About Me

My photo
TsooRad is a blog for John Weber. John is a Skype for Business MVP (2015-2018) - before that, a Lync Server MVP (2010-2014). My day job is titled "Technical Lead, MS UC" - I work with an awesome group of people at CDW, LLC. I’ve been at this gig in one fashion or another since 1988 - starting with desktops (remember Z-248’s?) and now I am in Portland, Oregon. I focus on collaboration and infrastructure. This means Exchange of all flavors, Skype, LCS/OCS/Lync, Windows, business process, and learning new stuff. I have a variety of interests - some of which may rear their ugly head in this forum. I have a variety of certifications dating back to Novell CNE and working up through the Microsoft MCP stack to MCITP multiple times. FWIW, I am on my third career - ex-USMC, retired US Army. I have a fancy MBA. One of these days, I intend to start teaching. The opinions expressed on this blog are mine and mine alone.

2017/10/12

Coaching


Have you ever considered getting some help with professional development? Have you ever had someone, a co-worker perhaps, or a friend or family member ask for help with life? You got kids?

Each of these is a coaching relationship. I gave this subject some thought over the last few weeks. Both of my brain cells hurt. My spare brain cell was in sympathy pain. But in the end, I managed to separate mentor from coach.

A mentor gives general advice/guidance; a coach is focused on one or two specific items that need a change/improvement. For a more concise explanation, see this and this; followed by this and this.

If you walk away from that light reading with a puzzled look on your face, join the crowd. When I started down this path, I thought I had a good handle on the difference, the similarity, and the relative importance of each.

Now I see the need for constant re-construction of my viewpoints on each, and how mentoring is sort of the roof over many different coaching points. One of the critical pieces I consumed was a little video by Robert S. Kaplan. 

Robert S. Kaplan is somewhat successful, and even if you don’t agree with his success, his words about coaching really hit home for me. Specifically, he states that that it is 100% the responsibility of the junior to get coaching. He then follows that up with the statement that it is 100% the responsibility of the senior to provide or perform the coaching that the juniors need. The individual is completely accountable for knowing their own strengths and weaknesses, and then to go get the coaching needed. The senior person is 100% accountable for knowing the juniors’ strengths and weaknesses and providing the coaching.

This 100% thing creates a coaching environment. Your job is not to sit and wait for it, it is your job to go out and get it.

I see how that applies from the Cxx level down to the ACE level. And when you look at it from that perspective, it makes the entire process very palatable. I know that I can surely use some coaching in an area or two. I try to help my team as I note issues. I sure hope they look to me or someone else for coaching.

Kaplan continues on by saying that coaching should be focused on one or two things the coachee can improve on over a set period of time. Coaching requires the coach to KNOW the coachee, or go discover the coachee by interviewing all the other co-workers. But either way, the coaching needs to be about specific skills or attributes that can be improved or accomplished over a set amount of time. Sounds just like a S.M.A.R.T goal, yes?

So, to sum this all up… Are you getting the coaching you deserve? Are you providing the coaching others deserve? Do you ask for help? Do others ask you to help? We are all in this together, and we can either fail together, or we can succeed together. I like the succeed option.

2017/10/06

15 Questions for Leaders to Ask


I got this from here:

https://www.forbes.com/sites/forbescoachescouncil/2017/10/03/15-questions-to-ask-as-part-of-your-own-leadership-audit/#4903bbdc6255

I think this is some good stuff.

1. When Did I Last Look In The Mirror?

As leaders, let's encourage a culture of accountability, creativity and innovation by continually looking in the mirror to develop solutions for moving forward, particularly if something didn't go as planned. Rather than blaming or pointing fingers, we should reflect on how we'd like to be treated, roll up our sleeves, anticipate risks and leap forward to help. - Joanne Markow, GreenMason

2. Where Are My Blind Spots?

It's no surprise that leaders are extraordinarily talented and experienced professionals in their respective fields. Even still, no leader can attest to knowing everything. Everyone has blind spots and knowledge gaps, and when discovered, they must be addressed. No matter their achievements or the laundry list of recent wins, leaders should be eager to uncover their weak areas and improve them. - Karima Mariama-Arthur, Esq., WordSmithRapport

3. Am I Being The Change I Want To See?

The famous quote by Gandhi, "Be the change that you wish to see in the world," is very applicable for leaders. This first requires clarity on the impact you want to have as a leader, then ensures your actions and words role model that impact. If you are not successfully doing what you ask of others, you can't expect them to follow with enthusiasm. - Bonnie Davis, Destination Up

4. What Are My Reactive Triggers?

We all have reactive triggers. Knowing your reactive tendencies will allow you to shift to using these strengths in a creative and strategic way. Not asking this question keeps you reacting to day-to-day fires and situations and will dig a bigger and bigger hole. To step into strategic leadership, you must continually raise your personal awareness of how you react. Do you protect, comply or control? - Jenn Lofgren, Incito Executive & Leadership Development

5. Who Do I Need To Get Feedback From?

The question leaders need to ask is not to themselves, but to every single person who works for them. The best leaders are those who have developed relationships where the answers they get are genuine and honest. "What am I doing well, and what's in the way of my being the best possible leader I can be?" Getting feedback from others is far more important than any question you ask yourself. - David Butlein, Ph.D., BLUECASE Strategic Partners

6. What Don't I Know That I Need To Know?

And who from my team can fill in the gap? This is a great way to grow people around you, as you're paying attention to the fact that everyone knows something you don't. It shows respect for their knowledge, gives you a sense of how they think and can support you, and how you can help them grow, as well. - Donna Karlin, No Ceiling, Just Sky™ Institute

7. How Well Do I Listen And Connect With Others?

As a leader, do you really listen to others? How do you know and how do you demonstrate that you really heard the other person? When we actively listen to another person, trust develops, the other person feels valued and important, and miscommunication, misunderstandings, and misinterpretations decrease. Listening slows down the conversation where each individual feels more connected. - Melinda Fouts, Ph.D., Success Starts With You

8. Have I Made An Impact?

As part of a leadership audit, one must ask oneself if they are making an impact in the people they are leading. Yes, you may start out with a goal or mission, but ultimately a check-in is required to see if your approach needs to be adjusted based on your impact, to support your initiatives or lack thereof. - Niya Allen-Vatel, Resume Newbie

