Fix your Exchange Errors: the name on the security certificate is invalid or does not match


Hello Exchange Admins,

I found a great new tool from Digicert. I had to share it with everyone. Now days you cant have .local on your public certificate. This can create certificate pop ups. Digicert, always a proactive company, has come up with a tool, to remedy this problem.

They make changes to your Web services, to change the names to .com, eliminating the problems with Exchange. This also generates a roll back script, to get you back to the default settings, if there are any problems.

I don’t see the down side to this approach! Thanks Digicert, for putting the work in, so we all benefit.

The Tool is located here:

They also have a part 1 article on replacing your internal certificates, but part 2 is an awsome edition to the tool box, for Exchange people.

Thank you Digicert!


Here is part 1 on Internal Names

Thanks Again,


Response Group not ringing all available agents


Hello all,

This may be a time bound article. Yet you should be aware of the potential issue. Skype for Business may have a reproduced issue where the Response, group, depending on the method of call distribution, may not offer calls, as expected. I am not going to go to much into the troubleshooting of this issue, except to say that there is a few things you can collect to cross reference to your sip stack logs to test out a failure.

So of course you cant run logging all the time, but you can, when it’s the always on log. If the issue occurs where longest IDLE is not getting the call, you can go back and get the timeframe with the always on logs in Skype.

  • Open CLSLogger.exe from the installation location (Default is “C:\Program Files\Skype for Business Server 2015\Debugging Tools”).  Note:  Ensure to Run as Administrator.
  • Select the Edit Scenarios tab and then click the Create Scenario button.
  • Name the scenario and click OK.
  • Ensure the newly created scenario is shown in the drop-down window under Scenarios.
  • Add the following components with the corresponding Level and Flags settings.
      • RgsMatchMakingService:  Level:  Verbose; Flags:  All
      • S4:  Level:  Verbose; Flags:  All
      • SIPStack:  Level:  Verbose; Flags:  All
      • UserServices:  Level:  Verbose; Flags:  Check all flags with exception of TF_XMLSERIALIZER and All.
  • Click Save Senario
  • Proceed to collect the logs and save the data.

Next get your Documentation started by getting your facts:

  • Source Number:
  • RGS Workflow Number:
  • RGS Workflow SIP URI:
  • RGS Workflow Name:
  • Agent Group Name:
  • Agent SIP URI:

So now you have your Server Sip logs and your Response group Information. Next your going to query the Skype Database for some of your presence settings, from a local perspective. Collect and Interpret what you can. What you cannot comprehend will have to go to Microsoft or your technical support team, for analysis.


Run the following SQL query in SQL Management Studio against the backend instance of SQL for the FE pool


Script 1.


Run the following query against the RTCLOCAL instance on each Front End server in the pool.  Copy the results with headers.  You can paste the results in line below in a response email.


Other Shell command include:


Get-CsApplicationEndpoint | Where-Object {$_.DisplayName -match “RGS Presence Watcher” -AND $_.RegistrarPool -match “”} | Select DisplayName,RegistrarPool,SipAddress,Identity

Get-CsRgsAgentGroup | Where-Object {$_.AgentsByUri -match “” | Select *


Return these values to support, Or try do determine if the Presence is actually showing available, at the time the call should have been routed from the response group to the user. If you can get this information to show that the user was available for the call, but you don’t see that in the Skype logs, then you have your bug captured. Send this to support or contact Microsoft to work this issue into a patch.

At this time, as of Sept 14th 2016, if your having problems with Longest Idle, then your only recourse is to use the Attendant mode, as a work around, until this issue can be fleshed out.

If your Response group is working great then good! We hope it is that way. If its not, Hold on, Hopefully something is coming.



Skype Database cannot be opened. It is in the middle of a Restore


Hello All. I had a case that I have solved several times, but I forgot this particular morning, what I did to fix it. This is when I generally make a Blog. So the scenario is when you run the Topology Builder and complete a Mirror. However, at the end of the Mirror Creation, you get an error in the topology builder. This error may take many forms.




The error boils down to: Database cannot be opened. It is in the middle of a restore. If the mirror has not replicated, then your in another boat. However, In my case, The Mirror Databases seem to have restored completely.

I am not saying this will work for everyone, but if your issue is the SQL script got stuck, you may be able to just terminate the restore script, and re-publish your topology. If this works, great. If not, at least you had something to try.

Otherwise, this restore state never stops. It just sits in this state, and the mirror never finishes.



