AudioCodes Mediant 1000 MSBG – Audio Quality Issue

So it’s been a long time since I last posted an article on the site, Microsoft Lync Server 2010 has been keeping me busy to say the least. During a recent deployment I experienced an issue with audio quality for both inbound and outbound calls when utilising an AudioCodes Mediant 1000 MSBG gateway running firmware version 6.2. The best way I can describe the problem was that when the call was answered it sounded like the person on the other end was stood next to a jet engine, there was a lost of noise and loss on the connection. When running  a syslog on the mediant, in debug level five, and reproducing the issue I could see the following events:

SRTP Error – failed decrypting RTCP packet: authentication failure (2) [Code:3700e] [CID:30]
SRTP Error – failed decrypting RTCP packet: wrong SSRC (11)
SRTP_PCK_DROP_AUTH:1  [Code:5004] [CID:30]
ErrMgs=9 Invalid RTP version (= 0)

When initially looking at these errors I was thinking either a coders or certificate issue could be causing the problem. This was actually incorrect, after some investigation it turned out that my TDM Bus Settings were not configured with the correct LAW attributes. To resolve the issue I performed the following:

1. Log in to the AudioCodes Mediant 1000 MSBG device.

2. On the left hand side of the screen select the “Full” radio button.

3. Ensure you have select the configuration tab and expand the “VoIP” container.

4. Expand the “TDM” container and then select “TDM Bus Settings”.

5. In the TDM Bus Settings page, if you are located in Europe set the “PCM LAW Select” value to “ALaw”. If you are based in the United States this should be set to “ULaw”.

6. Set the TDM Bus Clock Source value to “Network” and click submit in the bottom right hand corner of the screen.

7. At the top of the screen click the “Burn” button to save the configuration to flash and then reset the gateway.

That’s it, your poor quality audio issue should now be resolved.

Windows Server 2008 R2 – RRAS Duplicate DNS Entries

I recently installed the Routing & Remote Access service on a Windows Server 2008 R2 domain controller. While this is not a recommended approach, it was unfortunately the only server available to host the role. Shortly after installing the role and binding it to the DHCP service, I noticed that when pinging the domain controller it was returning an IP address in the DHCP range. On further inspection it appeared the IP address assigned to the virtual RRAS adapter was registering against DNS and therefore creating two entries for the domain controller. To resolve this issue, the following steps were performed.

1. Navigate to Start -> Administrative Tools and click the DNS option.

2. When the DNS console opens, expand the “Forward Lookup Zones” container and then expand your local domain name.

3. Locate the incorrect host A record for your domain controller and delete it by right clicking the record and selecting delete.

4. In the DNS console, right click the servers name and select properties.

5. In the properties window click the listeners tab and select the “Only the following IP addresses” radio button.

6. In IP addresses list remove the incorrect IP address and then click ok and exit the DNS console.

That’s it, you should no longer experience duplicate DNS entries for your domain controller.

D-Link ShareCenter Pulse – Review

I recently picked up D-Link DNS-320 ShareCenter Pulse 2-Bay NAS for some home storage. I have been quite impressed by the device, particularly due to the price, and have written a short review of the ShareCenter below.

1. Price & Quality

The DNS-320, which is the two hard drive bay version of the ShareCenter, cost me £63.99 from a large online retailer. Compared to other small home NAS devices on the market this is very cheap, especially when compared to rival NetGear products. The device itself is very compact and comprised of black ABS plastic with a gloss finish, adding to the light feeling of the product. It feels sturdy enough to survive a drop, but it isn’t as good a build quality as a NetGear ReadyNAS Duo, however the quality of both products are certainly reflected in their respective prices. The ShareCenter also contains a standard eluminted power light and LED indicators for both drive bays.

