Monday, October 31, 2016

Move-CsUser : HostedMigration Fault: Error=(506) - Cannot Migrate Skype for Business User From Online to On-Prem

The Error

I recently had the pleasure of running into this seemingly elusive "506" error when trying to migrate users that had already been configured for Skype for Business Online to a brand new On-Prem environment after configuring Hybrid. I say "elusive" because I could not find a solution on Bing or Google (yes, I started with Bing!). The actual error read as follows:

Move-CsUser : HostedMigration fault: Error=(506). Description=(The user could not be moved because there appears to be a problem with this user account. Please verify the attribute settings on the account and then try again.)

The Scenario

Let's get a good handle on what this environment looked like, and what it was currently at the time of this error, as this information is key. This organization had Hybrid Exchange setup, but all the mailboxes were homed in Exchange Online. They had also been using Skype for Business Online exclusively; there was no on-prem Skype for Business infrastructure. Lastly, Azure AD Connect was properly set up, and syncing without errors. All good and pretty!

Now, the goal here was to implement an on-prem Skype for Business deployment so that users in a particular geography could use the on-prem voice infrastructure. The plan was to implement the on-prem infrastructure, configure Hybrid for Skype for Business, and then move the users in this particular geography to the on-prem infrastructure while leaving all other users in the Online environment. Everything up to the step in which users are moved to On-Prem worked fine.

The Troubleshooting

So, Hybrid was configured, the on-prem environment worked well on its own, and the Online users were registering through the on-prem environment without a hitch. Why then, could we not simply move the users to the on-prem environment? Looking at the above error, the complaint seems to be centered around a problem with attributes. Ok, first thing, go back and ensure that your Azure AD Connect configuration is syncing successfully.

A quick look in Office 365 Admin Center verifies that the sync is happening at regular intervals, and happening successfully. Next, lets go to the actual AADC server, and make sure that the attributes for Skype for Business are all syncing successful...WAIT!!! Of course the Skype for Business attributes are not syncing! Remember, AADC was setup and configured to sync BEFORE the on-prem Skype for Business infrastructure was ever in place! Remember, one of the first things we do when installing Skype for Business Server 2015 is to extend the Schema so that all the new Skype for Business-specific attributes will be present within AD. Since AADC was installed and configured before this Schema Extension took place, AADC is not aware of these new Skype for Business attributes.

So, we go onto the AADC server, and from the START menu we find the Synchronization Service for Azure AD Connect:

Click on it to open up the GUI:

Now, let's navigate to Connectors at the top of the tool, and for each Connector (we'll do both for good measure, but highlight one at a time and perform the action), click on Refresh Schema from the list of action items on the right side of the tool:

Read the warning text, and then click OK to implement the Schema Refresh:

You will then need to provide credentials to connect to the Directory for the specific connector. The below image reflects that we are attempting to connect to the on-prem Active Directory, and the password must be provided. Don't forget to change the User name to a Domain Admin in your org as well; I did not do this for the below image, but did afterwards:

As you can see below, the Schema's are compared, and in the case of my test lab, there were no Schema updates, but in the scenario described in this blog post, you will see the Schema changes that were detected.

The Fix

Ok, once I updated the Schemas I waited for the next sync to occur from AADC, to make sure all the new attributes were synced to Skype for Business Online. However, after waiting for the successful sync, and trying the Move-CsUser operation once again, it STILL failed!

This is the point at which I put in a ticket with Microsoft through the Office 365 Admin Center. As usual, they responded very quickly. After going through the environment together for a while, the Microsoft tech zeroed in on one fact that I did not think anything about when I saw it. First we opened up Azure AD Connect, and then clicked on View Current Configuration:

Finally, something on the next screen stuck out to him. Can you guess what it is from the below image:

Well, if you didn't guess it, welcome to the club. It was the fact that Exchange Hybrid Deployment was disabled! Yep. EXCHANGE HYBRID.