See the above results over trying to publish this mirror over and over and over. Hopefully this small step is all you need to fix your issue.


I have had another issue where this was only part of the issue. Next step is you want to check your SQL error log and see if the SPN account has an error. Look for:


“The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Windows return code: 0x2098, state: 15”

This is an indication you need to check into your Permissions to SQL or the Service account permissions to both Computer accounts.

If you don’t have these kinds of errors, then you may be fortunate. Try running this script if the issue is just that something is stuck at the end of the script:


Happy troubleshooting!



SFB Address Book Troubleshooting and Fixes

Hello All,


Let me begin by saying this Blog looks really boring to read. I am adding a Picture to the top so it looks more fun. I know it wont make it any more fun, but at least I feel like a better writer somehow.


This is a picture of a Tea Cup Pit Bull! Yes they do have those. Let me tell you, She is mean as can be as long as she stays near a Blanket !

Back to SFB- Address Books is it broken-> Lets see.

I have been troubleshooting some Lync address book failures this week. I thought I would sit down and write down some of the basic troubleshooting I do to isolate a potential problem. This post assumes you are not running UCS, but It may still be helpful. I would remove UCS for troubleshooting if your having Address Book Problems anyway.

Call Driver Scenarios

First I will put down some basic directions to go based on some early on questions:

  1. 1. Is text in the address book corrupt in some way? If yes, I have seen this issue occur only when UCS had been partially or fully Deployed. Then a migration occurred. If the UCS (unified contact store) had been deployed and you then migrated exchange or Lync Server, your best bet is to do a UCS rollback for Lync. Next Update your Lync Clients, so they are all current, to the version of Server CU. Next, redeploy UCS if your issue is not resolved. Now you will need to wait 24 hours or so for the corruption to be cleaned up.
  2. Is the customer using the ABSConfig tool? This is part of the resource tool kit. You will suspect this if the tool is installed in the environment and the address book is having issues. The first thing to check is if the tool matches the Lync server update version. If the ABSConfig tool is an older version, this is one reason for ABS updates having a problem. Second, Try putting the ABSConfig back to default, and see if that doesn’t help out the issue
  3.  Is there a problem with the way the Text is displayed? In other words are the phone numbers displayed wrong? Is the customer aware of a file called the Company_Phone_Number_Normalization_Rules.txt”? If this file exists in the Share of each pool of the Lync deployment. You may also find a default one created in the C:\Program Files\Skype for Business Server 2015\Server\Core folder. You will need to search the troubleshooting Documents on this, but if you have this file in place, you can over-ride it by using the command

set-csaddressbookconfiguration -identity -IgnoreGenericRules $true

You can also Delete the file, or edit the file as well. See point #4 below. Ken is now telling us this file is not used for Skype for Business If you need to go further here, you can start with his post

4.  So I get the feeling you can use the Company normalization file if you want. If you have to go down that road, I would use this AddressbookNormalizatoin.ps1 tool to do it. It appears to be written for SFB, but I am sure it works with Lync 2013 as well. Normalization tool

5. Contacts, Distributions lists, and presence does have real limitations. Please check out these limitations. You may find your issue may revolve around limits of the application – Application limits

6. The user has reached the Maximum amount of followers. This should not be changed. This is a Default behavior. It can be changed, but is not recommended


Now with those things out of the way, let’s do some simple test for the Address book service:

  1. Test-CSAddressBookService
  2. Test-CsAddressBookWebQuery

The other aspect to test is can your client get the web service URL? You will get a login pop up. It will fail. But if you don’t get a 401 or don’t get the prompt, then you know this issue is at the directory:

Does the Web Contacts work

  • The Address Book Configuration- Get-CsUserReplicatorConfiguration
  • Look for the LSABS files in the command below. You can delete these out of the folder to make sure they are being created. If they are then next…
  • Are the Files on the server being generated- run this command to see those files-

abserver -dumpfile “\\\SQL2012BE\hello\1-WebServices-1\ABFiles\00000000-0000-0000-0000-000000000000\00000000-0000-0000-0000-000000000000” c:Tempaddress-abs.txt

To check these things you may need to force initiate the address book replication:

  1. Update-CsAddressBook
  2. Update-CsUserDatabase -Force

You may also not be aware there are two mechanisms for the address book. One uses a file cache. The other users a live web search. You can use one at a time, or you can use both. The default is to use both. Here is how to force the use of only the web look up. This will tell you if the web look up is working.

