Skype for Business Patching Process

Patching of the Skype for business front end pool is critical as well as very risky. Certain steps needs to be followed for SFB pool patching. Below are the steps to follow during patching of SFB servers.

Verify the replica status of the pool running below

Get-CsPoolFabricState -PoolFqdn <PoolFQDN>

If the result shows any missing replicas fix/recover the same using below command

Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery

If you are applying Cumulative Updates to SFB servers verify the upgrade readiness state before applying CU

Get-CsPoolUpgradeReadinessState

If the result is not ready wait till the readiness of the upgrade domain. Apply the cumulative updates based on the Upgrade domain

Once both the commands are verified failover the computer which is going to be patched first.

Invoke-CsComputerFailOver -ComputerName <Front End Server to be patched>

Apply the patches to the server

Run the below command once the server returned back after patching.

Invoke-CsComputerFailBack -ComputerName <Front End Server patched>

Follow the above steps on each Front End servers one by one.

Lync 2013 Issue with EWS integration - Continuous Prompt for Credentials

Reason to write this article is recently i faced an issue for EWS integration with Skype For Business/Lync 2013.This may be helpful for you....

Most of the articles talking about adding the domain to trusted model registry,auto-discovery and EWS URLs configuration.But after doing all these my issue did not solved.

Issue: EWS Status showing EWS is not fully Initialized / EWS Not Deployed

Basic Things we need to check :-

• DNS Entry for autodiscover.domain.com,Client machine should be able to resolve auto discover and EWS URLs
• If the SIP domain and SMTP Domain is different Email address Comparisoncheckdisabled value in Client policy should be True.
• EWS URL Should be deployed in Exchange Organisation
• Basic Authentication should be Enabled for Auto discover and EWS Virtual directory of Exchange server(All CAS Servers).
• Verify the Basic authentication using below command

         AutoDiscovery

Get-AutodiscoverVirtualDirectory -Server <CAS01> |fl BasicAuthentication .This should return value True.

If false set the value using 

Set-AutodiscoverVirtualDirectory -Server <CAS01> -BasicAuthentication $true

EWS

Get-WebServicesVirtualDirectory -Identity CAS01 |fl BasicAuthentication .This Should return value True.

If false set the value using

Set-WebServicesVirtualDirectory -Identity CAS01 -BasicAuthentication $true

• System web Proxy(PAC File or Manual Proxy) should exclude auto discover and EWS URLs

Now Will come to actual issue.Even after implementing all the above Lync client was not able to authenticate with Exchange server.Authentication windows was continuously popping up/Not accepting the credentials.

Solution:-We used fiddler to check what is happening with Exchange URL connectivity from Lync and found Lync client is trying to authenticate with Exchange using Negotiate:Kerberose mode and getting 401 Unauthorized access

• Logged on to Exchange server
• Opened INETMGR
• Clicked on Auto discover Virtual Directory
• Clicked on Authentication
• Right Click on Windows authentication and Select Providers
• Move NTLM to Top
• Repeated the same for EWS

But even after doing this Lync is trying to Negotiate for the challenge

• Logged on to Exchange server
• Opened INETMGR
• Clicked on Auto discover Virtual Directory
• Clicked on Authentication
• Right Click on Windows authentication and Select Providers
• Remove Negotiate mode
• Repeated the same for EWS

Enjoy Reading...Any doubt please comment...