Sunday, September 23, 2018

The Curious Case of TCP/9808

A Mystery in 3 Acts

Flashback (58 days ago)

Prologue

The Scene: A typical day in Ops
Ops engineer: Oh, I just got an alert that the default certificate on one of our enterprise pools is about to expire. Time to create a change request for the upcoming maintenance window and get it replaced.

Act 1 Scene 1

(Two days later, during the weekly maintenance window)
Our trusty ops engineer, having filed the proper change request and obtaining an approval, creates a CSR, submits it to his internal PKI and generates a new default certificate. He launches the deployment wizard,  imports his certificate, and assigns it to the proper usages ( server default, internal and external web services).

No errors were found, and all appears working as expected.

Following his organization's predefined best practices (trust but verify!)  ,  our ops engineer now runs through his certificate replacement checklist.
He grabs his trusty DigiCert utility for windows, and proceeds to verify that the new certificate is being presented on the known ports  ( 5061, 443, 4443). To accomplish this, he launches the tool on the enterprise pool server, selects tools and clicks “check install” in the certificate installation checker section. He sets his server address  to localhost, sets  the SSL mode to  direct and checks each port, verifying the new “valid to”  date and serial number match the newly provisioned certificate  (Exhibit A is shown below)

certutil1
Exhibit A

Satisfied that this an all other checks have passed, he makes another espresso and falls right to sleep, confident his maintenance has been completed to his intended and expected perfection.

Act 1 Scene 2

(Two days later)
The Scene: A typical day in Ops

Ops engineer: Hey I just got an alert that the enterprise pool is seeing expired certificate errors.
Upon closer examination, he notices that the error message is saying the server connected to itself on port 9808 and saw an expired certificate.

Ops engineer: Hmm, I don’t recall that port being used for anything, but let me consult the sacred texts. Finding nothing referring to this port, the ops engineer consults with some of his trusted colleagues. in each case, no one was able to say what this port was being used for, if at all.

Looking back on the facts of the case, the ops engineer realized this expired alert occurred on the day the old certificate expired, but that cert is not in use as far as anyone could tell.  That “scummy”  alerting system must be faulty, its reading the cert store, not what is in use, he thought.

His colleagues agreed, as they too had been subjected to false alarms from that system. “That must be it, we are not seeing any problems that we know of and no one is calling the emergency line” they declared. “Let’s remove that cert from the store, even though  we usually keep the previous ones around”

They deleted the certificate from the store and went on with their daily routines, confident they had put this annoyance to bed.

Act 2 Scene 1

(Three days later)
The Scene: The war room (No fighting allowed)

The ops engineer has received an escalated issue. A single customer is having problems signing onto one of their room systems. It seems that only a single account cannot sign in on a single system. Curious indeed. Hmm, all the usual things have been looked at and all seem normal. I think its time we alerted the proper authorities.

After consulting with the authorities and providing them with all the required documentation, they waited. And they waited. Executives from all corners were getting anxious… “Do something”, they hollered. “We are”, came the reply. The executives demanded that something be done. “rebuild the account in question, that will certainly fix the issue”. “We don’t know that for certain. and we really need to understand why this is happening…”  was the response.  The ops engineer was able to hold off the executives for a few more hours, but finally, they rebuilt the account.

Nothing had changed.

Finally, they received word from the authorities. “A message in the documentation you submitted has yielded a clue!” they cried. “We found a reference to an expired certificate”

The ops engineer and his colleagues were shocked.

The showed the authorities the server.

The certificate in question did not exist.

Anywhere.

The ops engineer explained to the authorities that the certificate they were seeing had been replaced over a week ago. He showed them the DigiCert utility output from his completed CR as evidence that the cert was not in use. “

“You must restart the server then, this must be a bug in the code” they explained.

Reluctant to inconvenience thousands of people to resolve an issue with a single system, the ops engineer decided to ponder the situation.

“We will get back to you soon..”  he told the authorities.

Act 3 Scene 1

(one sleepless night later)
The scene: The sleepy anxious ops engineer is making an espresso

Not until this moment had the ops engineer put the expired cert alarm AND  the clue in the documentation together. “What if port 9808 is still presenting that expired certificate?” , he wondered.

Firing up his DigiCert checker tool, he pointed it at localhost as before, but this time he looked at port 9808.

HE WAS SHOCKED.

There in cold hard pixels. PORT 9808 WAS STILL PRESENTING THE OLD EXPIRED CERTIFICATE THAT WAS REMOVED FROM THE SERVER. BUT WHAT WAS IT?

That scummy alerting system was right all along.