The default value for SFB Client policy is WebSearchAndFileDownload

What your going to do is run the following command.

Get-CsClientPolicy | Set-CsClientPolicy -AddressBookAvailability WebSearchOnly

Once this is done, perform your update CS commands and wait. This may take a little bit for the policy to filter down. You can change the command back, but this will take a while to switch, either way.

Client Side

Now if you have checked the Server and you don’t see any failures there, you should next clear out the cache files on the client and try to initiate a new address book download. Do this by deleting the following files:

GalContacts.db and GalContacts.db.idx. In Lync 2013 this is a file called ABS__sipdomain.cache

Forrest Level

There is an unusual circumstance where contacts will not update if they are not in the correct Domains list.

More on this in another article.

# Add domains

Set-CsUserReplicatorConfiguration -Identity global -ADDomainNamingContextList @{Add=”dc=domainA,dc=local”,”dc=domainB,dc=Com”}

# Remove domain

Set-CsUserReplicatorConfiguration -Identity global -ADDomainNamingContextList @{Remove=”dc=domainB,dc=Com”}

To conclude, there is a lot here in just troubleshooting the Address Book Update. This is by no means an exhaustive document. However, It does give you a place to start, and hopefully with these commands I have used for a while now, you will get a foothold into the failure, and you may be able to get down to a possible solution.

In closing I will add that the Address Book service itself is not usually a problem. The one issue I run into over and over again was from Lync 2013 Updates, around the time SFB came out. There was a patch in there, where the update caused web services a bad time In IIS. The advice is just to make sure you are up to date on your Lync 2013 Updates. Also Skype for Business should not be RTM at this point. SFB needs to be at the current CU, and you should not have any issues, with the Address Book. This also means update your Client!!

Thank you,



Warning :No Databases were found for mirroring or witness setup for SQL server SERVERNAME and Instance PCHAT


This little nugget of an error occurs when you use the Skype for Business Topology Builder to Install Persistent Chat. The scenario where this error is relevant is when you have two Lync Sites and you have setup High Availability and Disaster Recovery. It just so happens this is also a Persistent chat Stretched Pool. I have spent considerable time trying to understand the underlying behavior. I hope I have gotten enough facts to help you avoid spending a bunch of hours trying to get Microsoft Support to fix it.

Before I start, I want to say This exercise has taught me that the Always On Availability group is a much more elegant solution for High availability and helps simplify Disaster recovery too. At the time of this reading, Always On Availability was not supported for Persistent chat. But I thought I would mention, it may be best to keep Persistent chat down to its basic essence and just do good backups. I am about to share with you why Mirroring and log Shipping is not a perfect solution for SKYPE for Business Persistent chat (from the topology builder)

The primary disparity comes in looking at the TechNet design vs. the Different Setup Documents you find available online:

Persistent Chat Configuration Configuration DR

Vs . The Deep Dive example by Richard Schwendiman.

By comparing the two Graphics of the Design, you can clearly see that the HA and DR for Persistent chat, Is defined, over and over, In a fairly straight forward design, which includes only one Mirror Database in the in the primary Site. This Primary Site is laid out below:

Figure 1. HADR database SetupUntitled

In contrast, you notice both Sites show 2 SQL mirrors. The Tech-net Documentation shows only one mirror. Channel 9 videos only show one mirror. I will now Juxtapose the Tech Net Document on the Same Design for SQL mirror setup.

Notice below, the SQL backup database is the log shipping target database. This Log Shipped database, is something you define in the Topology Builder, and constitutes the Disaster recovery copy of the Persistent chat database

Figure 2. TechNet Setup for HADR or Persistent Chat1230

In these small differences, there is a bug or a limit to the software. You will be able to publish the topology Builder, with either setup. However, Since the persistent chat Principle databases is log shipping to SQL backup, the Database state of the SQL backup database with be in recovery, on a permanent basis.

Since this is always recovering, the secondary mirror and witness will not be able to handle any commands from the topology Builder. you will get a failure if you try to “Publish Database” to the Secondary Site.

One of the errors you will see is Warning :No Databases were found for mirroring or witness setup for SQL server SERVERNAME and Instance PCHAT:



This is by design! The Secondary settings are there, because they can be used when and if you actually do the fail-over process, to execute the Disaster recovery steps.