9. Am I Focused On My No. 1 Goal?

The key to leadership is to motivate others and oneself to doggedly pursue a specific goal. Often, in the heat of putting out fires and working on the business, instead of in the business, the pursuit of the primary goal (whether revenue, getting top talent, building a great product, etc.) gets pushed to the side. A "leadership audit" should recalibrate whether the pursuit is on track. - Yuri Kruman, Master The Talk Consulting

10. Am I Growing As A Leader?

We often reach a point in our leadership journey where we feel that we have found a groove and don't step outside our comfort zone. Instead, audit your leadership knowledge, management skills, strategy and innovation. Ask for on-the-spot feedback and conduct a 360-degree assessment with your team. By continuously expanding, you drive your own performance and engagement, and that of your team's. - Loren Margolis, Training & Leadership Success LLC

11. Is My Ax Sharpened?

The saying "sharpen your ax" comes from the parable of a woodcutter who chopped less wood because his ax was dull. Leaders get dull too. Without continuous learning and professional development, leaders can become less effective. So, while cultivating others, don't forget to sharpen your own ax. You'll then work smarter and not harder. Great leaders take the time to invest in themselves. - Tamiko Cuellar, Pursue Your Purpose LLC

12. How Do Unconscious Biases Impact My Decisions?

Unconscious bias affects decisions. We’ve developed many kinds of biases to help us navigate the world with a minimum effort, but they can also hinder someone from considering different options when making decisions. Leaders should learn to accept that we are all biased before we can begin to take positive action to identify them and to mitigate bias with specific strategies. - Maria Pastore, Maria Pastore Coaching

13. What Do I Get Paid To Do?

That's the question I find many leaders are stumped by, or the answer they provide is a template response. What are you paid to do? Generate revenue, build products, engineer solutions? Nope. You get paid to be a leader. What that genuinely means varies notably based on the leader and organization. True clarity on what being a leader is remains one puzzle piece I find many people struggle to find. - Leila Bulling Towne, The Bulling Towne Group, LLC

14. What Fears Am I Not Facing?

Each leader has their own set of fears. Each context brings new permutations for activating those fears. Seasoning can often mean developing skills to work around fears rather than facing them directly. A leadership audit that includes surfacing fears, along with how and when they manifest, is the first step to diminishing their hold. The second is holding yourself accountable to new behaviors. - Maureen Cunningham, Up Until Now Inc.

15. Am I Pushing Or Pulling?

Leaders often share their vision and then tell their reports how to execute. These leaders are "pushing information" out and expecting folks to "snap to it." Evolved leaders work to pull information from their teams. When individuals are asked what their greatest aspirations are, not only does the goal become more compelling, but the team is all in, as they helped to create the vision. - Deborah Goldstein, DRIVEN Professionals


YMMV

AC firmware v3.0.1.x BToE button greyed out

Scenario

BToE is pretty nice.  But let’s face it.  Not always easy to work with.  Especially when a service provider insists that a buried setting be configured so as to disable the manual concepts and default to automatic.

So, let’s figure out how to get an AudioCodes 450HD with the latest firmware (3.0.1.9.367) to play BToE with us like WE want, not how somebody else wants. 

OOBE for a phone that is going to be qualified for SfBO is with the BToE pairing forced to “automatic.”  This results in the button being greyed out when you go to MENU on the phone.  In this mode, BToE pass-though mode works just fine.  Web login to SfBO works as expected.

But what if you want to do something like, pair a wireless laptop with the handset device always CAT5 so you can just grab the laptop and go?  Like a laptop is designed to work? 

The Fix

What we need to do is light up the BToE button so we can get a pairing code (essentially a representation of the device IP).  Not exactly easy to find for those who don’t typically read 200+ pages of setup. Like me.

Hmmm… (page 113 of LTRT-14820 450HD IP Phone for Microsoft Skype for Business User’s manual ver.3.0.1.pdf) says

clip_image002

Going to the admin manual…. ( page 157 of LTRT-09943 400HD Series IP Phone for Microsoft Skype for Business Administrator's Manual Ver. 3.0.1)

clip_image004

And that does work to enable the BToE button.

The cfg file is available here – there is the semi-standard “download the file, modify the file with text editor, upload the file to phone routine.”

image

Here is how the phone cfg file looks by default…

image

And here is how it needs to look.  After uploading the cfg file, the phone will restart and you can then manually pair.  Remember that the manual pair code is case sensitive.

image

SfBO policy

Make sure that your Office 365 admins, if that role is not you, changes your online policy for ip phones to enable BToE, and further more to not change the pairing setting.  For more information see this.

https://webcache.googleusercontent.com/search?q=cache:hYptjYU9T9AJ:https://technet.microsoft.com/en-us/library/mt629497.aspx+&cd=1&hl=en&ct=clnk&gl=us

clip_image002[7]

Summary

BToE button greyed out, but automatic pass-through BToE works.  You want control of that button so manual pairing is possible for wireless connections.  Modification of the cfg file is required.

As always,


YMMV

2017/10/05

Restricted Office 365 OWA–Skype on-premises Integration

Scenario

Office 365 tenant established.  Exchange Online (EOL) for the user mailbox.  Skype for Business on-premises for IM/P.  Users are mixed – some have full Office suite, others are just a browser.  Security is tight.  No federation is desired or allowed with partners, vendors, spammers, or public (consumer) Skype. In addition, the requirement also stipulates that no authorized user can use the system remotely without going through a VPN. 

This last requirement means that remote users via the Edge server must be disallowed – but….won’t the Office 365 users be remote?  Great question.  We will cover that down below.

Because of the user software mix, we need the pure browser user to have OWA (EOL) integrate with the SfB on-premises.  Not the most attractive (visually and functionally) solution from the user perspective, but it does work.  Specifically, the function requirement was for OWA users to have presence information and be able to IM.

This article will not attempt to show the end user how to muddle through using SfB with EOL OWA.  The focus is just providing the service.

So, here is a visual of what we want… presence going both directions between the on-premises SfB users, and at least one of the users is using EOL OWA.