He fired up a command prompt. He ran the command netstat –aon | findstr “9808”  ( exhibit B). He saw a single listener and 4 “loopback”  connections on the server between port 9808 and random high ports.

He then ran a get-process –pid xxxx using the PIDs from the netstat output.
netstat
Exhibit B

“Hmm , so the listener is rtchost, and the high ports connecting to it are rtcsrv” he observed.
He crafted an out of band change request for that evening. it included restarting the service using the command “restart-service RTCSRV“ and checking the port’s certificate before and after the restart.

Act 3 Scene 2

(One Day, and one out of band change, later)
The scene: The daily ops briefing

Overnight maintenance engineer: “The CR was successful, port 9808 now shows the correct certificate”

Support engineer: “The end customer has reported that they can now sign into the room system”

The virtual meeting room turned to the ops engineer... “Are these events related? so what is port 9808 doing,  anyway? it is not in our sacred texts”, they exclaimed.

The trusty ops engineer virtually looked at his colleagues… “beats me, the authorities will surely know”

With the end customer now working as expected, the ops engineer met regularly with the authorities about his findings, looking for the answer to what port 9808 was.

Some systems had this listener and some did not. He found at least 5 systems that had it. many others that did not. The authorities claimed it was a random occurrence. “It is not random”  , multiple times they told him, and he demanded a better answer each time.  ( sometimes more animated than others!)
He waited for weeks. He made many espresso drinks.

Time passed.

Act 3 Scene 3

(49 Days later)
The Scene: A typical day  in ops

Finally,  someone who had access to the sacred texts of server instructions contacted him.

“We have your answer”  the authority figure currently in charge of his inquiry said to him.

Go to your enterprise server and open the file SharedLineAppearance.exe.config located in “C:\Program Files\Skype for Business Server 2015\Server\Core” he demanded excitedly.

The ops engineer complied.

His jaw dropped. The mystery had been solved.

sla1
Exhibit C
The authorities asked him, “Do you use the shared line appearance feature?”

“Only every day” came the reply.

The authorities explained that port 9808 was used for SIP subscribe message for the SLA feature.

“We have confirmed the fact that when a certificate is replaced, port 9808 does not update its certificate. We have logged an inquiry with our masters We are closing this inquiry, have a nice day”

The ops engineer now understood why some systems had the port and some did not. he still did not know if this issue was related to the room system problem, but at least he knew what TCP/9808 was doing.

Epilogue

“If this port is used for all servers for this feature, why is it not written in any of the sacred texts…”? he questioned.

It was then that the ops engineer realized he had another mystery on his hands, one he would likely never know the answer to.


Fade to Black


This reenactment is based on actual events.   Characters, businesses, places, events, locales, and incidents are either the products of the author’s imagination or used in a fictitious manner. Any resemblance to actual persons, living or dead, is purely coincidental.

Sunday, March 26, 2017

Running AudioCodes' Syslog Viewer As a Service


How To Have "AlwaysOn" logging from your SBC


Let's face it, in the world of complex, heterogeneous systems that we spend so much of  our time in, logging and tracing are an absolute necessity.  For example , the ability to  analyze  a SIP dialog, step by step, can sometimes be the only way to debug a particular problem. If you have followed the tracing evolution of the Microsoft UC stack from the "flat file"  logging in  LCS ( AKA The Stone age),  to the OCS logger days (AKA The Bronze age), now to the Modern era of  Centralized Logging Service (CLS logging) we currently enjoy  ( OK,  maybe "enjoy" is too strong a word!), it is obvious that there is a premium placed on collecting and analyzing logs these days. 

Session Border Controllers (SBC) are the "firewalls" of any modern VoIP implementation , providing a termination point for both the carrier and internal deployments, while serving to protect each from the other. This is also a place to match, modify, or otherwise manipulate signaling and/or media in nearly unlimited ways. 

I currently have the distinct pleasure of being one of those responsible for the "care and feeding" of a very busy S4B deployment that routes its traffic to the PSTN via AudioCodes Mediant Session Border Controllers. As with S4B, the concept of "always on"  logging at this crucial point in the network is practically a necessity.

As mentioned in the opening paragraph, in order to keep up with those evolving debugging requirements,   AudioCodes' troubleshooting tools have thankfully received their share of  attention with respect to features and ease of use.

While there are times when tools that can be spun up quickly like  Power Syslog Server are absolutely a requirement for some situations ( Thank You, James for another great tool!), my requirements currently are closer to the "AlwaysOn" methodology. I don't know when I may have to go back and look at a call flow, and I don't always have the ability to ask the end user to try and recreate a reported problem.

Enter the newly updated "Syslog Viewer" from AudioCodes R&D.