2. Technical Specification & Setup

The ShareCenter carries a decent amount of features, again when looking at what price range it sits in. Some of the key features that impressed me with the device are the following:

Support for upto 4 Terrabytes – 2 x 2 TB hard disk drives
RAID 0, RAID 1 & JBOD Support
Gigabit Ethernet Connectivity
HTTPS Web Management
Email/SMS Notifications
Group Based File & Share Permissions
DLNA Certified
D-Link Green Power Efficiency

The setup of the device was extremely easy, after unboxing the product adding the hard disks drives took seconds. The top of the ShareCenter slides off exposing the two SATA data and power connectors for the hard disk drives. To install the disks, it was a simple case of plugging them directly into the SATA connectors and sliding the lid of the ShareCenter back in place. The only remaining parts of the setup after this was to connect both power and Ethernet, and then turn the device on. Once the device was powered on, D-Link provide an easy setup wizard on an bundled CD-ROM that discovers the NAS on your network and guides you through processes such as IP addressing, RAID setup and domain membership, if required.

3. Device Management & Performance

Out of the box my ShareCenter was running the base firmware version of 1.00. The web interface for this version of firmware is admittedly very basic and not aesthetically pleasing. The first thing I did was to download the latest version of firmware (Version 2.00) from the D-Link website and apply it to the device. Firmwaring the device was very simple, just downloading the firmware file and selecting it through the web management interface was all that we needed. After applying the firmware update a major GUI change is applied, amongst many bug fixes and new features. A screenshot of the new management GUI is featured below.

Performance of the NAS, contrary to other reviews for the DNS-320 on the internet, was actually quite good. I have populated my ShareCenter with two Samsung HD204UI Spinpoint F4 2TB Hard Drives which is connected over a 100 megabit network. When transferring a single 40 gigabyte file to the NAS I was getting a solid 10.2 megabytes a second. When transferring 1.8 gigabytes of data to the NAS, which was made up of around six hundred individual files, I received 9.25 megabytes per second.

4. Overall

Overall the D-Link ShareCenter Pulse is a great device for a small amount of money when compared to other 2 bay NAS solutions on the market. It’s high storage capacity, management, power efficiency and DNLA compliance make for a great device if your looking for some cheap networked storage.

For more information on the D-Link ShareCenter, click here.

VMware ThinApp – Microsoft Office 2010 Setup Guide

After successfully being able to create a full Microsoft Office 2010 suite ThinApp, I have written a setup guide to detail the steps that had to be taken in order to get all Office applications working and to allow standard windows users (non local administrators) to activate office when launching the ThinApp for the first time. This article has been written using information for VMware sources and my own experience. The following ThinApp capture has been performed on a fresh installation of Windows XP SP3 with VMware ThinApp 4.6.1.

1. Download and copy the Microsoft .NET Framework 3.5 and Microsoft Office 2010 installation files to the ThinApp capture machine.

2. Ensure you have internet access on the ThinApp capture machine.

3. Install VMware ThinApp on capture machine.

4. Run the Setup Capture wizard, start and complete the pre-scan process.

5. When the pre-scan is complete, on the Install Application page of the Setup Capture wizard, minimize the wizard and install Microsoft .NET Framework 3.5.

6. The Microsoft .NET installation generates the mscorsvw.exe process that continues for an extended period, we need to stop the process with the ngen.exe tool. Open a new command prompt window and type the following command and press return:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe executequeueditems

7. In order for Office 2010 to activate correctly we need to edit the Config.xml file and specify your Multiple Activation Key (MAK). By default, the Microsoft Office 2010 Config.xml file is stored in the core product folder in the Microsoft Office 2010 installation media. Explore the Office 2010 installation media on the capture machine and you should see a folder named similar to “core_product_folder_name.WW folder”. For example, if my Microsoft Office 2010 media was Professional Plus, the folder name would be “ProPlus.WW”.

8. Open the core product folder and locate the Config.xml file. Open the Config.xml with Notepad and add the following lines to the to the file file and save it to your local C:\ drive:

<PIDKEY Value=”Enter 25 Character MAK Here” />
<Setting Id=”USEROPERATIONS” Value=”1″ />

Note: Do not enter any spaces or hyphens when entering the license key in the PIDKEY value, this must be all one string such as ABCDEFGHIJK.

9. To start the Microsoft Office 2010 setup wizard and apply the settings in Config.xml, open a new command prompt window and type navigate to your Office 2010installation media by using for example “cd d:\”. When in the installation media directory enter the following command and press return.