Of course, I argued that this shouldn't matter, as this should be for Exchange Hybrid settings; there is no checkbox for Skype for Business Hybrid. At this point, the tech acknowledged that even though this field is labeled as "Exchange", it actually pertains to the environment as described above as well. Unfortunately, there was no technical documentation to back this up, at least that he knew of, but at this point I figured, "What the heck, what will it hurt to try it at this point?!" Hitting Previous in the Azure AD Connect GUI, I then clicked on Customize Synchronization Options, and then Next.

Of course, we must authenticated again:

After putting in credentials for Office 365, making sure that your on-prem AD domain is already added in, and skipping on down to the Optional Features tab, you will see that the Exchange hybrid deployment checkbox is not checked. (NOTE: in my lab environment, I do not have Exchange or Skype for Business installed, so this option is Greyed out. In the real-world environment described throughout this post, this option is NOT greyed out.) Check it, and then click Next:

On the Ready to Configure screen, make sure that you leave the checkbox checked for starting a sync, and then click Configure:

When the configuration is complete, just click Exit, as seen below, and wait for the synchronization to finish. Depending on the size of your environment, the synchronization could take a while. I want to say it took at least 15 minutes to re-sync an environment of about 1,400 people with all the new attributes.

Now, I wish I had some big fancy finish to this post, but honestly, the fact is that after I enabled Exchange Hybrid Deployment in Azure AD Connect, all the needed attributes finally synced to Office 365, and I was then able to successfully move users from Online to on-Prem. Honestly, I am still a little skeptical, simply because the setting is so blatantly labeled as "EXCHANGE" Hybrid, but I suppose it wouldn't be the craziest thing I have seen from configuration settings on Microsoft products...

At any rate, if any of you find yourselves in this so-called "Reverse Hybrid" process, and get the 506 Error due to attributes being off, it is likely that your Azure AD Connect config needs to be updated to:

1. Refresh Schema


2. Enable Exchange Hybrid Deployment checkbox.

Stay techy, my friends!

Thursday, October 6, 2016

UPDATED: Skype for Business Hybrid Handbook, Version 2.1

I have just published Version 2.1 of my FREE eBook on the TechNet Gallery, the Skype for Business Hybrid Handbook. This is a minor revision, with various updates and tweaks throughout the book. Most notably, though, are the updated Features Comparison sections for both Skype for Business Online Cloud PBX, and Exchange Integration.

If you have never grabbed your free copy of the earlier versions of this eBook, you just may find it to be one of the most comprehensive resources for your various Hybrid needs in the Skype for Business world. If you have downloaded a copy in the past, its time to get the most up-to-date version!

As always, feedback is key. Feel free to let me know what you think here, but also don't be shy about leaving a Rating on the TechNet Gallery site!

Stay Techy, My Friends!

Tuesday, October 4, 2016

RESOLVED: Transfer External Call From Polycom VVX Fails in CCE Environment

My Skype for Business Cloud Connector Edition (CCE) adventures appear to be far from over, and that is a good thing in my book. While the thoughts and opinions on CCE and its purpose have been varied, I personally see a lot of geographically-dispersed companies digging right on in, as they are wanting to become full-Office 365 adopters, but must account for the fact that PSTN Calling is still quite limited in its availability across the globe.

As this adventure continues, however, there is obvious product maturity that is taking place, not just on Microsoft's part, but also on the side of the Vendors whose products will integrate with the environment. In this brief post I want to call out a very specific scenario that some Polycom VVX users might find themselves in when they are kicking the tires on a brand new CCE environment. (Yes, this was a painful troubleshooting experience)

The Scenario

Note: This has only been tested on Polycom VVX 500 and 600s, though it may also pertain to the lower-end models, or other Polycom handset series.

Imagine a situation in which you have a Skype for Business user in your CCE environment, let's call them Jim Bob, and they have not adopted the "No More Phones" mentality yet. They have been using handsets for years, and they simply LOVE their Polycom VVX 600. After all, it is a pretty slick handset! At any rate, your CCE environment is set up properly, everything is working, and this user has been otherwise happy as a clam (I want to know who the psycho is that allegedly determined that clams are even generally happy creatures. Seriously, think about their existence; how on earth can that possibly...I digress).