My initial attempts at  setting this tool to run as a windows service were not met with much success. However, thanks to some able assistance from @mikerps  and the AudioCodes R&D team, they were able to update the tool to add a command line argument ( more on that in a moment)  that allows you to specify a startup configuration. This way, I am able to run it as a service, collecting my logs in the background, allowing me to search them when needed.

Here are the components I used to accomplish this. 

  1. AudioCodes' Syslog viewer,  version 1.17
  2. NSSM ( The Non Sucking Service Manager) to create the windows service. I have used this tool for many years, but any helper application that will enable you to create a service from an exe should work fine. You may have used SC or the now deprecated srvany.exe, but I like NSSM's ease of use , plus it is public domain, and open source. ( Besides, how can you not love a product that boasts it's non-suckyness?) 

Setting things up

First, you need to grab a copy of the latest syslog viewer ( You'll have to login to AudioCodes' site) . Next we need to create the text file that we will use when launching as a service.  IMPORTANT!! , DO NOT launch the program from the start menu at this time. Instead, we will have the program create the file for us by specifying the filename and path from the command line, as shown below.


Launching syslogviewer from the command line

NOTE: the CLI argument is <dash><dash>config<space><filename>

Once Syslog Viewer launches, we need to setup our config the way we want it to load when the service starts. First set your options in the Tools -> Options Dialog

Tools -> Options Dialog

If you are are going to be using this as an "AlwayOn" logging tool ( which is WHY you are reading this , right ? ),  be sure to set your log file size and number of files before rotation occurs. If you are pointing more than one device to the logger, be sure to check "Create separate files for each device", as this will enhance your ability to locate logs in a busy environment.

Save your options by clicking OK , and then navigate to the "File -> Write Log As..." Option
File -> Write Log As..

and set your log path and file name. As mentioned above, if you have multiple devices, the IP address of the device will be appended to this name. For reference, you can confirm the target folder by looking at the title of the Syslog Viewer window. 

Log path in TitleBar


Now, close the viewer to write your config file.  Then navigate to the folder where you specified your config file  when you launched the viewer. If all went well , you will have an INI file with the settings you just specified.

Config File

When you view this INI file , notice you will see the "WriteLog = true" and "RecentWriteFile=" as the file and path where logs will be stored.

Create the Service

Now, download and extract NSSM. (You can also deploy it via chocolatey using "choco install NSSM")  There is no real install needed. Simply extract the file. NSSM can be configured via CLI or GUI.
Navigate to the proper .exe file and run "NSSM install". The configuration dialog GUI will popup. Note: Running NSSM without any arguments, will launch a help window.

NSSM Installer 

The NSSM install dialog exposes all the options you need to configure a service (ex. run as, startup mode, etc.)   but be sure to add the config file argument exactly as you did when you launched the program initially  (when we created the INI file). The "Service name" field will be the name you use to interact with this service ( ex. via Powershell), but the "Name" field on the Details tab will be the one that you will see in Services.msc. Be sure to set your "Startup type" to Automatic!

NSSM Service Details Tab


Once you install the service, you will see it in the services dialog and you can start it there.

Check your log path and you will see an initial log file created for each device as soon as syslog data starts coming in.

Now, you can open the log files in another instance of the viewer and not worry about closing your window, missing any data,  or forgetting to restart writing logs. (Who me?  No, I've never done that, EVER!)

Happy logging! May you "always" be "on"  the lookout for new syslog adventures. ( See what I did there?)

Till next time! 

Tuesday, March 15, 2016

Why Did My Home Page Change? ( Hint: It's Not What You Think)

One of the reasons I do enjoy my job is the ability to discover and learn new things. I don’t think a day goes by that most of us in the technology space don’t learn at least one *tidbit* of new information. Things have gotten far more complicated that they ever were ,its impossible to know everything , thankfully the collective hive mind of the intertubes are a never ending connect-the-dots search for technology ( among other things!) enlightenment.

My situation began when I noticed that in the last few days , when I rebooted my PC, my default browser would open to the MSN homepage. Now I know what you are thinking ( as was I ) “Oh crap , I have some malware”. The strange thing was that once I clicked my homepage button , it would go back to my configured page. This would only happen on booting up , which is why I hadn’t paid a lot of attention to it,  really. Strange behavior for malware , NO?
Today however , I was battling a rather nasty Excel/VBA issue (a story for another time) that was crashing Office regularly.I attempted a few reboots to fix that problem  and finally realized my browser’s  issue. As I mentioned above , my first thought was malware so this problem took center stage.

At first I was curious as to how such strange behavior was taking over my daily driver, and how did it get past my defenses?

