Issue when connecting to Lync Online you may receive one of the the following errors
“The ‘New-CsOnlineSession’ command was found in the module ‘LyncOnlineConnector’, but
the module could not be loaded. For more information, run ‘Import-Module LyncOnlineConnector’.”
“Unable to discover PowerShell endpoing URI
At C:\Program Files\Common Files\Microsoft Lync Server
Lets deal with the first one,:
First ensure you have downloaded and installed the Powershell Module for Lync Online
Next, and this is the weird part set the powershell execution policy to “unrestricted”, is seems there is an issue with the modules loading, we were able to discover this by comparing a powershell session for one system that worked and other that did not. (if you are security conscious you may want to set this back when you are done)
The specific command is set-ExecutionPolicy unrestricted
For the last error ensure you have configured your Lyncdiscover records in your External DNS, this is needed for powershell to detect and connect to your online Lync environment, if you are in a hybrid configuration you may be pointing this to on-prem Lync and not Lync online. you can find your specific configuration by clicking on your domain in the office 365 admin center.
Finally the syntax to connect to your Lync Online is:esco over anything in particular let
$LiveCred = Get-Credential
$LyncSession = New-CsOnlineSession -Credential $livecred
- I had installed the beta version of Microsoft online backup
- I had backed up locally to a USB drive that has since failed
- Backups were scheduled locally and to the online backup service.
- When I removed the online beta backup software (Now Azure) and my failed drive, I was no longer able to manage windows backup from the GUI.
This is the error I received in the event log.
Event ID 1000
Source Application Error
Faulting application name: wbengine.exe, version: 6.2.9200.16384, time stamp: 0x50108cb6
Faulting module name: wbengine.exe, version: 6.2.9200.16384, time stamp: 0x50108cb6
Exception code: 0xc0000005
Fault offset: 0x000000000012623a
Faulting process id: 0x2678
Faulting application start time: 0x01ce64c42da7256f
Faulting application path: C:\Windows\system32\wbengine.exe
Faulting module path: C:\Windows\system32\wbengine.exe
Report Id: 6c2d3105-d0b7-11e2-9415-c86000003091
Faulting package full name:
Faulting package-relative application ID:
I had backups placed on a failed drive, this was causing the backup software to crash when it tried to enumerate them. (Not that the error or events point to that at all!)
I ran the following PowerShell cmtlets and re-setup my backups (Caution this will remove all record of any backup have taken place!!)
- Get-WBPolicy | Remove-WBPolicy
- get-Service *wb* | Start-Service
- Restart Windows Server Backup
Sweet! may backup works again!
Note: I was also able to re-download the Azure Backup agent and that is now working like a charm as well.
When at first I was looking into this the TechNet documentation was extensive and yet not as specific as I would prefer, so here is the quick and dirty DLP classification!
Creating and importing custom Classifications
- First you need to create your custom policy XML (Example Below)
- Save as XML Unicode file type (C:\MyNewPolicy.xml)
- Open the XML in internet explorer if its formatted correctly you will see the XML.
- Then import with Powershell
New-ClassificationRuleCollection –FileData ([Byte]$(Get-Content -path C:\MyNewPolicy.xml -Encoding byte -ReadCount 0))
- Once its imported you should be able to create a new DLP policy using the EAC
Creating a custom DLP Rule
- Login to EAC (i.e https://mail.domain.com/ecp)
- Click Compliance Management, data loss prevention
- Click the Plus , then New custom policy
- Name your policy and Choose your mode (I like to test with Policy tags), and click Save
- Select the policy and click the edit your new policy
- Select Rules from the left
- Click the to Create a new rule
- On the Apply this rule if field choose The message contains Sensitive information..
- Click *Select sensitive information types….. (if applicable)
- Click the to choose from the list,
- You should now see your new classification (from the example below it would be Secure Product Codes\ DLP by Exchangemasters.info)
Example of a Rule Classification XML
<?xml version=”1.0″ encoding=”utf-16″?>
<Version major=”1″ minor=”0″ build=”0″ revision=”0″/>
<PublisherName>DLP by Exchangemasters.info</PublisherName>
<Name>Secure Product Codes</Name>
<!– Product Code –>
<Entity id=”acc59528-ff01-433e-aeee-13ca8aaee159″ patternsProximity=”300″ recommendedConfidence=”75″>
<IdMatch idRef=”Regex_Product_Code” />
<Match idRef=”Code” />
<Name default=”true” langcode=”en-us”>
<Description default=”true” langcode=”en-us”>
A custom classification for detecting product codes that have 3 uppercase letters and 9 numbers
Well its official the next Microsoft Exchange Conference is going to be in our own little town of Austin TX in 2014!