OWA User

clip_image002

On-premises user

image

How to

Obviously, we need an on-premise pool of some sort, and an edge server.  And then get your hybrid working.  In this case, the tenant (and the EOL work) was up and running before the SfB project started, so all we had to do was make sure that the Azure AD Connect was done right. 

  Danger Will Robinson!  

Because the AAD Connect was done prior to to SfB schema extension, the AAD connect will need to be FORCED to reread schema and synchronize.  You can read about this in a somewhat related post here. 

Moving on…

Having taken care of the obvious install and configuration items, the next thing is to establish hybrid posture.  If you have not already done so, you can read up on it here, here, and here.  Pay particular attention to this last reference.  Failure to do this will result in a no-go..  If you want all the fancy-schmancy integration, then you will need to do this here also. 

Now that you have all that done, we are done.  Right?

Well, no.  Remember that we needed to have no federation with anyone other than an Office 365 user, and no remote user access?  That seems to be a bit conflicting, yes?  But no.  A remote user is someone using a full client.  A bit of testing showed that Office 365 connecting to the on-premises SfB was a federation user not a remote user.

As a final bit of constraint, we did not want to be changing the external firewall.  So what to do?  Maybe we need to do a little something with Edge configuration and policy, eh?

Here is our Access Edge Configuration:

image

From the top down, we need to federate – Office 365 is a federation.  Per security requirement, no partner domain discovery, which closes out contacting anyone other than our own domain.  No need to send an archiving disclaimer to people we cannot talk to.  Per security, no remote user access.  Lastly, no outside access to web conferencing, so no need for those pesky anonymous attendees.  Just to confirm your deepest doubts, here is the SIP Federated Domains list:

image

Here is the External Access Policy:

image

Again, from the top, and note that we only have one thing checked…federated users is the requirement.  Nothing else needed… XMPP is pretty much dead nowadays anyhow; no remote users, ergo, no need for that, and without public user federation, no need for that either.

Conclusion

We had a set of requirements:  OWA integration between EOL and on-premises SfB.  Security concerns were that no other domains be contacted, and none of our domain users can be remote.  EOL users were not using Outlook, just OWA and we needed presence and IM.  We did not do the full OAuth as those features were not part of the specification.

YMMV

2017/10/04

AudioCodes Updated 4xx firmware

Audiocodes has released an updated 3.0.1 version for all 400HD models. Comparing to the 3.0.1 GA, this version includes mainly bug fixes. Please refer to the new release notes document to see the list of fixes. For customers that still did not move to 3.0.1 GA and plan to move to 3.0.1, it is recommended to use this version (instead the 3.0.1 GA).

Version name:

  • UC405HD_3.0.1.276.img
  • UC420HD_3.0.1.276.img
  • UC430HD_3.0.1.276.img
  • UC440HD_3.0.1.276.img
  • UC450HD_3.0.1.89.367.img

According to my source, these new firmwares are anticipated to be posted to the AudioCodes website (www.audiocodes.com) sometime early next week.  In the meantime, my phones (420, 440, 450) seem to get along right well with the new code.

As an interesting side note…my web login/BToE combination now works as expected.  Previously this was not working, and I know our corporate IT recently changed the Office 365 BToE status, and it could have been the firmware.  If you are having issues, maybe this firmware will help you.

I have a zip file with updated documentation and firmware files here.

YMMV

2017/09/12

What Vacation Taught me


I took vacation this year; a formal thing with travel, schedule coordination, planned activities, and days full of interacting with others. Sounds pretty much like work, with the minor exception that this was all family-focused, with my SO being the only arbiter of success. The other differences were the realization that HughesNet has some serious speed constraints, and that I had to stand in just the right spot in the driveway or there was no cell service.

I thought that Virginia on the main corridor between the state capital and the population center on the coast would have had at least nominal cell coverage. But no. Minimal access to internet and cell service. Both restrictions were perfect for me as the whole point to a vacation is to change pace, viewpoint, and take the load off, right?

Too bad for me that my ki does not work that way.

What happened is that my spare brain cell kicked in and started doing the random thought comparison thing. If this has not happened to you before, it is very annoying. In this case, I was watching some sci-fi show about time and travel, another show about fighting the bad guys before they got bad and not getting the task done as promised (hence the protagonist being railed on by his boss). Yes, I was flipping channels.

The random thought comparison thing comes in when all that gets contrasted with my real life. Note that I did not ask for this to occur, it just does. My SO is used to me going blank and starting to drool; coworkers know to stay away. My children just run.

So here are the world-shaking insights that banged into me in those exacerbating moments. Time, fight the fight that needs fighting, under promise and over deliver, “what is the other guys’ perspective”, and my personal need to re-focus.

Time: it is the one thing the we all possess, and once spent, we cannot get back. How are you spending your allotment?

Not every fight needs fighting. Determine which is which. Live with one, pursue the other. I will let you decide which path to take with which fight. Picking which fight to fight is sometimes more about which weapon to choose.

I find an approach to the recalcitrant project counterpart is to leverage some of my limited consulting skills and make my counterpart think that all of what I want is because he/she thought of it. Mostly you can do that with the “help me understand…” sentence preface where you get them talking. A few suggestions along the way and their explanation of their perspective will start aligning with the answer you need them to give. It works, it really does.

How many times have you had someone say “just a sec”? That is an extreme case of over promising, because we all know that waiter is not getting back to our table in “just a sec.” Expectation setting is crucial to positive outcomes. If you layout what you will be able to do, and then exceed that, everyone is happy. If you do the layout and cannot deliver the minimums, everyone is not happy. Very simple. So simple it appears to be in the same vein as “common sense.”

Finally, the re-focus thing cropped up again. How I spend my time, what goals are important enough to survive the latest round of life objective updates, and what am I doing about those goals and objectives needed some introspection.

Goals and objectives simply need to be refreshed on a regular basis. We have our personal goals, our professional goals, and the goals our manager says we have. Review, re-prioritize, shuffle, juggle, change, delete, and add objectives to achieve your goal. If you don’t pay attention to this process, the process will do it for you, and probably not in the way you want. You must do it. Or it will do you.

Just so you know, Stargate (the movie) is a lot deeper than the genre might suggest, and NCIS: Los Angeles has a few spare angles as well.