First I have my PFSense Open Source Firewall with Antivirus. Then my local machine is running Malware bytes premium ( with auto updates). Plus, of course I also have windows defender. Surely, these great tools coupled with my *safe surfing habits* would keep me protected, right ? Was it a Drown Attack vector? Was it something new that no one knew about ? Doubtful, to say the least, but only time would tell.

Lets look thru the usual startup locations.  The great and knowledgeable Mark Russinovich  has built the sweetest set of sysinternals tools. One of my favorites is Autoruns. This tool will show you every possible  place that some evil (or even pseudo-evil) software will attempt to hide itself for startup. Just Like with  his alter ego , Jeff Aiken , malware has no chance to hide from sysinternals!

Lets take a tally here …

Autoruns?  – Nada!  Malwarebytes – Zilch! Windows Defender? Zero!  HAVP? no hits!

Taking a step back ,  I found a hint in the URL  that my default browser was opening up to , which was  http://www.msn.com/?ocid=wispr. A search for “WISPR” yielded the clue as to why this *just started* happening to me.

As it turns out there is a feature in windows at least as far back at least  7  ( that I guess I never thought about)  , called Microsoft NCSI (No,  its not the latest techno investigative team from Redmond, although it sure sounds like one!) It stands for Network Connectivity Status Indicator.. II vaguely knew that this existed when troubleshooting strange NIC behavior (Example, when a NIC gets flagged in the wrong zone so windows firewall rules get applied incorrectly)  , but had no idea that it would affect the browser and bypass all browser configuration!

Basically, the feature works like this.When your Windows computer comes on line, with network connectivity, it will try to hit the  text file , located on the web at www.msftncsi.com/ncsi.txt.  If windows  cant hit it , it assumes you are at a public hotspot and will need a browser to sign in to the access point,  so your default browser is launched. Since I really do have internet access ( no captive portal needed here in the Northern woods!) the page then redirected me to the MSN homepage.

As it turns out this problem was (like many) self inflicted.

You see , recently, I began tinkering with Raspberry Pi machines. First I built an Airsonos box that made streaming that much easier and friendly at home. Then I found out about a cool network wide ad blocker called Pi-hole (don’t you love open source project names?) Pi-hole is simply linux box running dnsmasq   that maintains its own blacklists for ad servers.  When a device pointed to pihole for DNS requests a blocked site , Pi-hole simply serves up a tiny txt or jpg instead that bandwidth hogging sidebar!

Can you guess what happened when I added  www.msftncsi.com to my whitelist ? HINT: No more *hijack*

If this behavior annoys you you can disable it in the registry as well. Siimply change the value named EnableActiveProbing located at the key named: 

 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet

 to a “0” from the default , “1” if you look thru this key you can see other parameters such as the host and path of the target file, so I guess you can customize this for a your own tastes. 

Also , Pi-hole has a script that be used to add domains to the whitelist. It seems that wildcards are not supported yet so no *.domain.com.


Phew, glad that one was solved!

Till next time, folks. Keep on learnin’ !!

Friday, May 1, 2015

TPID Blog’s 10 Tips for Working Smarter not Harder (Part 1)


One of the Challenges we face on a daily basis is optimizing our performance, and getting tasks done quicker and easier. Most of the time , we are performing the same tasks over and over, and as we all know that’s what computers do best , and humans do worst.  None of these tips will solve that killer issue you have been tracking for weeks , but they might help you spend less time on the mundane parts of a troubleshooting session.

Therefore in the spirit of my TOP 10 community tools , I would like to share 10 tips and shortcuts  that I have accumulated over time, some I learned from others, some I discovered on my own.   Some of these might be “DUH!” tips to some folks, but I’m betting not everyone knows all of  these. I think anyone who has to administer or support Skype for Business and/or  Windows  server on a daily basis can shave a few minutes from their days with these “little gems”

10. CSCP move multi-select- For this first tip ,  let me set the scene for you. You are working in Skype for Business (S4B) control panel silverlight application, you have to add a new rule to a dialplan that has 40-50 or rules in it. You need this rule to be the 4th rule in the list. When you use the CSCP to add the rule , it goes to the bottom of the list. Until my colleague Jonmck (@ucomsgeek) showed me this tip, I had 2 choices. #1 click the up arrow 46 times , or use Powershell (POSH). While I would probably prefer to use POSH ( the –priority switch will accomplish this ) , there are times when this is simply not a viable  option ( ex. training a new customer, no easy server access  etc) . To move the bottom rule UP 46 places , all you have to do it move the 45 rules above it DOWN! (DOH!). Because of Silverlight not all standard windows commands are supported , luckily Ctrl-a ( all) and ctrl-click( select-unselect) are. As shown below , by selecting rule2 and rule3 and clicking down , Rule1 goes up! (DOH!) A few clicks versus MANY clicks!
image