This is the screen where you will make your setup, and because of the lack of documentation, you will not realize two of the three entries here, are not going to work as the Back Up SQL store is going to work, when you publish  the topology.

The choices In the Red square above, Are not going to be functioning, accept for the Backup SQL server Store. This is the Log shipping database, as a result of being published, the Backup database, can be the recipient of the log shipped transaction log files.

  1. Because that databases is a log shipped database, the Mirror of this and the Witness cannot be working, because the Lync Services will basically be turned off, until the Lync Services are needed. Once you fail over the Primary Database, you may then use the Mirror and the Witness defined in the Topology. Until Failover, they will lay dormant!

This is a limit to how the Lync HADR process works. The only documents I could find on this issues was the following 2 articles:

Basically what these two links show is that If you set up the HADR as the Figure 1 setup, with a SQL mirror at the secondary Site, That mirror will not work, based on the log ship copy of the Persistent chat Primary Database. The log shipped databases will be in recovery at all times, as it is always changing, based on the constant updates.

To solidify this phenomenon, here is a Link the expresses this condition hereHow to back up the secondary log shipping database. If you notice, it looks like the Always on is the solution to this problem. Hopefully this is supported for Persistent chat soon!

Otherwise, this is largely manual process, whose goal is to allow the second data center to be able to take over persistent chat, based on several manual configuration changes, laid out in these articles:

Once you have failed over the persistent chat pool to the DR site, you may then reconnect the Pchat database, Mirror and Witness on the DR server. The gotcha is you will not be able to do it before.

Automation is not built into the DR procedures.


To conclude, I would really recommend you stay within the supported DR guidelines for HA ad DR with the Persistent chat pool. SFB had consolidates the steps (Over Lync 2013), so use the links above and you should be able to configure Persistent chat as a best practice. Originality will not likely pay off in this endeavor.

It looks like you may be able to have two mirrors in two Data Centers. This would not be directory supported by Microsoft. However, below are some possible helping steps if you wish to try:


  • SQL instances should both be in the same domain, as should both Sites.
  • Configure Chat permissions – User must be a member of CsPersistentChatAdministrator. To change policy, user must be in CsUserAdministrator, at a minimum.
  • All SQL databases need to have a domain account, with Admin permissions, common to all SQL instances involved with PCHat.
  • The Sub-net should be on the same sub-net.
  • There can only be one active Persistent chat primary database, at any given time, in the forest.
  • If the SQL Server service account on your primary server runs under the local system account, you must create your backup folder on the primary server and specify a local path to that folder.
  • to change log shipping, you have to fail over the mirror in the primary Chat Database.
  • The only time the Second PChat Mirror is used is in conjunction with Disaster recovery. is “with an optional mirror to provide high availability during disaster recovery” The words indicate that second mirror is only used when the DR process is being manually carried out.
  • There was a Gotcha in how you added the Databases and mirrors in the Topology builder.Review in case it comes up in your setup

Finally, this comes from Channel 9, which confirms the two way Mirror for Persistent chat is not showing up in design and configure documentation:

notice it does not say SQL mirror pair in both Sites.


I hope this is helpful in dispelling what Lync and Skype for Business will accept as far as the Supported HA and DR, when they are both set up and how they are set up.

To conclude, you may be able to manually make the log shipped Database, work with the secondary mirror and witness. This will generally require manual intervention, and may not be supported with MS and Skype foe Business. You can try to recreate the end point and manually initiate the mirror. However, you will need to break the supported configuration in able to make it work. Here are a few links to look at:

Lync, OCS, Skype for Business Persistent Chat requires port 8011. Missing from Documentation


Howdy Lync persons. Today I ran across an issue where Skype for Business Persistent chat errors were shutting the service off. the errors were:

Event 53517 Activating system shutdown. Active cluster { 1 } does not contain the current server <3> <net.tcp://FQDNofInternalServices:8011/MGC/PeerService>.

Event 53515 Server received error while subscribing to peer.


These errors show a failure on port 8011. But if you check the Lync 2010 and 2013 documentation, you will find all references of port 8011 missing. Even Skype for Business Port list does not show port 8011.

I thought I would provide the places where you can find documentation for these ports; on OCS 2007 and an article in Skype for Business 2015.

I found it in the SKYPE for business documentation below:

and for OCS;

There are other places to find reference to these ports, but If you need a quick reference to show an network team that this port needs to be open, feel free to link to this article.

TO the network folks: Yes please open port 8011 as the persistent chat Administration depends upon this port.