2017/09/06

AudioCodes X-UM

By now, I hope you already know that as of July 2018, Office 365 will no longer work with SBC connections linking your off-brand PBX to Exchange Online UM services (read voice mail).  For an actual read of the announcement, see this.

Here are the solutions offered by Microsoft:

  • Option 1: Complete migration from 3rd party on-premises PBX to Office 365 Cloud PBX.
  • Option 2: Complete migration from 3rd party on-premises PBX to Skype for Business Server Enterprise Voice on-premises.
  • Option 3: For customers with a mixed deployment of 3rd party PBX and Skype for Business, connect the PBX to Skype for Business Server using a connector from a Microsoft partner, and continue using Exchange Online UM through that connector. For example, TE-SYSTEMS’ anynode UM connector can be used for that purpose. (sic)
  • Option 4: For customers with no Skype for Business Server deployment or for whom the solutions above are not appropriate, implement a 3rd party voicemail system.

Personally, I would change Option 1 and Option 2.  Especially if you have any combination of complexity, multiple locations, and user count.  Couple that risk scale item with sheer lack of calendar, and I think it would be easier to get on-premises fired up and connected.  And, IMHO, doing 2 would make getting to 1 easier with a better user experience.

Option 4 is not really an option is it?  Everyone should want, need, and implement SfB.  Life is better with SfB.  Trust me.

About this time, the alert reader will notice that I skipped Option 3.  That’s because those nice folks at AudioCodes have somewhat solidified their plans for stepping into the breach.  How nice of them! 

AudioCodes has put together a very nice, comprehensive, suite of solutions based on their outstanding hardware and CCE experience. 

image

As the X-UM solution set, there are three of them:

image

Here is a bit different look at it…being a visual kinda guy, this is the view that helped me the most:

image

And then we have these further details for each scenario:

image

image

Microsoft licensing for the X-UM solution you choose is not covered, which makes sense, there are too many variations.  Here is the official blurb:

 image

How about some architecture oulines?  I like pictures that show me things.  Here is the X-UM Standard and Lite.  Note that the “Lite” version relies on existing on-premises SfB resources.

image

image

Now, based on my current project, I know that there is going to be someone out there in reader-land who needs a visual of the call flows.  I know I do.

image

image

Summary

About now you are most likely wondering which of these will work for you. AudioCodes X-UM is based on proven hardware and proven solution approaches (CloudBond, CCE). If your environment is more complex, needs that existing PBX to coexist with Office 365 for your VoiceMail needs, then choose the flavor that answers your needs.  AudioCodes has you covered for any of the option 3 scenarios and could possibly help you (in the Lite version) with Option 1 and 2 also.

I know that somewhere above 75% of my customers all have some sort of “mixed deployment” usually due to call centers, business process, and culture.  Notice that none of those are easily changed before July 2018.  Ergo, we need to do something else in the short time we have available.  I submit that AudioCodes X-UM might well be that something.


As always, YMMV


2017/07/28

SfB Default AD Containers

Scenario

You know how those tin-foil-hat types are…

image

If it can be changed to “enhance” security, then by golly!  Let’s do it!  The problem, of course, is the rule of unintended consequences.  You know, what happens to something else because of action A, that is totally unplanned, and no one knows about it.

And, while I am mentioning it… have you ever noticed that the same team YOU have to run everything through for approval never asks your team if it is OK if they make a change?  They just do it?  Odd how that works out, eh?

Adelante.

The Oops!

It turns out that about 6 weeks ago, the aforementioned team instituted a change to the default AD containers.  To whit, they changed the default computer container to be something other than the OOBE.

Turns out that breaks SfB big time.  As in no more publishing the topology.  A Get-CsAdDomain fails.  But that is the clue to the fix.

The Fix

Simply run the SfB Domain prep again.


YMMV

2017/07/19

Technical Consulting

Something went through both of my brain cells today. And to keep a long story short, it centers on your approach to the question – whatever the question might be at the moment. But, let’s confine the definition to work, where we spend a goodly portion of our life, and how we would like that portion of life to be as good as possible.

I was listening to a hotshot answer what I narcissistically thought was a great question when the light bulb lit. His answer was not only covering the technical aspects that I needed to hear that he knew, but he was (quite cleverly) also feeding in the business angle aspects to the answer formula. In essence, he was answering my follow-on questions of “what is the business reason for taking this action and does this action resolve the situation with the minimum staff adjustments in terms of time and skill set and did you cover the hidden costs as well as storage, cpu, ram, racks, et cetera.”

In short, he was doing really well answering my question. And I know he was the same in front of the customer. Everyone needs to have this guy on the team.

At any rate, the light bulb lit up on the concept of technical v consulting answers. Mr. Hotshot could have stuck with the pure techno-babble, with lots of numbers, specifications, descriptions of how to do it, and all of that fun stuff. Surely, there is great value in having someone know exactly how to do whatever it might be right off the top of his or her head. I wish I could do that sometimes. I usually revert to being able to point them right at some reference work. Works for me. And reserves my spare brain cell for other things.

Details are critical to our success. Mr. Hotshot was clearly in the right spot – he can bang out the details like no-one’s business. And he knows what he does not know. And he knows how to defer the question to an issue parking lot for follow-up. Perfect.

Mr. Hotshot could also have just gone the technical route and ignored the consulting aspects until asked. All the logistics questions and staff and culture type stuff could have waited. There is some tremendous value in knowing all of that stuff even if at first glance it does appear to out of scope for our project. After all, “how is lunch served around here?” is an important project scheduling point.

But more to the point, what about using those consulting skills to identify architectural detail about the environment, impact to the project (and affecting the defining business goals/requirements) and perhaps dredge up more business? Gees. That sounds awful salesy huh? How about the idea that the design might need to change in mid-project? There is a benefit to having your very own in-house consultant, eh?

We have two approaches to doing what we do. You can be deep technical. You can dive in deep. I know a guy that you can call at almost any hour and pose some bizarre Active Directory or Registry question. Just be prepared to scribble fast because there is no way you will remember the details the forthcoming answer will encompass – but it is going to answer your issue. He knows some serious technical depth stuff.