9. ExcludeActivityLevel switch- The next tip is a powershell one. Frequently when standing up a new Lync server  you need to quickly find out the status of Lync services You also know that the POSH command  “Get-CsWindowService”  command will do this. You have probably already seen that sometimes this command can take a few seconds to run, partially because by default the command is also getting the current activity level of all services. That is  where the  “-excludeactivitylevel” switch comes in very handy. Couple this command with the POSH auto complete feature and you can get service status by typing “get-cswi<tab><space><dash>e<tab><enter>” (Time saver!)

8. “Lync” management Shell- Speaking of PowerShell, we have all seen the “Lync Server Managment shell” shortcut added when we install admin tools on a server. Have you ever wondered what the difference is between that and “regular” PowerShell is? Well here’s a little secret gang… when using PowerShell 3.0 and higher NOTHING IS DIFFERENT. This is because while that command loads the Lync module, PowerShell will always find all installed modules and auto loads them when needed, as illustrated below. Note below that when I opened the standard windows PowerShell and ran “get-module” , I only had the basic commands , but when I typed a Lync command ( look familiar?) and then ran “get-module” again,  Lync was loaded. Personally,  I prefer the default properties of the  Powershell shortcut and do not think I have ever used “Lync Shell”. I don’t know this for certain, but I wonder if this shell remains for those Exchange Admins who are used to a “real” admin shell ( that does much more than a standard shell). So don’t exit out of a regular PowerShell  because you think you need to for Lync access) (Time saver!!) 

image


7.  Always build Edge server as a pool – The next tip wont save time when you do it , it might save you time in the future. As you are aware , S4b/Lync treats EVERYTHING as a Pool ( FE , mediation etc).When you walk the new edge pool wizard, you are asked to choose between a single server  and a multi server pool. if you only have a single edge , you might be tempted to select single, but DON’T! If you select multi server pool you can still add only a single server to the pool. Later , if you decide to add a second server to that edge , it will be a simple chore, however if you selected “single” initially,  you are unable to convert it,  and have much more work on your hands! PS, if you use @rbrynteson and @realtimeuc 's LyncValidator ( and you should!) this will be done for you automatically. ( Future Time saver!)

6. Edge server static routes – The next  time saver is also related to the edge server , and also is something that will save time in the future, but should be done when deploying edge servers. As everyone knows,  a multi homed windows server has very specific network interface requirements, including static routes with no gateway on the internal side. Since I learned about this tip in around 2010 , I have been using just 3 netsh commands to point all RFC1918 (private) addresses to the internal interface. As long as your network only uses legal private addresses internally you don’t need to ask the networking group to “provide a list of all internal subnets” for you configure the edge interfaces. Of course if you use @patrichard  set-cs2013featrues script as recommended in my Top 10 tools post, it will do this for you, however I usually have this done when building the server prior to  installing prereqs,  so I have the person building the server run the following 3 commands for me. As a rule I try to call the internal interface “internal” but you could call it “TPID”  if you like just ( be sure to let me know if you do!) and  use whatever name you choose in the following commands, this way if any new subnet are added after the edge deployment, you wont have to revisit every edge’s host’s file.
  • Netsh interface ipv4 add route 10.0.0.0/8 "<interface name>" <INTERNALGWIP>
  • netsh interface ipv4 add route 172.16.0.0/12 "<interface name>" <INTERNALGWIP>
  • netsh interface ipv4 add route 192.168.0.0/16 "<interface name>" <INTERNALGWIP>

Well that about concludes PART 1 of my working smarter tips – look for PART 2 as I count down my top 5 best tips for working smarter not harder!

PS If you will be at MS Ignite 2015 find me and say hello! – also look for my upcoming review right here at TPID Blog!

Tuesday, March 10, 2015

TPID Blog’s Top 10 Community tools for Lync and S4B

One of the great benefits to administrators, and users alike,  of the platform that is Lync Server (now known as Skype for Business) is the ability to "extend" said management and user experiences in ways that the original developers could probably only imagine.

A smart, dedicated, and tireless community has risen up around the Lync/S4B  ecosystem and has "delivered the goods" in many many ways. From user experience , to server maintenance and deployment, these tools help everyone of us get the most out of our  Lync Deployments.

So, with apologies to David Letterman , I would like to present my personal "TOP 10" list of 100% free , community  built extensions , scripts  and resources. I use most of these tools on a regular basis ( some I use every day) , and couldn't  imagine doing my job without them.