One day, some one external to the company calls Jim Bob over the PSTN, and this call gets routed through CCE and to Office 365. At this point, Cloud PBX knows which endpoints Jim Bob is active on, and dials him on those. This is when his Polycom VVX 600 rings. Jim Bob cheerfully answers the phone, and after a few minutes of stimulating conversation, he realizes that the call actually needs to be forwarded to a colleague in a different department. No problem; Jim will just transfer the call!

The Problem

As Jim moves to transfer the call via the Call Control mechanisms on his VVX 600, he dials the number of his colleague, and goes to transfer the call. Unfortunately, though, the transfer does not go through, and Jim Bob now needs to figure out what to do with this caller! Please note, Jim Bob already confirmed that he was able to transfer a call from another internal user in his Skype for Business Online tenant within the same CCE deployment, so he was completely stumped about why he could not transfer a call from an external user.

The below diagram shows how the initial call came in, how it was routed to Jim Bob, and then how it would have traversed before being successfully transferred to his colleague. It also shows a big red "X" where the call ends up failing (if you do your homework and trace all the logs through CLS Logger on the CCE VMs):

The Resolution

Now, hopefully you found this blog before doing a whole lot of troubleshooting and digging into the logs, because if you did, you will realize that the issue is fixed by something as simple as firmware upgrade. You see Jim Bob's company tries to keep their phones updated with the latest firmware as much as they can, but there was a new firmware version from Polycom for the VVX phones, 5.4.5, that did not get released until October 3, 2016. While Jim Bob was experiencing the issue, this version was still and Beta and not publicly available, making the Call Transfer problem a difficult one to work around.

Version 5.4.5 is certified for Skype for Business, and will most definitely fix this issue if you have come across it. In addition to this issue, there are a good couple of pages of bugs that are addressed in this version. If you have a moment after updating your phone, check out the Release Notes; there is a LOT going on there.

Finally, here is a link to the latest Polycom UC Software Releases:  Please note, you do NOT want to go for 5.5.0; stick with 5.4.5, as it is actually certified for Skype for Business.

Well, I hope this has helped at least one or two of you on the CCE pioneering front! Till next time...

Stay Techy, My Friends!

Monday, October 3, 2016

Skype for Business at Microsoft Ignite 2016 - All the Right Information

The Expo floor at Microsoft Ignite 2016 in Atlanta, GA


Catching up on Microsoft Ignite 2016...

You might think that fresh off the heels of my trip to Microsoft Ignite 2016 in Atlanta, my first post would be about all the Skype for Business news coming out of Ignite this year. However, there is already a lot of good info out there from very reputable people on the subject, so I don't want to continue beating a dead horse. Instead I want to point you to the spots where the good info already exists.

 For a really good recap of all the Skype for Business-related news from Ignite, check out Mark Vale's (brand new MVP, BTW, Congrats!!!) blog post detailing the various topics:

Also, MVP Matthew Landis always has a great collection of notes from these conferences:

Now, if you want a REALLY good in-depth breakdown of the MAC news coming out of Ignite, check out Mr. John Cook's post (he is rumored to be an unashamed Apple fanboy):

Lastly, while I did not blog on the happenings at Ignite, I did interview Jamie Stark, Technical Product Manager of Skype for Business at Microsoft, and Matthew Landis of Landis Technologies. I also managed to get an Ignite-Edition of the #Skype4BRecap recorded on Thursday. Check out all that fun below:

Jamie Stark Ignite Interview:

Matt Landis Ignite Interview:

And the #Skype4BRecap Ignite Edition:

Finally, Tom Arbuthnot put together an amazing tool for downloading all the video content on the sessions that you could possibly want. Check out the tool, and be sure to leave some love in the comments for him

Stay Techy, My Friends!