But you can go too deep and lose your audience. What we do must be tailored to the audience. If a business decision maker is in the room, then you better be including that person in your audience profile. The technical team can wait a bit while you fill in their boss with the business details stuff and make his staff look like they were all over it from the beginning.

In our work, I see a real-life need for a consultant who can get into the technical errata, be able to walk and talk at the same time, and discuss business to the extent of your understanding; all of that without getting into even minor prevarication or truth stretching.

And here is our intrepid Mr. Hotshot fieldling my question tree with answers that meld the technical with the consulting. “Choices made for these reasons which tie to this technical answer and so on to this business requirement.” Or “we discussed the need for expanded storage” and “I expressed my concern that the network might not support the technical solution.” I know he gave those same answers to the customer and guess who was in the room? The customer’s CIO. And Mr. Hotshot is giving me answers like that. The conclusion should be obvious.

We have more work coming from that customer. That makes your work life better.

YMMV

2017/07/06

Elevator Pitches


There I was eating dinner. A popular activity in my house. This evening was more involved as my wife had a friend in from out of town; this results in the whole event being more structured than the normal goat rope that passes for a meal. Ribs. Check. Mac n Cheese (homemade you clowns, not that box stuff). Check. Corn on the cob. Check.

Sit down, make some small talk while dishing stuff up. Our guest had a strap-hanger so I am trying to be nice (Yes, me, being nice. And no Matilda, hell did not freeze over). Eventually you get past weather, drive times, fashion, weather (again), and food; the conversation needs to address larger items in life like “…and what do you do?”

When that question comes up, and it ALWAYS does, are you prepared? Actually, there are several levels to this question. The first is the concept of “initial impressions” which unfortunately for some of us makes and breaks things. Sometimes there is simply no getting over that first impression. My econ prof used to say “corporate America does not hire Beavis and Butthead” – and while I think that needs to be modified for portions of the west coast, that statement is mostly true. I encourage reflection on how you present yourself and how that presentation might be affecting your life. OK, back to dinner.

Remember that we are chowing down on some good eats, generally having a great time. Do you really know who is who in your initial circle, and possibly the next few layers out? Do you understand the concept of six degrees of separation (and here also)? I will wait right here for you to read up on that.

We are at the moment of truth; out comes The Question. Communications Engineer says I. I get the expected response which is “what is that” and I get to give my little spiel about helping companies envision, design, architect, and implement collaboration solutions [Note: not a word about Microsoft or Cisco, or whoever at this point]. This gets me several questions about the difference between design and architecture; how long have you been doing this, et cetera. Around this point in time I start wondering whether or not this person is simply bright, engaging, and well-rounded, or is simply great at small talk.

Or it could be the OTHER ANSWER. In MY house and at MY dinner table. I will wait while you go back and re-read the six degrees thing up there.

Now it is MY turn to ask The Question. Oh my. It was the OTHER ANSWER. Sitting at my table was the executive admin to a notable international private investment firm. Oh man. I sure hope I did not do anything. This person has the private ear of the entire executive staff – you know, those folks who make business decisions. For like 16 years. Clearly this person swings a big bat. What I did and said might well result in either a welcome reception or locked doors for our sales team.

Let’s review the bidding. Initial impressions count more than you think. Maybe not fair, but it is what it is. You need to have an “elevator pitch” prepared (and practiced!). You need to be thinking through follow-on questions. You may need several versions to cover various life situations. I have the social version and the 9-5 version. You can guess as to which one I used at dinner.

Everything we do counts. We are all in sales at one point in time or another. Everyone we meet and communicate with (any medium) forms an opinion about you, your work, family, and overall value. Bottom line? Be prepared. I learned long ago (1975) that you are always on, and that you can never tell when you might need to turn it up a notch.

YMMV

2017/06/28

Vision and Happiness


There I was, having a nice talk with my previous manager about life in general.  At one point the conversation hit on back when the branch first opened and our culture and how happy I was when I moved into the branch.  I cannot remember why the next comment came out, but here it is: “I already knew your vision.”

What is that?  And why is that tied to Happiness?


Uhm… Vision, as in Mission & Vision Statement 101?  Yes, that’s the one.  As in “describe your future state in five years.  Where will you be doing what you do?” That sort of vision.  You have some personal version of that, everyone does; or at least I hope they do.  How close you come to that vision is pretty much how happy you are.

On top of that, there is also a persona that is presented in your workplace.  In fact, I am pretty sure that there are some people with personas that are tailored to the social or work occasion.  Woot!  Not me, thanks, I am trying to have only one vision.

Moving forward, I think I see where having personal and professional visions that match pretty closely could be an important factor in “how happy am I?” answers. Don’t you like it better when things line up neatly? On a business angle, your general happiness in terms of workplace/profession satisfaction will therefore occur when the company vision and execution of that vision come closest to your personal vision.

How well does your personal vision line up with your work?  How does that equate to happy for you?  It might be that your vision and your execution of that vision serve as a change agent for the good in your culture.   Is your vision causing parts of your life to be unhappy?  Could it be that the mismatch between personal and work is too large?

There is a solid connection between employee satisfaction/happiness and ability to deliver to their customer.  And create happy customers.  Which comment to other people they know.  Which generates the highest ROI of any sales/marketing plan ever.  I will wait right here for you to finish reading.

  

Well, that’s nice, but what about your vision?


So, great question – and here it is – both personal and professional.  I think the professional vision is an outshoot of the personal.

“I want my customer so happy they talk about us on the golf course”

And I will close with this L.P. Jacks quotation that I like:

“A master in the art of living draws no sharp distinction between his work and his play; his labor and his leisure; his mind and his body; his education and his recreation. He hardly knows which is which. He simply pursues his vision of excellence through whatever he is doing, and leaves others to determine whether he is working or playing. To himself, he always appears to be doing both.”

2017/05/31

SQL Change Ports

The Port Change Issue

On a project where the SQL team has a policy of changing the SQL port away from the default of 1433? 

This does not pose a huge problem for your intrepid Skype (or Lync) deployment engineer.  If you are needing to know what to do, and maybe you have, oh, 30 or so front ends to modify, then maybe I can help you out a tad.