10) Number ten on my list is New-LyncMeetingWarmup – by Greig Sheridan  over at greiginsydney.com Greig promises “low-fat  and no genetically modified ingredients” in his ‘recipes” and he delivers!. This must have script automates a process outlined by Drago Totev in his LyncLog Blog that deals with slow meeting joins. While this might not be as pressing an issue as it once was, Greig and Drago have combined to provide a simple way of automating , understanding and dealing with this behavior that affects both users and guests joining Lync meetings.

9) Deploying and maintaining PSTN gateways is a necessary  and  sometimes time consuming process. Vic Jaswal's   Powershell Module for Sonus SBC1k/2k combines Powershell with Sonus’ REST api to provide near CLI access to my favorite SIP gateway. There are CMDLETS to create query and manage and provision transformations tables and entries , or even query any aspect of your SBC 1K/2K. While this is not a Manufacturer’s  “official” PoSH module, it works as expected, and is awesome if you have to manage 1 or 100 Sonus SBC1k2K

8) As we all know,  there are other manufacturers of SIP/PSTN gateways and they need support as well. My colleague Jonathan Mckinney, is up next with his script to backup Audiocodes Mediant and Mediapacks. His PowerShell script is now “JonMck approved” to work with gateways up to version 6.6 6.8 . If you have to manage an Audiocodes centric deployment, this script is a lifesaver.

7) Shifting gears from Powershell, my colleague Richard Brynteson teamed up  Michael LeMontage to created the Lync Validator website. These guys were unhappy with the  Microsoft Lync Planning tool,   so they built their own and shared it with the world! Simply sign in with your Microsoft account , and you can upload an existing TBXML file or create a new one. Once your topology is completed, it is validated ( get it?) against best practices. You can then generate reports for firewall rules , certificates or even generate DNS config scripts. As if that wasn’t enough you can then generate a word doc to output and document your design. Awesome tool,   Thanks guys! 

6) Creating complex dialing rules can be nirvana to some and hell on earth to others. If find yourself in the latter category, check out the Lync optimizer website  , provided as a free service by Ken Lasko , aka “the hoff” .Simply Input your NPA and NXX ( or country code and  region code  for non NANP users) and the optimizer will generate a complete dialplan as .ps1 that you can deploy or simply the raw Regex. I generally tend to opt for the raw regex rules and paste those in my rulesets, but if you have complex needs , or simply want to learn how put together a concise  dialplan, or configure extension dialing , premium number blocking or Location based routing, you simply cannot go wrong with this tool. Ken has  done an amazing job of collating freely available  information and turning it into a free consumable service for everyone. Just like lyncvalidator , you will need a Microsoft ID to use his site.

5) Shifting gears to client side enhancements , the next tool I use almost everyday is called Lync Select dial by Matt Landis, another UC Rockstar. It’s not very fancy , but this tool accurately illustrates the “art of the possible” with Lync/S4b.  Lync Select dial is so ubiquitous , it’s a wonder why its not embedded in the client. Simply highlight a phone number ANYWHERE in ANY app or web page and press a hotkey to have that number automatically dialed by  your client.  Simplicity at its finest!

4)  Matt gets his second listing in the top 10 with the next application. The who can federate tool. It  has been said that a computer network is only as good as the number of connected nodes it has , and your personal Lync “social” network is no exception. Use this application to scan your contacts to find out who has Lync federation enabled. There is also the ability to submit found domains to the Lync Federation Directory project  which should also get an honorable mention in my list as it clearly shows the power and reach of Lync/Sfb.  It is important to note that you do not need Lync/S4b to use this tool. It simply queries DNS using the domains listed in your Outlook contacts. This can be a great sales tool to show potential customers who they could communicate with if they had Lync.

3) Anyone who knows me , knows that automation , especially documentation automation is a top concern of mine.  Chris Cook over at EmptyMessage.com,  obviously feels the same way. but unlike me , he has done something about it.  Chris has combined these two passions ( it could also be a hatred for documentation as well, I guess!)  to  create the  Lync Environment Report Builder. This tool consists of multiple scripts. The first queries your deployment to collect information about the servers ( edge included!)  and resources in your topology and creates a ZIP file. This ZIP file is then used as an input file to other scripts to  generate Word , Excel or Visio files that  document your environment. Awesome! A recent update now allows for customized word templates. As an aside, by observing how this script does its job, it helped me solve a world automation issue I was having. Thanks Chris!

