For some time ago I was in the process of setting up a Hybrid “Skype for Business Online” and “Lync 2013 On-oprem” environment.
When it was time to activate the Lync-federation with the New-CsOnlineSession cmdlet I got rejected with a (404) Not Found
$credential = Get-Credential
$cssession = New-CsOnlineSession -Credential $credential -Verbose
I received the following output:
VERBOSE: Determining domain to admin
VERBOSE: AdminDomain = ‘domain.onmicrosoft.com’
VERBOSE: Discovering PowerShell endpoint URI
Get-CsPowerShellEndpoint : The remote server returned an error: (404) Not Found.
At C:\Program Files\Common Files\Skype for Business Online\Modules\SkypeOnlineConnector\SkypeOnlineConnectorStartup.psm1:94 char:26
+ $targetUri = Get-CsPowerShellEndpoint -TargetDomain $adminDomain
+ CategoryInfo : NotSpecified: (:) [Get-CsPowerShellEndpoint], WebException
+ FullyQualifiedErrorId : System.Net.WebException,Microsoft.Rtc.Management.OnlineConnector.GetPowerShellEndpointCmdlet
The solution to this wasn’t easy to find since 404 usually means network issues.
The Office 365 support was very help full and we discovered after a few hours that the Skype for Busniess Online tenant wasn’t “Active”.
So the solution was to give a user, any user, a license for Skype for Business so that users shows up in the Skype for Business admin portal.
I’ve been working on a script for our customers so we more accurately can measure the load on IIS Websites using Nagios.
Currently the script only gets the performance data and outputs an OK (exitcode 0). In the future I will implement WARNING and CRITICAL the performance values we need.
Example graph from a labserver.
Feel free to use and modify this script as you like.
Today I installed two new Exchange 2016 servers at one of my customers. They are going to migrate from a classic Exchange 2010 CAS+Mailbox setup.
When I tried to login at the ECP when the first Exchange server was up and running I was thrown out directly in a matter of seconds.
The first thing I did was to create a completely new Active Directory User with only the Organization Management group as permission, no mailbox either.
That didn’t solve the problem. The next step was to reset the OWA and ECP Virtual Directories (
New-OWAVirtualDirectory) but as I expected no success.
How to Reset Client Access Virtual Directories
So I turned to my favorite search engine and stumbled upon this Technet thread.
In short the problem is related to the signing of the certificate used by the Exchange IIS Service.
The signing is done with “Microsoft Software Key Storage Provider” which makes the login to loop back. To make it work you need a certificate signed by “Microsoft RSA SChannel Cryptographic Provider”.
The solution is to request a certificate with signing mechanism “Microsoft RSA SChannel Cryptographic Provider”. A more complete deep dig for this is already done by Jason Slaughter at Microsoft, “The One With The FBA Redirect Loop“.
Another nice thing I found while searching was how to change the display language on a EAC Administrator account who does not have mailbox.
Add ?mkt=EN-us after ECP. Example: https://mail.contoso.com/ecp?mkt=EN-us