Setup.exe /config c:\config.xml

10. When the installation starts click to accept the terms of the agreement and click next.

11. On the Choose the installation dialog box, click the Customise button.

12. Select Microsoft Office and then select “Run all from My Computer” as the installation option.

13. Click “Install Now” to install Microsoft Office 2010, this will likely take some time.

14. When the installation is complete click “Finish”. Proceed and click the Start menu, select the Run option, and then type services.msc and click ok. When the services snap-in opens scroll down the list of services and locate the “Office Software Protection Platform” service, right click this service and select stop.

15. Maximise the ThinApp Capture wizard that we minimised in step 5 and then click to start the post scan process.

16. Once the post scan process has completed, change the Inventory name to something appropriate for your use, for example Microsoft Office 2010.

17. Before building the ThinApp project , copy the OfficeSoftwareProtectionPlatform folder from C:\Documents and Settings\All Users\Microsoft to the folder %Common AppData%\Microsoft. To get to the” %Common AppData%\Microsoft folder” open the ThinApp Setup Wizard and click the “Open Project Folder” button, in the resulting window you should then see a folder named “%Common AppData%”  double click this folder then double click the “Microsoft” folder inside. Simply copy and paste the “OfficeSoftwareProtectionPlatform” folder into this location.

18. On the capture machine open the registry editor and navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Search\Preferences

In this location, right click in a white space area an create a new Multi-String Value with the name of, without quotes, “isolation_writecopy”. Right click the created “isolation_writecopy” key and select “Modify”. When the modify window opens, in the value area, enter the following information and click ok:

Value=PreventIndexingOutlook
REG_DWORD=#01#00#00#00

19. In the same registry editor window navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\OfficeSoftwareProtectionPlatform

In this location, right click in a white space area an create a new Multi-String Value with the name of, without quotes, “isolation_full”. Right click the created “isolation_full” key and select “Modify”. When the modify window opens, in the value area, enter the following information and click ok:

Value=UserOperations
REG_DWORD=#01#00#00#00

20. In the same registry editor window navigate to the following key:

HKEY_CURRENT_USER\Environment

In this location, right click in a white space area an create a new Multi-String Value with the name of, without quotes, “isolation_writecopy”. Right click the created “isolation_writecopy” key and select “Modify”. When the modify window opens, in the value area, enter the following information and click ok and then close the registry editor:

Value=ALLUSERSPROFILE
REG_SZ~%Common AppData%

21. Maximise the ThinApp Setup Wizard and click on the “Edit package.ini” button before starting the build process. In the ini file change the “MSIStreaming” value to 1 if you want this to be streamed ThinApp otherwise this will be a local ThinApp.

22. Click the “Build” button in ThinApp and wait for the build process to complete.

23. The ThinApp creation process is now complete and the applications should work and activate correctly on Windows XP systems. If you intend to use the Office 2010 ThinApp on Windows 7 operating systems, some additional changes need to be made to ensure that the product activation works correctly.

24. For Windows 7 machines only, in order for the ThinApps to launch and activate Office 2010 correctly you will need to disable the “Windows Search Service” and completely disable User Account Control (UAC). Disabling these two properties can be achieved by using Group Policy Objects as detailed here and here.

That’s it, you should now have a fully functionaly Microsoft Office 2010 VMware ThinApp that works on both Windows XP and Windows 7 operating systems.

VMware P2V – Linux Conversion Issue

I recently had to P2V a physical CentOS 5.3 server into a VMware vSphere 4.1 virtual environment. On completing the P2V, which took over four hours, I was presented with an “Error loading operating system” message when powering on the virtual machine. I had initially assumed this was an issue that had occurred during the conversion, however some further investigated revealed this was not that case. When converting the machine from a physical to virtual platform the boot partition location in the GRUB loader was no longer valid, as of course all hardware properties had now changed. To resolve the “Error loading operating system” message the following steps were performed:

1. Download the latest version of CentOS, in my case this was CentOS 5.6 CD 1.

2. Upload the CentOS ISO to a datastore in your virtual environment and attached it to the converted virtual machines CD/DVD drive.

3. Power on the converted virtual machine and press ESC to show the VMware boot device selector. Select and press return on CD/DVD-ROM drive, this will now load the attached CentOS ISO.