2) Speaking of UC Rockstars, I have tweeted this in past and its still true. I don’t know where I would be without Ehloworld’s  amazing Set-Cs2013Features script.  I have watched this script “grow up” before my eyes over the past two years .  Pat’s script downloads , prepares,  and  tweaks your Lync servers and deployment (OWAS Servers included!)  using a simple menu system. An amazing and concise piece of code, this script can reboot and resume itself as needed, reuse downloads from a previous run , and even tweak your taskbar or Lync Server control panel font. Pat’s prolific contribution to the UC Community is well known and appreciated. Pat also co-hosts the UC Architect’s  podcast , another great resource!

1) Whether you deploy Lync , like  I do, or  simply support your company’s Lync deployment, you find yourself logging into and out of many different accounts while testing and troubleshooting.  The #1 community tool for me makes this almost daily task that much easier, thanks to Greig Sheridan.  His  Profiles for Lync client side application allows you sign in and out of as many as 40 different sites!. Administrators can use this  great tool to easily to sign in to test accounts , for example , that are assigned different dial plans or registrars for easy testing. (It sure beats the bank of IP sets I used to have back in the day , but that’s a story for another time!)  Consultants love this tool because we are constantly moving from one autonomous system to another. This tool has been around since Lync 2010 and now supports the latest client , and includes the ability to launch any site from the command line as well. This tool has been a mainstay on my taskbar for many years now , and is one of the first things I install on a new machine. Simply import my settings from Onedrive ( including encrypted passwords!)  and I am good to go. Talk about a lifesaver! 

Well there you have it. My personal TOP 10 FREE tools.

Reminder. Please be a good netizen and contribute to those projects that offer it, and if you see any of these top contributors at the ignite conference or your local  users group meeting , drop them a note , buy them a beverage of their choice, or just say a big THANKS! ( Better yet , do all three!) These folks help make Microsoft UC the industry Leader that it is.

Also , this is list is far from complete, as I could easily come up with a top 100 list of great free resources. Look for a 2nd installment ( at least)  of “TPID’s top 10” in the near future, and remember , if you use these tools in your projects, or day to day tasks,  be sure to  acknowledge the original author(s).

Lastly,  if you have an idea that you think will make life easier for everyone , try your hand at building it and giving back to the community. Personally, I have few projects that are nearing that point, so I will share and post about them soon, right here at TPID blog!


Friday, February 27, 2015

Jabra Evolve 80 UC – A Hands On Review



One of the great advantages of using a softphone based communications system like Skype for Business (S4B), is the sheer variety of compatible audio and video endpoints to choose from.  Simply browse on over to the Lync catalog and check out the qualified device page to see the ever growing ecosystem of certified devices available.  

Home based users certainly have different needs and requirements than a cubicle based, or nomadic user may have. Luckily the Lync (S4B) ecosystem continues to expand with new, and some might say exciting, developments.

Today, I will provide my thoughts and observations of the new Jabra Evolve 80 UC Lync headset
The Jabra Evolve 80 is the latest Microsoft UC offering from the folks at Jabra, one of the leading headset manufacturers.

I have had this headset for over a month now, so this is no “just-out-of-the-box” review. This headset has become my daily driver. I use it all day long. 

As a mostly home based worker, thanks to my job and S4B/Lync  , I spend a great deal of time at my computer,  in my home office, alone( at least in terms of people in the same room).Because of this fact , I don’t mind wearing a binaural headset, in fact I personally enjoy it. However, if you work in a noisy office you will more than appreciate the “comfort zone” that this headset provides, thanks the noise canceling feature.

If you like to stream your favorite music or podcast while you work on that latest masterpiece, spreadsheet, or quarterly report, you will love the Jabra evolve series.

 

Overview

Right out of the box, it is easy to see that the Jabra Evolve 80 UC is a high quality device.  The package consists of the headset, which has leather ear cushions and a standard 3.5mm phono plug, as well as the UC USB Adapter, which provides you with the requisite Lync call control functions, such as answer, mute and volume control. The adapter also has a “busy” light that controls the matching indicator on the headset. The Jabra Evolve also has a fold up boom mic (which mutes the mic) and folds flat for storage (more on both these items in a moment). A soft carrying case is also included for travel.
The Evolve Headset , UC Adapter and soft case

 

Features

Active Noise Cancellation
In my mind, there is no doubt that after the quality stereo response from this device, the best feature is the active noise cancelling (ANC) option. A switch, located under the right ear cup, lets you enable or disable this feature. Turn ANC on, and even the most annoying sounds (or coworkers) will fade away. I used these on a commuter train ride and even without any music, I was transported to a silent oasis, smack in the midst of typical rush hour chaos. The ANC circuitry is powered by an internal battery. This battery is charged via the phono plug when the device is used with the UC adapter while using it, and has a micro USB port to charge as well. I have had ANC on all day and not had any issues with battery life. If the ANC does run out of juice, simply turn it off and you still have a fully functional headset.
The evolve 80 folded flat - the right side LED is the ANC switch



Dual Use
As mentioned, the actual headset has a 3.5mm phono plug and the mic folds away. These two features allow you plug the headset into your phone or tablet and use it like any other headset. Only you know its “true” dual role as a quality UC audio device!  


