Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Current »

Before Inspecting

Before starting the troubleshooting process, please make sure the following requirements are met:

  • Skype for Business Core components installed on the Admin Portal server

  • UCMA Installed on the Admin Portal server

  • the Trusted Application exists if running Get-CsTrustedApplication on the front end

  • A valid certificate has been assigned in the Skype for Business Deployment Wizard for the Admin Portal server.

  • When running Get-CsManagementStoreReplicationStatus, the Admin Portal server should appear as "True" (In case there's no replication after configuring the script, check if replication for the Admin Portal server is enabled in the topology, if running Enable-CsReplica on the Admin Portal server doesn't work, run Enable-CsReplica -Force)

  • Make sure to inspect the following articles from Microsoft in case you encounter issues with the Powershell script

Validate the deployment using the UCMA Utility

The Installation package comes with a UCMA testing utility under:

C:\agat\SpehereShield.Setup\Payload\Tools\UcmaUtility

It is required to shut down the Admin Portal and Maintenance Service while testing with the UCMA Utility

In the Utility enter the details relevant to the domain  and user and run fetch contacts:

Validating IM

Set the proper configuration and run Send IM.

It takes up to 10 seconds until the message is received

Validating Contact List integration

  1. Put a proper user SIP address with contacts under the option [User SIP]

  2. Click Fetch Contacts

  3. Verify you see in the output

    GetUserContactList <[user@domain.com]> found [number of contacts] contacts

Issues

Admin Portal can't initialize the UCMA with the error “Unable to find the SQL database: Cannot open database "xds" requested by the login. The login failed.” in the log

Issue

The Admin Portal can't access the Skype for Business database when initializing and throws the the following error in the log:

Unable to find the SQL database: Cannot open database "xds" requested by the login. The login failed

Cause

The user running the Admin Portal doesn't have enough permission due to not being part of the "RTC Component local group"

Fix

Add the user running the Admin Portal (by default is: iis apppool\accessportal) to "RTC Component local group" in the local computer group.

Admin Portal can't initialize the UCMA with the error “SkypeShield.Skype.Ucma.UcmaService - Failed initializing UCMA environment with trusted application id "skype.ale.local". Error: The operation failed due to issues with Tls. See the exception for more information. (CertificateInfoNative::AcquireCredentialsHandle() failed; HRESULT=-2146893043).” in the log

Issue

The Admin Portal can't access the Skype for Business database when initializing and throws the following error in the log:

SkypeShield.Skype.Ucma.UcmaService - Failed initializing UCMA environment with trusted application id "skype.ale.local". Error: The operation failed due to issues with Tls. 
See the exception for more information. (CertificateInfoNative::AcquireCredentialsHandle() failed; 
HRESULT=-2146893043).

Cause

The user running the Admin Portal's Skype application(by default is: iis apppool\accessportal) doesn't have enough permissions to access the Skype in due to not being part of the group "RTC Server Local Group"

Fix

Add the user running the Admin Portal (by default is: iis apppool\accessportal) to "RTC Server Local Group" in the local computer group.

Admin Portal can't initialize the UCMA with the error “SkypeShield.Skype.Ucma.UcmaService EXECUTING USER: NOT AVAILABLE - Failed initializing UCMA environment with trusted application id "as1.setup16.loc".  Error:Application with id(as1.setup16.loc) not found or a default port has not been configured for it” in the log

Issue

The Admin Portal can't access the Skype for Business database when initializing and throws the following error in the log:

SkypeShield.Skype.Ucma.UcmaService EXECUTING USER: NOT AVAILABLE - Failed initializing UCMA environment with trusted application id "as1.setup16.loc". Error:
Application with id(as1.setup16.loc) not found or a default port has not been configured for it

Cause

The Skypeshield Trusted Application name is typed wrong or not configured in the Admin Portal or does not exist in the topology

Fix

  1. Verify that the Application ID of the Trusted application exists in the topology by running the command at the Front-End server

    Get-CsTrustedApplication

    It  should return output like the following

    Note the name marked in green for the following step


  2. Make sure the details of the topology are correct in the Admin Portal configuration under [Settings] > [General]

The Admin Portal is able to communicate with the Skype for Business infrastructure but the Maintenance Service unable to pull users

Issue

The UCMA is able to initialize properly and send impersonated messages but always pull 0 contacts of the user

Checking using the UCMA Utility

  1. Check Fetch contact using the instruction for using UCMA Utility

  2. On the output, you should find a record like the following line:

GetUserContactList <[user@domain.com]> found 0 contacts


Checking in the logs

Deployment without SIP Filter on the Front-End

The logs will be found on the server hosting the Admin Portal either on the IIS folder in

C:\inetpub\AccessPortal\Logs\EW\

or in the Maintenance Service

C:\Agat\Logs\MaintenanceService\EW


Deployment with SIP Filter on the Front-End

The logs can be found by  default in the Front-End server under the folder or the folders mentioned above

C:\agat\logs\Skypeshieldsipfilter\EW"

Cause

Unified Contact Store must be disabled on the Skype for Business Frontend pool in order for Contact List based policies to work

Fix

This can be checked by validating the output of the following command is set to "False"

$(Get-CsUserServicesPolicy -Identity global).UcsAllowed

Run the following command in case the Unified Contact Store is enabled(i.e. the result of the previous command is set to true)

Set-CsUserServicesPolicy -Identity global -UcsAllowed $False
Invoke-CsUcsRollback -Identity "User"


More information regarding the Unified Contact List can be found in the following documentation from Microsoft

See Also

  • No labels