4. When CentOS loads, at the boot prompt type without quotations “linux rescue”, and press return.

5. Select to mount all file systems in read-write mode and press return.

6. To re-install GRUB type the following without quotes and press return, “grub-install /dev/sda”.

7. Once the installation has finished type “reboot” and press enter to restart the virtual machine.

That’s it, the GRUB loader should not be repaired and your virtual machine should successfully boot.

Remote Desktop Services – Remote Desktop Can’t Find The Computer

I recently encountered an issue where users attempting to connect to a server via the “Remote Desktop” tab in the RD Web Access site were presented with a “Remote Desktop can’t find the computer” error when attempting to connect to a resource, as shown in the below screenshot.

After performing some research it appeared that the DefaultTSGateway property in the RD Web Access IIS site needed to be populated with the external fully qualified domain name of the RD Gateway server. By performing this, the request made for a server via the Remote Desktop tab in the RD Web Access site was then directed through the RD Gateway server. To achieve this, and resolve the issue the following actions were performed.

1. Connect to your RD Web Access server and open the IIS 7 management console.

2. Expand Server Name -> Sites -> Default Web Site -> RDWeb -> Pages -> en-US

3. In the Application Settings pane, click the DefaultTSGateway entry and select edit from the action pane on the right hand side, as shown in the below screenshot.

4. In the edit DefaultTSGateway box that is now presented, in the value section, enter the external fully qualified domain name of your RD Gateway server. For example, rdsgateway.domain.co.uk and click ok.

5. Test resource access from the RD Web Access site to a server via the Remote Desktop tab. You should now be able to connect and authenticate correctly. One thing to note is that you will only be allowed to connect to internal resources that have been specified in your Resource Authorisation Policy (RAP) in the RD Gateway manager.

That’s it, your all done.

Microsoft Exchange 2010 – Migration Mail Flow Issue

I recently experienced an issue when sending e-mails from an Exchange 2003 mailbox to an Exchange 2010 mailbox during a 2003 to 2010 migration. Messages could be successfully sent from Exchange 2010 mailboxes to Exchange 2003 mailboxes but not the other way around, the messages would simply queue on the Exchange 2003 server. After a period of investigation it appeared this issue was occuring due to a smart host not being set against the SMTP connector in the Exchange System Manager on the Exchange 2003 server. To resolve the issue a smart host was configured on the SMTP connector via ESM to be the customers internet service providers upstream mail relay. The steps taken to resolve this issue are detailed below:

1. Connect to your Microsoft Exchange 2003 server and open the Exchange System Manager.

2. In the Exchange System Manager expand Servers -> Server Name -> Connectors.

3. Right click your SMTP connector and select properties.

4. On the general tab check the “Forward all mail through this connector to the following smart hosts” radio button and enter your internet service providers upstream mail relay, for example smtp.myisp.co.uk.

5. Test mail flow between the Exchange 2003 and Exchange 2010 environments.

That’s it, hopefully your migration mail flow issues will now be resolved.

Remote Desktop Services – RemoteApp Certificate Issue

I was recently involved in a Remote Desktop Services deployment for three hundred users. After configured Remote Desktop Services and publishing a RemoteApp, which had been digitally signed with a Go Daddy certificate and deployed via an MSI, I was prompted with a “Do you trust the publisher of this RemoteApp program” warning as shown in the below screenshot.

Obviously this was going to be an inconvenience for users, so to resolve this issue I performed the following actions.

1. Create a new Group Policy object via the Group Policy Management Console.

2. Edit the GPO and navigate to the following location, User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client.

3. Within the Remote Desktop Connection Client folder double click the “Specify SHA1 thumbprints of certificates representing trusted .rdp publishers” group policy object and check the enabled radio button.

4. Now open the SSL certificate you are using for RemoteApp signing, click the Details tab and then scroll down the details pane until you see the “Thumbprint” item. Click the thumbprint entry and you should now see a large alphanumeric string, copy this string and paste the contents into the “Comma separated list of SHA1 trusted certificate thumbprints” box in the GPO we were editing in step 3.

5. Now that you have pasted the thumprint string into the GPO, remove all space and capitalise all lower case letters of the string. For example, if your thumprint looks like this, “95 1f 22 02 c3 6e a6 b0 64 0c db 8e b5 4a bb 98 0c bd ed af” once you have pasted it into the GPO, you need to modify it to read like this, “951F2202C36EA6B0640CBD8EB54ABB980CBDEDAF”.