The issue is modifying the registry to tell your host server where to go to access the requisite port on the target SQL server.  As it turns out, I had to remember this, as it has been a bit since I had to last do this task. 

The Simple Fix to the Simple Issue

Luckily for you and me, it seems that every copy of a Windows operating system I looked at for this post (Win7, Win8, Win10, Server 2008+) have a utility in \windows\system32 called cliconfg.exe.  You can read up on that utility here.

A wonderful tool.  Here is it in Windows 10 form.  Which looks the same as Win7, so I think they will all pretty much appear to be the same. Actually, the Win7 version has a different set of window frames, so the appearance is more rounded instead of the ugly-ass Win10 metro crap.  But I digress.

image

What we need to do is select the Alias tab…the select Add.

image

For the purposes of this exercise, I need my system to talk to my SQL server (FQDN = sqlalwayson-a.tsoorad.net) on port 49001.  So, you set it up like this and then say OK.

image

image

Follow up that OK with an APPLY and your newly modified operating system will for thereafter talk to SQL server sqlalwayson-A.tsoorad.net on port 49001 vice 1433.  Simple.  Easy.  Works well.  Less filling.  Man, I am thirsty!

But Wait!  What if…

…you have like four user pools, and they all need to talk to the same monitoring server, but different archive targets per pool?  And what if there are like 30 front ends that need this modification, and every time you type this stuff in there is the possibility of spelling errors that mean system failure.  Now, I am sure there is some folks out there in techie land that are starting to chant “PowerShell!  PowerShell” -  but in this case, I am going to ignore them, and simply export a registry key, and then incorporate that into my server build process – which can be PowerShell-ized if you wish.

Here is the registry key to export.  HKLM\software\microsoft\mssqlserver\client\connectto

In my project, we had four SQL AG clusters, each with two nodes, a cluster name, and the AG name; all that needed to resolve by DNS.  So, our registry key looked somewhat like this: 16 entries with AG, cluster, node1, and node2 per supporting SQL cluster.  We then simply imported that into each server at build time.

image


Summary

The SQL mavens might well change ports on you.  If they do, there is an answer in form of cliconfg.exe.  If the scale is a tad larger than manual typing will cover, you can regedit your way to success.

YMMV








Pressure

I originally posted this to a different type of forum; but it got some unexpected responses.  Posting here by request.

I am mindlessly watching ESPN. Some sports center-ish athlete interview with what I thought was a worthless jock. And then, in the middle of talking about stress, Julie Foudy (the supposed worthless jock) comes out with the following:

“Pressure is a privilege”

Wow. That is a deep one. Like, it may not have a bottom. And certainly, no top.

Think it through just a bit in relation to your life. I know that when I look at my life, pressure has been a part of it. In reviewing the pivotal points in my career, I had choices to make that the majority of people in this country don’t get to make. I was in a position to make those choices because of what and where I was. I never thought that was a disadvantage. And then Foudy utters the words that make it all ring true. I had the privilege of pressure.

How many of us can claim something similar in our everyday work? We don’t punch a clock. Other than the processes and procedures we develop for our customers – no real set routine. We pressure ourselves to exceed expectations. We are not flipping burgers, pushing an idiot stick, or grinding through a personal episode of “Dirty Jobs.”

Don’t get me wrong. All those jobs need doing. Somebody does them and I am glad it is not me. But there are whole rafts of job categories that the doer just drones through – the same thing every day, every week, every month, year after year.

And then you and I get to make our own schedule, find and create lasting customer and professional relationships, and have an upside only limited by our own ambition, drive, and motivation. Not everyone can claim even part of that.

Give me the pressure to succeed. We have serious mental exercise. We must be agile, think on our feet, and sometimes work odd hours. 40-hour week? Rarely. But, flip all that around, It’s a privilege.

 

 

YMMV

2017/05/20

Windows 10 Battery Life

The Issue

I use a Lenovo Yoga 14 for my personal stuff.  A few weeks ago I ran updates.  I noticed that battery life dropped from nearly 10 hours to less than 3.  Closing the lid puts the Yoga to sleep, so opening it is a breeze and I have a working desktop in about 20 seconds or less.  After the updates, closing the lid still did the sleep thing, but on opening the lid the Yoga was dead.

The Problem

So, I started poking.  I discovered the latest rounds of updates had installed a Lenovo Screen Updater.  Holy Battery Drain.  The CPU was grinding away at 50%+ constantly.

The Fix

Remove it.  Now I get this here:

image

Seeing as how this was associated with the touch screen concepts, I imagine that this might help Win7, Win8, Win 8.1, et cetera – anything else that runs a touch screen with Lenovo and Windows.

YMMV

2017/05/18

Stupid SfB Tricks

In a fit of angst, today I recreated the infinity mirror exercise from several years ago.

Yes, I was testing with a customer and not just bored.

image

YMMV

2017/04/19

New SfB SE won’t start

Usually I see this problem with EE pools, but in this case I have now seen it with two different SE installs.

The Problem

RTCSRV won’t start.  It just sits there for a bit, like 10 minutes and claims it is “Starting”.  Then the service status goes to “Stopped”.

Nothing in the event log, nothing shows in Powershell.  If you try to start from services.msc, it just sits there.  Nothing.

How did we get here?

A fairly locked down environment.  OK.  A severely locked down environment.  The tin-foil hat types have found a home in this place.  New install – new as in greenfield deployment.  Standard Edition installs, and before starting services for the first time, we ran the February 2017 CU into place.  All of that seemed fairly normal.

But the service wont’ start.

The Fix

Again, I usually see this with EE pools, but here is what fixed it:

Reset-CsPoolRegistrarState –PoolFqdn poolfqdn.domain.com -ResetType FullReset

YMMV

2017/03/16

Skype Test Matrix

As part of a project, Thaddeus Kurowski (CDW) and I put together a Skype test matrix to ensure that the implementation worked as designed/expected.

You may find it useful as well.

https://gallery.technet.microsoft.com/Skype-Implementation-Test-e11edf07

YMMV.

Skype Edge Server and 2:1 NAT

This morning, we resolved an issue that I have never seen before, and hope that I never do.

The Background

I tell customers during design sessions that if there are existing network issues, Skype (or Lync) is going to find them.  If there is something a bit wonky, we are going to discover the wonkiness.  And here we go.

