate early case assessments, legal hold and review without manual, time-consuming collection processes

Conclusion: Enterprise vault has many advantages over other archiving solutions available in market including in-house Exchange server 2013 archiving solution. Specially in legal area, there’s none stronger than Enterprise vault in present that I know of. With release of Enterprise vault 11 and it being available for archiving items from cloud solutions like Office 365, Google etc. it definitely is recommended solution that you can look into for your environment.

In coming posts, we’ll be comparing Enterprise vault with Exchange archiving solution and also discuss new features that are available with Enterprise vault 11 which you should consider before deploying.

Meanwhile, please refer to reference section below for more details about this product.

• Enterprise Vault Introduction Video:
• Gartner’s Magic Quadrant Report:

Hope you find above information helpful and will enjoy reading more about enterprise vault in coming weeks

June 2, 2014  Tags: , , ,   Posted in: Enterprise Vault  No Comments