Exchange 2016 + Skype For Business + New Certificate = Errors?

Leave a reply

Changing an expired SSL certificate is easy in Exchange 2016 using the EMC.  A simple click or two, and boom… new certificate!

Unless you have integrated Skype for Business IM into your OWA.

Symptoms
1st Symptom: User Complaints
2nd Symptom: Your exchange logs the following event:

The certificate specified by the InstantMessagingCertificateThumbprint parameter of the Outlook Web App virtual directory wasn’t found in the local certificate store.
Certificate thumbprint:

Yup.. you have a couple of more steps to complete.

STEP#1: Get the new thumbprint

  1. Launch Exchange Management Shell as an Administrator
  2. Execute
    Get-ExchangeCertificate
  3. Copy the Thumbprint of the certificate that has registered the “W” service
    NOTE: That same certificate may have registered other services like the certificate example below, which has registered IPUWSC services.
    image

STEP#2: Update the OWA virtual directory with the new thumbprint

  1. Launch Exchange Management Shell as an
    Administrator
  2. Execute
    get-owavirtualdirectory | Set-OwaVirtualDirectory -InstantMessagingCertificateThumbprint [THE NEW THUMBPRINT]

STEP#3: Update the OWA configuration file

  1. Open the OWA configuration file located at
    C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\OWA\web.config
  2. Search the configuration file for “IMCertificateThumbprint”
    Important: If the key does not exist in the web.config, proceed to STEP#3A below
  3. Change the key thumbprint to the new thumbprint value
    <add key=”IMCertificateThumbprint” value=”[THE NEW THUMBPRINT” />
  4. Restart IIS and test IM in OWA
  5. Your Done!  Stop here!

STEP#3A: Update Setting Overrides

  1. Launch Exchange Management Shell as an Administrator
  2. Execute
    Get-SettingOverride
  1. You should get an output like the following
    image
    Closely note the following values
    – Id   {In the example above, the value is OWA-SKYPE-INTEGRATION
    – Parameters, specifically the IMServerName value {In the example above, the value is SRVSKYPE15FE.corp.armgasys.com
  2. Execute
    Set-SettingOverride -Identity [ID NAME] -Parameters @(“IMServerName=[SERVER NAME]”,”IMCertificateThumbprint=[THE NEW THUMBPRINT]”)
  3. Make sure everything is refreshed by executing the following command
    Get-ExchangeDiagnosticInfo -Server $ENV:COMPUTERNAME -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh
  4. Restart IIS and test IM in OWA

Good Luck!

Automate user photos in Exchange

1 Reply

The introduction of hi-resolution photo support within Exchange solved the photo quality issues in various Microsoft products such as Outlook and Skype for Business (Lync).  For many companies, the next question became “How do I get my corporate approved photos uploaded to Exchange?”

Here at ArmgaSys, we asked the same question.  Here is our solution

The Challenges

  1. Build a PowerShell script to automatically upload corporate photos to Exchange.
  2. Automate the process via a scheduled task using the least privileges possible.
  3. Prevent users from uploading their own pictures and overriding the corporate approved (non-cat/clown/other) photos.

The PowerShell Script

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;

$imgFolder = ‘C:\Headshots\’

foreach ($pic in Get-ChildItem $imgFolder)
{
    try
    {
        Set-UserPhoto `
            $pic.BaseName `
            -PictureData ([System.IO.File]::ReadAllBytes(“$imgFolder\$($pic.Name)”)) `
            -Confirm:$false
        Remove-Item “$imgFolder\$($pic.Name)”
    }
    Catch
    {
        Write-Warning “Warning : $_”
    }
}

# Update Exchange policies to prevent users from uploading their own pictures
Get-CASMailbox -ResultSize Unlimited | Set-CASMailbox -OWAMailboxPolicy Default
Get-OWAMailboxPolicy | Set-OWAMailboxPolicy -SetPhotoEnabled:$false

