Category: Microsoft Communications Server

Getting photos in Lync 2010 from SharePoint via Active Directory

 

I have spent a fair amount of time recently working with Lync 2010 testing out new features and trying to figure out how everything works! One of the exciting developments in Lync is how well integrated it is with the rest of the Microsoft product stack. For me however this has caused some serious challenges as my knowledge of SharePoint is minimal, and certainly limited to end user knowledge.

This post outlines the process needed to get Lync showing photos uploaded to a users “My Site” in SharePoint 2010.

I am making the assumption that you already have SharePoint installed and that it has functioning “My Sites”. This was done for me by a colleague SharePoint consultant!

What follows is a discussion of the steps taken to get integration with AD to work and some of the troubleshooting tools I found along the way.

I started off by following this blog post:

http://blogs.technet.com/b/dcaro/archive/2010/06/05/replicating-user-pictures-from-sharepoint-2010-to-exchange-2010-and-communications-server-14.aspx

Step 1 from the above is easy to follow.

Step 2, makes the assumption that the User Profile Synchronization service is already in place. For me this was the case, however there was an issue with accounts which I will come onto!

Having followed Step 2 my final configuration screen looks like the below:

image

The reason I show that is because it shows the Source Data Connection. Given that I didn’t set this up, I thought I would investigate further, and it’s a good job I did because it became important to know what user account was being used for synchronization.

Back on the Central Administration, Manage Profile Service page seen below, I clicked on the Configure Synchronization Connections link.

image

image 

You can see the Active Directory connection shown on the Picture Export screenshot above. Drilling into the connection shows that it runs using the 123-shpt service account.

image

With this knowledge, let’s return to the original blog post we were following here:

http://blogs.technet.com/b/dcaro/archive/2010/06/05/replicating-user-pictures-from-sharepoint-2010-to-exchange-2010-and-communications-server-14.aspx

We are now onto Step 3

I kicked off a full synchronization but it didn’t look like much was happening and photos certainly weren’t appearing in AD. At this point I looked at the event logs on the SharePoint server.

What I found was a bunch of errors like this: FIMSynchronizationService – EventID 6050 – Error

image

The following two blog posts both helped troubleshoot this.

http://blog.jussipalo.com/2010/02/sp2010-fimsynchronizationservice-errors.html

http://www.tsls.co.uk/index.php/2010/05/06/sharepoint-2010-user-profile-synchronisation-failing/

They also led me to discover the FIM Synchronization Service Manager (SSM) which is located here:

C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe.

This application is your window on FIM and shows exactly what is happening during the synchronization.

I discovered that my problems were permission related.

What was needed was to ensure that the account mentioned above (in the SharePoint Directory Connection section (123-shpt) has the relevant rights in AD. This is confusing because a number of posts say that it the account which runs the FIM service which needs rights, but this doesn’t appear to be the case.

So I gave the 123-shpt account replicating directory changes permissions as detailed below:

Confirm that the service account used to run Forefront Identity Manager Synchronization Service (FIMSynchronizationService) has the AD Security right of “Replicating Directory Changes” at the domain level

  1. Open the Active Directory Users and Computers snap-in
  2. On the View menu, click Advanced Features.
  3. Right-click the domain object, such as “company.com”, and then click Properties.
  4. On the Security tab, if the desired user account is not listed, click Add; if the desired user account is listed, proceed to step 7.
  5. In the Select Users, Computers, or Groups dialog box, select the desired user account, and then click Add.
  6. Click OK to return to the Properties dialog box.
  7. Click the desired user account.
  8. Click to select the Replicating Directory Changes check box from the list.
  9. Click Apply, and then click OK.
  10. Close the snap-in.

 

Having done this the I kicked off another Full Synchronization in SharePoint and whilst viewing though the FIM SSM mentioned above, saw that connections were taking place.

However, there were still errors! Again they were permissions based, and this time it was specific to the end users who I was trying to provision a photo for.

After a fair bit of digging it turns out that the 123-shpt account also needs rights to all users in the domain to provision permissions.

I provided this by setting permissions for the 123-shpt account on the root of the domain. I used the advanced settings to ensure that the permissions only applied to Descendant User Objects. At a high level the permissions needed are Read, Write and Create all child objects however when broken out they look more complex as seen below.

image

image

image

Having made those changes, I kicked off a final Full Synchronization and found that photos were imported demonstrated by viewing the Attribute editor of the user object.

image

Signing out and back in on Lync made the photo show up.

image

 

Hope that helps people

Cheers

Nathan

Connecting Lync 2010 or OCS 2007 R2 to the PSTN

Hi,

Having just written a long (ish) post on a forum, I thought I would post it here for future reference.