Skype edge with 1:1 Nat.  Public IP is 71.16.x.x.  Edge server is doing the classic 3 IP thing.  Remote logins are fine.  Everything seems to be ducky.  Except we cannot talk outbound. 

Go check all the network again.  Looks good. Check the topology, servers, IP assignments, paths.  All good.  Certificates, the common culprit behind one-way federation and presence look good.  We are now scratching our heads.  We know now we are looking at something wonky, but what?

The Fix

I was under the impression that 1:1 NAT is 1:1.  But it turns out that a Watchguard Firebox is capable to doing 2:1 NAT.  Inbound to the Edge server worked because the firewall had 1:1 NAT from public to DMZ VLAN.  Edge trace logs showed subscriptions and connections timing out on the far side.  The connections were being made, just no return traffic.  No SYN.  Telnet client testing outbound from the edge server on 5061 ad 443 worked.  Clearly inbound connections were working or there would be no remote logins.

As long as the traffic originated from outside the organization, things worked fine and the Edge server, via the 1:1 NAT was responding as expected to the source IP.  But traffic originating from INSIDE the organization was failing.  One way presence, presence unknown, cannot send to user, etc.  Apparently…

…according to www.ipchicken, the Watchguard was sending all traffic from the DMZ external VLAN out via a completely separate set of addresses!  HUH?  Whaaaaat?  So inbound would work, but outbound went out on a separate address?

So their firewall guy fixed that, we are back to 1:1 NAT and all is good. Something to be aware of, eh? Go figure.

YMMV

2017/03/15

Inbound Call Failures due to TCP configuration

I will not attempt to embellish this content past commenting that this call failure is not common.  I have rarely seen it, most likely because my implementation practice for upgrades is to match system settings before testing.

Having said that, I think I would have thought the initial setup described here would have worked.  But apparently not.  Inbound calls follow the original port.  Something to be aware of.

Thanks to Josh Walters, CDW Senior Consulting Engineer for writing this up for us.

YMMV

Scenario: 

Customer is deploying a new 3-node Skype for Business Enterprise Pool to replace their existing 2-node Lync 2010 Enterprise pool.  Enterprise voice is enabled in Lync 2010 and Lync call traffic is directed inbound from their PRI and delivered to an Avaya Session Manager appliance, then it is delivered to Lync.  Internal call flow functions as below:

PRI --> Avaya Aura System Manager --> Lync 2010 Enterprise Pool

After deploying the new Skype for Business FE Enterprise Pool, Edge Pool, and Back-End we decided to migrate a test user who was enabled for Enterprise Voice to the new Skype for Business Pool and test call flow with the new infrastructure.  The new expected call flow should function as below:

PRI --> Avaya Aura System Manager --> Lync 2010 Enterprise Pool --> Skype for Business Enterprise Pool

After moving the user, the user was able to successfully place an outbound call to both internal and external recipients but was unable to receive an inbound call.  When attempting to dial the Line# for the migrated user we were being routed directly to Voicemail (Exchange 2010 Unified Messaging).  What gives? 

Inbound Traffic

Avaya Aura System Manager --TCP 5060--> Lync 2010 Enterprise --TCP 5060--> Skype for Business Enterprise

Outbound Traffic

Skype for Business --TCP 5060 or TLS 5067--> Lync 2010 Enterprise --TCP 5060 or TLS 5067--> Avaya Aura System Manager

Well, what we found was that Avaya was routing SIP traffic to Lync 2010 using TCP port 5060 only (as seen above).  When Lync 2010 received the SIP request it attempted to route the traffic to the Skype for Business pool where the user is homed and it tried to use the same port it received the traffic on, but we had not yet activated TCP on the Skype for Business pool for Mediation.  The Skype for Business pool was therefore rejecting the traffic and then sending the call to Voicemail. 

The fix:  Enable TCP (and make sure to use the correct port for YOUR environment) so that the Skype for Business pool is listening for traffic on said port.   After enabling TCP 5060 on the Mediation Server (Collocated) all inbound call routing for the user started working. 

clip_image002

clip_image004

2017/03/12

Reverse O365 SfBO Migration Failure

The Scenario

Existing Office 365 tenant successfully using SfBO. Exchange on-premises.  Azure AD Connect version unknown, but up and functional  PBX with voice mail on-premises. We extended schema and installed SfB on-premises with Edge.  Modified the firewall to specification and attempted to get into hybrid. 

DNS mods we easy. Creating a test user and synching up to O365 went fine.  Enabling the test user for SfB went fine.  Another AAD sync and we were in business.  Moving the test user to O365 (so we could test moving back to on-premises) went just fine. And there the problems began.  Attempts to move the user back to on-premises failed with the following non-help message:

PS C:\Source\scripts> move-csuser -Identity sfb.test3@domain.com -Target domain-sfbfe01.domain.com -Credential $cred –HostedMigrationOverrideUrl https://admin0a.online.lync.com/HostedMigration/hostedmigrationservice.svc -Verbose
VERBOSE: CN=sfb test3,OU=hometown_Users,OU=domain_Users,DC=domain,DC=com

Confirm
Move-CsUser
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y
VERBOSE: Validating parameters for move operation.
VERBOSE: Calculating new server information for user [domain-sfbfe01.domain.com].
VERBOSE: Moving user [sip:sfbtest3@domain.com] across deployments.
VERBOSE: Creating source external move endpoint.
VERBOSE: Validating the hosted migration override URL provided:
[https://admin0a.online.lync.com/HostedMigration/hostedmigrationservice.svc].
VERBOSE: Retrieving web ticket URL.
VERBOSE: Retrieving live id token.
VERBOSE: Initializing source external move endpoint.
VERBOSE: Creating target external move endpoint.
VERBOSE: Initializing source external move endpoint.
VERBOSE: Validating user [sip:sfbtest3@domain.com] online, for on premises to online move.
move-csuser : I
ndex was outside the bounds of the array.
At line:1 char:1
+ move-csuser -Identity sfb.test3@domain.com -Target domain-sfbfe01.domain.com -Credenti ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (CN=sfb test3,OU...,DC=domain,DC=com:OCSADUser) [Move-CsUser], IndexOutO
   fRangeException
    + FullyQualifiedErrorId : MoveError,Microsoft.Rtc.Management.AD.Cmdlets.MoveOcsUserCmdlet

"Index was outside the bounds of the array."