Script Usage Notes

  • Be sure to set the variable $imgFolder to the location of your headshots
  • This script assumes image deltas.
    I.E. only new or changed images should be processed.  As such, the script deletes the image after it is completed. If you want to process every user image every time the script is run, remove the line:
    Remove-Item “$imgFolder\$($pic.Name)”
  • Important: Be sure to include the backtick (line continuation character) in your script if you leave the Set-UserPhoto command on multiple lines!
  • This script will reside directly on the Exchange server

Scheduling the Script
Using Task Scheduler on the Exchange server that houses the script, create a task to run at the time intervals desired by your needs.  Set the remaining options as follows:
Security Options
Set the user account to NT AUTHORITY\NETWORK SERVICE
  image
Actions
Action = Start a program
Program Script = PowerShell.exe
Add arguments (optional) = -ExecutionPolicy Bypass [Full path and file to your script]
                 Example: -ExecutionPolicy Bypass C:\Scripts\Headshot.ps1

image

Setting up Security: Headshots Folder
Grant the Exchange computer Modify access to the folder which contains the headshots. 
NOTE: If your script will not delete the Headshot images, you can grant Read-Only access to the folder.

image

In our example above, the server name is SRVEXCH16 and resides in the ArmgaSys corporate domain.
Important: You will need to make sure the Object Types includes Computers!
image

Setting up Security: Script Access to Exchange
Grant the Exchange computer access to the user’s mailboxes so the script can upload the user images.

  1. Launch the Active Directory Users and Computers snapin
  2. Open the OU Microsoft Exchange Security Groups
  3. Open the group Help Desk
  4. Add the Exchange computer running the script as a member
    image
    In our example above, the server name is SRVEXCH16 and resides in the ArmgaSys corporate domain.
    Important: You will need to make sure the Object Types includes Computers!
    image

Populating Headshot Images
Now all you need to do is populate your headshots directory and test!
Important:  The script assumes all headshot images are in the format of [ExchangeUserName].[EXT].  In our organization, we use [FirstName].[LastName] as our Exchange user name format.

So, an example headshot image dropped into our headshots directory would be
Auther.Dent.JPEG

 

Enjoy!

LegacySiteDetected during upgrade to SharePoint 2016

2 Replies

So, you are happily migrating your SharePoint 2013 content database to SharePoint 2016 when the Test-SPContentDatabase command spits out:

Category        : LegacySiteDetected
Error           : True
UpgradeBlocking : True
Message         : 1 site(s) using SharePoint 2010 experience.
Remedy          : Please upgrade sites using SharePoint 2010 experience
                  in database [Your Content Database] to SharePoint 2013
                  experience before proceeding.

Wait a second???  We are migrating from 2013?  How did a SharePoint 2010 experience get in there?

Root Cause
The content database you are migrating to SharePoint 2016 was very likely using the SharePoint 2010 Office Web Apps.

The Fix
Step#1: Locate the offending SharePoint 2010 site

  1. Launch SQL Server Management Studio (SSMS)
  2. Connect to the offending content database
  3. Execute the following query:

    SELECT als.id, als.PlatformVersion, aw.Title, aw.FullUrl, aw.ProductVersion, als.Deleted
    FROM dbo.AllSites als
         INNER JOIN dbo.AllWebs aw
      ON aw.Id = als.RootWebId

  4. Locate the entry that does not have a product version of 15.  It will most likely look like this:

    PlatformVersion    Title             FullUrl                   
    4.0.25.0           Team Site         sites/Office_Viewing_Service_Cache

Step#1: Deactivate (Delete) the offending SharePoint 2010 site

  1. Note the GUID associated with the site you identified in Step#1 above
    (This will be the id column)
  1. Run the following query using SSMS connected to the content database:

    UPDATE dbo.AllSites
    SET Deleted = 1
    WHERE id = ‘[GUID]’