Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel2

Before

...

Inspecting

Before starting the troubleshooting process, please make sure the following requirements are met:

  • Skype for Business Core components installed on the Access Admin Portal server

  • UCMA Installed on the Access Admin Portal server

  • the Trusted Application exists if running Get-CsTrustedApplication on the front end

  • A valid certificate has been assigned in the Skype for Business Deployment Wizard for the Access Admin Portal server.

  • When running Get-CsManagementStoreReplicationStatus, the Access Admin Portal server should appear as "True" (In case there's no replication after configuring the script, check if replication for the Access Admin Portal server is enabled in the topology, if running Enable-CsReplica on the Access Admin Portal server doesn't work, run Enable-CsReplica -Force)

  • Make sure to inspect the following articles from Microsft Microsoft in case you encounter issues with the Powershell script

Validate the deployment using the UCMA Utility

The Installation package is coming comes with a UCMA testing utility by default under:

Code Block
C:\agat\SpehereShield.Setup\Payload\Tools\UcmaUtility
Info

It is required to shut down the Access Admin Portal and Maintenace Maintenance Service while testing with the UCMA Utility

In the Utility enter the details relevant to the domain  and user and run fetch contacts:

...

Validating IM

Set the proper configuration and run Send IM.

Info

It takes up to 10 seconds until the message is received

Validating Contact List integration

  1. Put a proper user SIP address with contacts under the option [User SIP]

...

  1. Click Fetch Contacts

  2. Verify you see in the output

    Code Block
    GetUserContactList <[user@domain.com]> found [number of contacts] contacts

Issues

Admin Portal can't initialize the UCMA with the error “Unable to find the SQL database: Cannot open database "xds" requested by the login. The login failed.” in the log

Issue

The Access Admin Portal can't access the Skype for Bussiness Business database when initializing and throw throws the the following error in the log:

Code Block
Unable to find the SQL database: Cannot open database "xds" requested by the login. The login failed

Cause

The user running the Access Admin Portal doesn't have enough permission due to not being part of the "RTC Component local group"

Fix

Add the user running the Access Admin Portal (by default is: iis apppool\accessportal) to "RTC Component local group" in the local computer group.

...

Admin Portal can't initialize the UCMA with the error “SkypeShield.Skype.Ucma.UcmaService - Failed initializing UCMA environment with trusted application id "skype.ale.local". Error: The operation failed due to issues with Tls. See the exception for more information. (CertificateInfoNative::AcquireCredentialsHandle() failed; HRESULT=-2146893043).” in the log

Issue

The Access Admin Portal can't access the Skype for Bussiness Business database when initializing and throw throws the following error in the log:

Code Block
SkypeShield.Skype.Ucma.UcmaService - Failed initializing UCMA environment with trusted application id "skype.ale.local". Error: The operation failed due to issues with Tls. 
See the exception for more information. (CertificateInfoNative::AcquireCredentialsHandle() failed; 
HRESULT=-2146893043).

Cause

The User user running the Access Admin Portal's Skype application(by default is: iis apppool\accessportal) doesn't have enough permissions to access the Skype in due to not being part of the group "RTC Server Local Group"

Fix

Add the user running the Access Admin Portal (by default is: iis apppool\accessportal) to "RTC Server Local Group" in the local computer group.

...

Admin Portal can't initialize the UCMA with the error “SkypeShield.Skype.Ucma.UcmaService EXECUTING USER: NOT AVAILABLE - Failed initializing UCMA environment with trusted application id "as1.setup16.loc".  Error:Application with id(as1.setup16.loc) not found or a default port has not been configured for it” in the log

Issue

The Access Admin Portal can't access the Skype for Bussiness Business database when initializing and throw throws the following error in the log:

Code Block
SkypeShield.Skype.Ucma.UcmaService EXECUTING USER: NOT AVAILABLE - Failed initializing UCMA environment with trusted application id "as1.setup16.loc". Error:
Application with id(as1.setup16.loc) not found or a default port has not been configured for it

Cause

The Skypeshield Trusted Application name is typed wrong or not configured in the Access Admin Portal or does not existing exist in the topology

Fix

  1. Verify that the Application ID

...

  1. of the Trusted application

...

  1. exists in the topology by running the command at the Front-End server

    Code Block
    Get-CsTrustedApplication

    It  should return output like the following

    Note the name marked in green for the following step


  2. Make sure the details of the topology are correct in the

...

  1. Admin Portal configuration under [Settings] > [General]

...

The

...

Admin Portal is able to communicate with the Skype for

...

Business infrastructure but the

...

Maintenance Service unable to pull users

Issue

The UCMA is able to initialize properly and send impersonated messages but always pull 0 contacts of the user

Checking using the UCMA Utility

  1. Check Fetch contact using the instruction for using UCMA Utility

  2. On the output, you should find a record like the following line:

Code Block
GetUserContactList <[user@domain.com]> found 0 contacts


Checking in the logs

Deployment without SIP

...

Filter on the Front-End

The logs will be found In on the server hosting the Access Admin Portal either on the IIS folder in

Code Block
C:\inetpub\AccessPortal\Logs\EW\

or in the Maintenance Service

Code Block
C:\Agat\Logs\MaintenanceService\EW


Deployment with SIP

...

Filter on the Front-End

The logs can be found by  default in the Front-End server under the folder or the folders mentioned above

Code Block
C:\agat\logs\Skypeshieldsipfilter\EW"

Cause

Unified Contact Store must be disabled on the Skype for Bussines Business Frontend pool in order for Contact List based policies to work

Fix

This can be checked by validating the output of the following command is set to "False"

Code Block
$(Get-CsUserServicesPolicy -Identity global).UcsAllowed

Run the following command in case the Unified Contact Store is enabled(i.e. the result of the previous command is set to true)

Code Block
Set-CsUserServicesPolicy -Identity global -UcsAllowed $False
Invoke-CsUcsRollback -Identity "User"

More information regarding the Unified Contact List can be found in the following documentation from Microsoft

Issue

When calling an internal SFB user from a mobile phone - the caller can’t hear anything for 20 seconds. After 20 seconds it reaches the voicemail

Cause

It is possible that port 11113 between Front End server and Maintenance Service server is not open. This port needs to be open due to the trusted application registered for the Maintenance Service

See Also