Lync Federation 504 error

I was unable to federate a Lync installation. I kept getting a 504 error as seen below.

The source of the problem was actually two things. The first was outbound port 5060 was blocked by the firewall on the Lync Edge server. Once that was list was opened, I got a successful response when I ran

Test-CsFederatedPartner -TargetFqdn lyncedge.addomain.local -Domain

(side note: I previously had this configured using the instructions found here.)

A successful response looks like this

After that, I had some external domains (that I knew were lync open federated) work and some did not. The one that did not appeared to have the same 504 error.

Upon further investigation with logging on the edge server and using snooper, I found this:

It turns out that this destination domain is configured with a go-daddy certificate (YUCK!!!)

Since Windows 2008 R2 does not have these roots installed on them, I found this error when I went to this URL

See the Red Warning on the cert?

That’s because the ROOT cert is not installed on the edge server.

Looking at the details on the root cert I see this:

Downloading that root cert is the first link on the website, the one whose thumbprint ends in “EE E4”

From there, you open the local computer certificate mmc, and install it… see the following images

Now that it is installed, and I verify the thumbprint

All looks good.

And the test of federation to this external domain works

So in summary, the error was two things, port 5060 outbound was being blocked, and the edge server did not have the destination domain root certificate installed. (Just one more reason in a long list I have to not do business with go-daddy)


My advice to all 2013 grads….

I have been out of college for 25 years. My first job (and first career) was with a large power utility company. Shortly after I was hired, the company was affected by deregulation of the utility industry. They had prided themselves on never having a layoff, even during the great depression. With deregulation came a new CEO, and with the new CEO came much change. I saw people that has 20+ years with the company fired, they called it involuntary separation. Their reality and their world came crashing down around them.

Fast forward 25 years and I see the same thing happening today with state employees. Our state governor is taking on the same lean and mean approach to the state budget, although not as harsh, they are seeing their health insurance go up, furlough days mandated, and ultimately their relative waged decreased.

I read somewhere “Everyone has a temporary job, just most of us are in denial.”

So rather than looking for “job security”, strive for “job marketability”. In fact, read this book by Dawn Rasmussen.

This way when things get sour where you work, whether it be involuntary or voluntary separation, getting that next job in your career is not as painful.

SkyDrive Pro client for Windows now available

Today, Microsoft announced the release of SkyDrive Pro client for windows.

This is great for K1 (kiosk) licensed users of Office 365. While they might not have Office 2013, can still access their files on the local machine.

It can also be installed side-by-side with previous versions of Office (Office 2010, Office 2007).

Read the official blog from Microsoft here.

Move Fails in office 365 with empty domain

I have had a few failed moves in office 365.
This is a hybrid configuration with adsync enabled.
Note the extra space where the arrow is in the first image, normally it would say something like “…domain abc.local because…”
In this case, it is just an extra blank space
Here is how I fixed it.
· I disconnected the mailbox from the user. (that is a disable in EMC)
· Forced sync to the cloud on the adsync server (see second image)
· Reconnected the mailbox to the original user in “disconnected mailbox” section of EMC
· Forced sync (again) to the cloud on the adsync server
· Then attempt a move and I it was successful !!

HP hot keys – disable screen notification of change

I have found my new laptop’s “caps on” and “caps off” to stall my keyboard input until I am done seeing it disappear, I found a way to disable it.

Document ID: c03462568 at HP support

If you want to disable certain notifications, you must directly modify the Windows Registry as there is no method for doing this inside the program itself. The following are the Registry settings than can be changed to implement the desired results:

Registry Key: HKEY_LOCAL_MACHINESOFTWAREPoliciesHewlett-PackardHP HotKey Support

  • Value Name: VolumeOSD DWORD 0
  • Value Name: AmbientLightSensorOSD DWORD 0
  • Value Name: BrightnessOSD DWORD 0
  • Value Name: CapsLockOSD DWORD 0
  • Value Name: NumLockOSD DWORD 0
  • Value Name: ScrollLockOSD DWORD 0

Setting the value to ‘0’ disables it. To reenable it, set it to ‘1’,


ADMT and FSMO roles

I recently ran a cross forest ADMT migration, because of subnetting conflicts between the two companies, not all domain controllers were accessible. In order to migrate SID history, the ADMT migration server must contact the FSMO master of the source domain. After several attempts and a sniffer trace, I found this to be true. Specifically its one of the domain level fsmo roles, so I assume it’s the pdc emulator. ADMT 3.2