9/24 Starts the first day of the Microsoft Exchange Conference (MEC).
For those that don’t yet know, this awesome event has been MIA for 10 years, we are excited to say it’s back!
This is a great time to see what’s new in Exchange, meet product group, MCMs, MVPs and other exchange enthusiasts.
All of our authors will be there, you can find us in whiteboard sessions, the Dell/Quest booth, and of course “in the halls” of MEC.
Stop by the booth and visit, or say hi if you see one of us in the halls!
Issue: User is a standard user (not a domain admin) and his RBAC permissions allow him to do message tracking but he is not not an Organization Admin.
- Running with Exchange PowerShell (get-messagetrackinglog): works
- Running with ECP: works
- Running with Tracking Log Explorer : Broken
“Failed to connect to the Microsoft Exchange Transport Log Search service on computer “Exchange_Servername”. Verify that a valid computer name was used and the Microsoft Exchange Transport Log Search service is started on the target computer.” The error message is: Access is denied.”
Reason: EXTra.exe is what is used to run Tracking Log Explorer and it doesn’t use remote PowerShell therefore your permissions are based on your AD login permissions not RBAC.
- Add the users to the “Exchange View-Only Administrators” (2007) or “Public Folder Management” (2010 Green Field) AD Group to be able to use the GUI.
- Use Exchange PowerShell or ECP to pull the tracking logs.
Thanks to Andrew and Ron for Figuring this out!
Note: Walkthrough on setting up ECP\ EMS Message tracking access
You may find that some things will work in the Lync GUI that will not work in PowerShell (Access Denied), the reason for this is that RBAC only applies to remote PowerShell and local PowerShell uses the AD permissions and not RBAC.
To resolve this you can login to PowerShell using the following script: (Copy the contents to a file and name it Connect-Lync.ps1)
$usercredential = get-credential
$pso = new-pssessionoption -skipcacheck -SkipCNCheck -SkipRevocationCheck
$session= New-PSSession -ConnectionUri https://localhost/ocspowershell -credential $usercredential -sessionoption $pso
Note: 1. This script ignores the certificate (so it will work if your using a self signed cert)
2. You may need to modify the execution policy to run this unsigned script in PowerShell “set-executionpolicy remote”
“Note that RBAC applies only to remote management. If you are logged on to a computer running Lync Server 2010 and you open Lync Server Management Shell, RBAC roles will not be enforced. Instead, security is enforced primarily through the security groups RTCUniversalServerAdmins; RTCUniversalUserAdmins; and RTCUniversalReadOnlyAdmins.”
In solutions like DAG and CSV you can have issues with VSS backups completing if you are attached to a SAN and using a hardware provider.
The reason for this is because the LUN needs to pause the processes accessing the LUN but if another server is the one in control of data on that LUN its unable to do that on a single host.
Here are some details as well as ways to resolve this issue.
1. CSV Issue
- Multiple Servers with a shared CSV Volume and VMS distributed across nodes may fail if you are using hardware VSS providers because it wants to snapshot the entire LUN but the node you are running the snap shot from doesn’t have access to all the VMS in order to pause them before committing the snapshot.
- You can resolve this in one of 2 ways.
1. Move all the VMs to a single node or host until the backup is completed.
2. Disable or remove your hardware based VSS provider.
2. DAG Issue
This issue may come up not because you are sharing LUNS and have active data on separate nodes (as above) but because you may use a separate provider for Active and Passive backups. When you try to backup a LUN that has both active and passive databases a hardware provider may try to use two different writers to snapshot the LUN. You can verify this by moving all active databases to one node to backup.
- You can resolve this in one of 3 ways.
1. Do not put multiple databases on a single LUN.
2. Move all Databases to one node before running backup
- 3. Disable you hardware based VSS provider
NOTE: Disabling your hardware provider will likely cause your backups to take much longer
- Disable Equal Logic VSS Writer – Run C:\Program Files\EqualLogic\bin>eqlvss /unregserver”
- Disable Hardware VSS in DPM – Add the following key to the registry [Software\Microsoft\Microsoft Data Protection Manager\Agent\UseSystemSoftwareProvider]
- How VSS Works
- If you know how to disable other providers please let me know and I will add it to this document!