6. Close down the GPO editor and then link the created GPO to a users organisational unit where the RemoteApp users reside. Log a RemoteApp user off and back on again and test the RemoteApp program, you should now hopefully see that the certificate warning is suppressed and the application loads straight away.

That’s it, your all done.

Lync Server 2010 – ABSConfig Issue

I was recently using the ABSConfig.exe tool, which is a part of the Lync Server 2010 Resource Kit, to make some modifications to the address book for number normalisation. After playing around for a while I decided, to be safe, I would use the “Restore Defaults” button on the ABSConfig tool to put me back to where I started. Soon after clicking the button it appeared all was not well. I noticed that when querying users in the Lync 2010 client, that opposed to it showing a users given name, it was actually showing their job title. I also noticed that corporate photo graphs for new users, ones that were not in my clients ABS cache file, were not being displayed. It tuns out that the ABSConfig.exe tool in the Lync Resource Kit had been released by Microsoft still containing the OCS 2007 R2 database modification. Effectively, clicking Restore Defaults in the ABSConfig tool in a Lync front end server caused the RTC database to be overwritten with OCS attributes resulting in a pretty much destroyed address book.

I located a great blog post here, which provides an SQL query to restore the address book attributes in the RTC database back to Lync RTM. This worked great for name lookups but my corporate photographs would still not sync. After a weekend of investigating the issue, I decided to contact Microsoft Partner Support, who provided me with a SQL query that resolved all my address book and corporate photograph issues. The solution provided is detailed below:

1. On the standard edition server, or the server which holds the RTC database, install the Microsoft  SQL Server 2008 Management Studio and connect to the RTC database.

2. Click on “New Query” and paste the following SQL into the query window and click the execute button. The execute button is the small green “play” icon.

use rtc
exec dbo.RtcDeleteAbAttributes
exec dbo.RtcAddAbAttribute 1, N’givenName’, 0x01400000
exec dbo.RtcAddAbAttribute 2, N’sn’, 0x02400000
exec dbo.RtcAddAbAttribute 3, N’displayName’, 0x03420000
exec dbo.RtcAddAbAttribute 4, N’title’, 0x04000000
exec dbo.RtcAddAbAttribute 5, N’mailNickname’, 0x05400000
exec dbo.RtcAddAbAttribute 6, N’company’, 0x06000000
exec dbo.RtcAddAbAttribute 7, N’physicalDeliveryOfficeName’, 0x07000000
exec dbo.RtcAddAbAttribute 8, N’msRTCSIP-PrimaryUserAddress’, 0x08520C00
exec dbo.RtcAddAbAttribute 9, N’telephoneNumber’, 0x09622800
exec dbo.RtcAddAbAttribute 10, N’homePhone’, 0x0A302800
exec dbo.RtcAddAbAttribute 11, N’mobile’, 0x0B622800
exec dbo.RtcAddAbAttribute 12, N’otherTelephone’, 0x0C302000
exec dbo.RtcAddAbAttribute 13, N’ipPhone’, 0x0D302000
exec dbo.RtcAddAbAttribute 14, N’mail’, 0x0E500000
exec dbo.RtcAddAbAttribute 15, N’groupType’, 0x0F010800
exec dbo.RtcAddAbAttribute 16, N’Department’, 0x10000000
exec dbo.RtcAddAbAttribute 17, N’Description’, 0x11000100
exec dbo.RtcAddAbAttribute 18, N’manager’, 0x12040001
exec dbo.RtcAddAbAttribute 19, N’proxyAddresses’, 0x00500105
exec dbo.RtcAddAbAttribute 20, N’msExchHideFromAddressLists’, 0xFF000003

3. From the Lync Management Shell run the following command: Update-CsUserDatabase

4. Open up the servers event viewer and wait until you can see Lync events 30024, 30027 & 30028 before proceeding with the next step.

5. From the Lync Management Shell run the following command: Update-CsAddressBook and wait around ten minutes before proceeding with the next step.

6. Open a Lync 2010 client and wait for the address book to download, this should have now resolved all address book issues.

Thanks to Mike Halfacree at Microsoft UC Support for the resolution.