Listen In
Located on the outside of the right ear cushion, is a “tap to mute all” button.  This allows you to have a conversation with a colleague, for example, as this button mutes BOTH ANC and Music/Audio.


Mic Mute
By folding the mic boom to the up position you turn off just the MIC. This is especially useful if you are using the headset as a listening device only,


Sidetone Adjustment
As mentioned by JonMck over at ucomsgeek, the driver for this device allows the adjustment of the “sidetone” of the headset. This is amount of audio picked up by the microphone that is “echoed’ back to you, while you talk. Most mobile phones do a poor job of this , which at least partly to blame for people talking so annoyingly loud on mobile devices, as they have no “feedback “  as   how loud they are talking (at least I’d like to believe that is the reason!) Head over to there to learn how to adjust this to suit your personal taste.
Note: this is more of a generic audio tip than something specific to this headset, as most newer UC certified “headset” devices will have this adjustment. I call it out here because it’s not well known or easily exposed in windows. 

 Jabra Control Center Software

Like almost everything else these days, this headset is firmware controlled and updated. The Jabra PC suite is available to flash the device. I am pleased to note that a few updates have come out since I first got this device about 2 months ago. There is nothing  more frustrating than a firmware based device that never gets updates( I’m looking at you , cardosystems) At least the good folks at Jabra are working to better  their products.
It should go without saying, but I’ll say it here anyway, that the first time you use any device you should install the latest available. When I first plugged in the UC link adapter, I did not get my phone controls, a simple update solved that!  
The Jabra Control center allows you to manage muliple Jabra  devices, check for   firmware updates and provides several “tweeks” such as pausing windows media player when on a call,  and enabling or disabling tones when buttons are used.
 

My Wish List

While devices are getting better every day, personally I have yet to find one that is “perfect”. Based upon the myriad of devices I have used in the past, here is my personal wish list for ads or changes to the way the Evolve 80 UC works. If the folks at Jabra care to read this, I would love to hear their take on some of these items.
  
  • As mentioned above, the UC adapter has a manual “busy” light. Pressing the Jabra Logo on the adapter will turn both it and the corresponding light on the headset red. Presumably to let your colleagues know you are busy. In the world of S4b, we love automation, especially in terms of presence. I would love the headset to light up automatically when I am in a call.
  • Related to  above, why not dual color (RED/GREEN) led announcing my presence like my client or the busylight does?  
  • Other headsets allow you to Bluetooth pair your headset so that you can take calls on your mobile and still wear the headset. I miss that feature with the Evolve series.  
  • Another feature I love about some other devices is that they are “aware” if you are wearing them or they are on the table. I would love to see the Jabra 80 “know”  that I am not wearing it if it is folded flat, then if a call is coming in,  and I open the headset to put it on my head, it answers the incoming call. (It’s these seemingly little things like that which make you appreciate modern communications systems! – especially Lync!)
  • Reversible – As mentioned above, the boom MIC folds up to mute, but it only goes 180 degrees. If the mic went 270 degrees, I could swing it over and swap left and right. , for times that my adapter NEEDS to be on the right side, as the wire comes from the left ear cup, you need to readjust your layout if you prefer the USB puck on the right. Since more people are right handed I would think this would be most common. This means the “default” setup is likely a wire from your left side connecting to the adapter on the right. Note: I understand that left and right are being “enforced” here due to this being a stereo device, but why not allow me to swap left and right in software?
  • Tap to mute – I like this feature, and want to see more of it. Specifically if I do enable this mode, I would like an indicator on the puck. A few times I have engaged the feature by accident, and spent a minute or two troubleshooting why I had no audio. There is NO indication anywhere when this feature is engaged
  • The  levels tab in audio device is where sidetone is adjusted , as it is such an important aspect of the user experience , this setting should be exposed  in the Jabra control center

Final Thoughts

None of my “wishes” are deal breakers in any way, as this device is ready for prime time in the right situation. If you are looking for a  top quality , multi-function , Lync certified,  Binaural headset,  for  Executive , home , office , or nomadic,  users, the Jabra Evolve UC 80 is a fine choice. This is the headset I want to travel with!