You know how many hits googlepedia produces for that?  None of them helpful.  So we triple-checked our work.  Reviewing the overall picture, it was apparent that there was some issue with the on-premises environment, but everything we looked at came up good.

The Root Cause

The root cause was that Azure AD Connect was installed and configured BEFORE the extending schema for SfB.  As it turns out in the end, Azure AD Connect does not refresh schema very well, if at all, unless you tell it to. 

And even then, maybe not. There is a button inside the missclient (Synchronization Service Manager) that SAYS it will do it.  I mean, it clearly says “refresh schema”

image

…and the following message sure says it will…

image

But, guess what, that is not the case.

As you can probably guess, the root issue causing our migration failure was that the AAD Connect had no knowledge of the SfB attributes coming in with the online user.  Now, I would have thought they would have seeing as how we were successful in installing SfB, creating a good on-premises user, and moving that user up into the tenant.  But no.

Interesting side note is that once we twigged onto the schema concept, using the button on AAD connector populated SOME valiues – we could see them.  But still moving back to on-premises failed.

The Fix

It seems that if you run "C:\Program Files\Microsoft Azure Active Directory Connect\AzureADConnect.exe", you get a few options. Specifically, take a look at the third option from the top.

image

I do not pretend to know the difference between “refresh schema” in one location as opposed to the other, but I do know that running the “refresh directory schema” from this location, followed by a full synch on both connectors resolved our failed user moves.

Keeping your Azure AD Connect up to date might be helpful also and in theory the reinstallation process will trigger a schema refresh.  You can get a clean copy of that installer right here.

Of course, once you know what to look for, there is this also.

YMMV

2017/03/03

AudioCodes UC 3.0.x Office 365 MFA support

 

I feel a bit like Steve Martin

AudioCodes is due, very shortly I hope, to publish new firmware for the 440HD and 450HD phones (dare I hope for the 430HD also? 405? 405HD? 420HD?) that enables the device to do a web sign-in to an MFA-enabled Office 365 tenant account.  Wow, that was one long sentence.  My English prof at St Thomas Aquinas would beat me about the head and shoulders.  However, there it is.

Let’s walk through this process.

Update the firmware on the phone device. How you do that is up to you.  Personally, I used my IP Phone Manager Express.

My 440HD at 3.0.1.89, my 450HD is at 3.0.1.63.214.  After getting the firmware updated, both devices appeared to be the same.  I am sure there is some detail that I did not notice, but they look the same to me.

Open either the web interface, or the phone screen, and start the sign-in process.

phone:

image

phone web interface:

image

select the web sign-in option….

image

What results from either method is this:

image

or

image

Inside the red box (which you will not get on your phone or browser screen) is the two critical pieces of information to complete the login process.  First is the URL http://aka.ms/sphone.  Go there with your code.

The code is not case sensitive.

So you go to the indicated URL and follow the prompts, then enter your code.  You will see where I did lower case while the phone and the browser GUI both indicated caps.

What follows is a bit round-about – but you get thrown into the office portal login…

image

and a redirect to the corporate AD sign-in…

image

and after working my way through the MFA routine, I get this:

image

after entering the requisite code… remember, not case sensitive, the page magically morphs to this:

image

Select continue, because I am assuming you WANT to get the device to work…and you get this

image

For you eagle-eye readers, you will note that now this page, which appears to look just like a few steps before now says I am signed in.  How nice.  Observing the device, I note that it SAYS it is logged in, but you know, it still looks pretty unusable at this point.  So, click on your account that was signed in…

image

Wala!

and now the device itself looks like the following – well, it will in a bit – patience padiwan!

image

BTW, you have 15 minutes to complete the web sign-in gymkhana.  If you blow the 15 minute limit, you will need to start over.

image

I am told, by an source who only spoke on the condition of anonymity (this makes me equal to all the reporters in any nation’s capitol), that we can expect this new firmware code to be out in the wild sometime around the end of Q1 2017.

YMMV

2017/02/17

Server 2012 R2 KB2919355–WTF?

Last week, I innocently decided to build myself a new Server 2012 R2 image – and then sysprep it so I could easily spin up a new host for whatever I needed.

Yes, I know I could use Server 2016 – but the vast majority of my customers are using 2012 R2 – and what good is a lab exercise if it does not reflect what you will be doing in production?  So, off I go to build myself my squeaky clean image.

The install went so easy.  And the then update nightmare begins.  I have no idea why it has to be so &^%#$@! difficult.  It’s not like I am trying to do something that is way out there.  I just want to get all the operating system updates applicable up to and including today.

As we should know by now, Server 2012 R2 will go through multiple iterations of updates for a variety of reasons.  One of them being what some people called SP1 to R2 – specifically KB2919355.  Roughly 800MB of (eh?) goodness.  After that is another 190+ updates.

For my new image, KB2919355 refused to be seen, let alone install.  Dang.  Last time this happened I had to throw the server away.  Oddly, and why I am ranting today, is that the next server build, like 5 minutes later, went right through with zero issues.  This time, I resolved to figure it out rather than give in. 

Here is what I found.  This may or may not work for you.  It may or may not trip your trigger – you may just wish to throw things away and start the Server 2012 R2 Update Roulette game over again.

After doing some reading about the well-known issue that is KB2919355, I downloaded the components of the KB separately.  https://www.microsoft.com/en-us/download/details.aspx?id=42334. I also downloaded KB2919442 separately from here: https://www.microsoft.com/en-us/download/details.aspx?id=42162.

Then I installed/ran them in the following order:

  • kb2932046
  • kb2934018
  • kb2937592
  • kb2938439
  • kb2959977
  • kb2919442
  • clearcompressionflag.exe
  • Chant, light the candles, and spatter the chicken blood.  Reboot
  • kb2919355

Oh joy.  Only 190 more to go.

image

 

YMMV

Coaching

Have you ever considered getting some help with professional development? Have you ever had someone, a co-worker perhaps, or a friend or fam...