These are high level methods of connecting OCS 2007 R2 or Lync 2010 to the PSTN.

There are three options;

In terms of capability of connection to the PSTN (Telephone network) functionally nothing much has changed in Lync 2010 compared to OCS 2007 R2 other than the need for SRTP support in gateways.

The lack of change is not a bad thing, as you really already have plenty of options!!

 

1.

Traditionally people have ISDN connections to the telephone network which in the USA are called T1 lines which give you a potential 24 channels (calls). Lync 2010 Server has no way of connecting to these ISDN lines without some form of interface. This could be putting an ISDN interface card into your server, but in general is by using a gateway device from the likes of Audiocodes or NET Quintum.

The gateway terminates the ISDN lines and then translates the audio into RTP streams (SRTP for Lync) and SIP for signalling (i.e. setting up who is calling who).

Generally this is the most used option as by terminating the ISDN lines on the gateway it is then possible to route calls either to Lync or to an existing PBX system

 

2.

The next most common option is to use an existing PBX to terminate the ISDN lines and have it talk to Lync, either through a gateway (kind of a reverse of the order above) or, the PBX might be able to talk SIP, and use TCP to talk over Ethernet to Lync.

 

3.

Instead of dealing with traditional ISDN lines the Lync server will connect over IP (TCP or UDP) Port 5060, to an ITSP (Internet Telephony Service Provider). For example people like Verizon, BT, Global Crossing etc.

This allows OCS to route and receive calls directly to the PSTN without the need for any legacy telephony equipment.

Sometimes, even with the above solution, a gateway can be useful, which can be used more like a session border controller, giving options to manipulate the traffic as it passes from Lync to the ITSP.

 

Hope that clears things up.

Cheers
Nathan

Activation Fails on new OCS Standard Edition Installation – Failure [0xC3EC78D8] Failed to read the Office Communications Server version information.

When installing a new OCS server recently I got these errors first in the deployment log:

clip_image002

And drilling down further:

clip_image004

So what on earth causes that! I thought, given that I had installed OCS no differently than usual. Turns out this harks back to the issues Microsoft caused when they released an update to the CryptoAPI in KB974571.

Essentially this caused OCS not to be able to read information about itself (like it license info) which was encrypted in with the CryptoAPI. This meant that OCS services wouldn’t start and lead to quite a few disgruntled customers!

Well there was a fix for that called OCSASNFix which not only fixed the services not starting issue but also fixes this new server activation error. The fix is available for download from the Microsoft Download Center. To obtain the fix, visit the following Microsoft Web page:

http://go.microsoft.com/fwlink/?LinkId=168248

Here is an extract from the KB article describing what it does: http://support.microsoft.com/kb/974571

The fix (OCSASNFix.exe) is governed by the Microsoft Software License Agreement for Office Communications Server 2007 R2, Office Communications Server 2007, Live Communications Server 2005, Office Communicator 2007 R2, Office Communicator 2007, and Office Communicator 2005.

This fix works for both clients and servers, and it is applicable to the following roles for all versions of Office Communications Server and Live Communications Server 2005 SP1 and for evaluation versions of Office Communicator:

· Standard Edition Server

· Director server role

· Enterprise Edition Consolidated

· Enterprise Edition Distributed – Front End

· Edge Server

· Proxy server role

· Office Communicator 2007 Evaluation version only

· Office Communicator 2007 R2 Evaluation version only

· Office Communicator 2005 Evaluation version only

This fix sets the OCSASNFIX DWORD value to 1 for the following registry subkey on the OCS 2007/R2 and LCS 2005-SP1 Server:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RtcSrv\InstallInfo\OCSASNFIX

Having downloaded the fix from the link above, navigate to its location in a command prompt and run it by typing the following command, and then pressing ENTER:

ocsasnfix.exe

clip_image006

When you run it you will see what it thinks is installed on your system and what it has fixed:

clip_image007

After that, as a precaution I rebooted the server.

Hope that helps people get over, and hopefully prevent a most annoying issue!

Cheers

Nathan

WordPress Themes

Get Adobe Flash player