Thank you


Skype for Business Does not Use Bots or BOT Framework in 2016


What brought my attention to this subject was an memo from a coworker. It was just a run of the mill comment, and it really was the implied meaning I took away from it. I got the impression, that some of my friends were thinking that the BOTS were going to be available to them in SKYPE for Business (SFB). Comments are generally warm, with the reception of SFB, but one persons BOT comment was left un-answered, presumably because most SFB people are not privy to any information about these BOTS.

I will tell you, I didn’t reply. But my instincts wanted to tell them BOTS are not part of SFB. Honestly, I didn’t know for sure. Really, I don’t know what a Bot is! So, if not for posterity, let it be my own curiosity which let me to find out; What are we missing in SFBLAND, that is so exciting in the rest of the industry? As is turns out, I think we should be paying attention. Its not going to be long, before we are up to our necks in BOT support!

Below I really lay out a case for the inclusion of BOTS in SFB, but I would reach out to my colleagues to ask them, is there any reason why SFB is left out at this phase? Is there a big awesome change coming? Is there a secret project a foot? Is it Top Secret? No I am not a conspiracy theorist, so let me just leave that where it lay!


For the Skype for Business Users, if you had been ignoring BOT notifications in your email, let me catch you up! so much of this is going to be directly relevant to SFB at some point!

  • “BOTS” are Artificial Intelligence In Microsoft’s usage.
  • The closest I found to a definition was “conversation agents
  • Microsoft recently released a BOT framework, for Developers and programmers.
  • This Framework, includes a BOT connector service, with a goal of enabling communication with Disparate platforms such as LinkedIn,Facebook,Skype,Slack,stack and more. You get it?
  • Wand Labs Seems to have something to do with Bots. This company should be working with SFB for some Long term guidance, I would think. Why Else is SFB is not yet involved with BOTSVILLE?  
  • Cortana is supposed to be a BOT.
  • SFB is coming out for the mac! SKYPE is too, With Group Chat!
  • The above may not seem related, but I think it is! See the Skype Release is for Android, IOS and windows platforms. No one seems to be left out.
  • To underscore the point I made about group chat, that is what enabled the First Bot to work, and it works on SKYPE and it works with the MAC!
  • More then 20,000 Developers signed up for BOT Framework, and now there are more then 30,000 Signed up. Why? I think there is a synergy building here:

Microsoft has chosen to merge the Skype Bot Platform and the Microsoft Bot Framework

I would encourage you to read the papers I am placing into the links. I had to go through a lot of articles to get this trend about BOTS. It does look like a rather huge thing, looking into the future. I encourage you to tell me your thoughts on how this may play out.

Here is what was said on the MAC preview for SKYPE:

Skype Bots, a way to bring expertise, products, services and entertainment into daily messaging on Skype, are now available in preview on two additional platforms: Mac and on the Web.



Ok so now that I have detailed the exciting part, let me shut down the idea that SKYPE for Business is involved with any of this. See below from the MS blog site, confirming:

There is currently no story yet for Skype for Business. With the Microsoft Bot Framework you can build a bot that “channels” through multiple chat application like Skype, FB Messenger, KiK, Slack, Telegram etc. Skype for Business is not yet part of the available channels and no information is available when that will be available.

Some very promising statements have been made, and it looks like there is a concerted effort, by Microsoft, to initiate this BOT to work across the entire platform and the entire Industry:

“BOTS are a new way to bring expertise, products, services and entertainment into daily messaging on Skype”

“Skype bots can introduce both audio and video experiences, the company (Microsoft) said.

In fact, there has already been requests, at the Developer level, to bring BOTS on board with SFB. Below is the question asked at the BOT NET feedback web site:

Any plans for Skype for Business?
Bots offer a great opportunity to the enterprise users. I would be interested in private internal bots with Skype for Business available as a conversation channel.


So at this point, the only thing I have proved, in this article, is that SFB does not work with BOTS. When A customer calls to support, we can now tell them that Microsoft Skype for Business Does not have support for BOTS. 

Ill leave the conversation up to my readers. Do you think it will be long before SFB gets into the BOT world? The more important question is what is the hold up? Is there something else coming, that is a larger piece of the puzzle?

I hope this has raised your awareness about the BOTS and let you know we are likely going to be hit with BOT questions, until SFB finally joins the FOLD.

I do think that having SIRI on my Skype for Business Client is going to be just fine with me!!