The Microsoft Support Team works around the clock to assist customers in troubleshooting issues with Lync Server. In each article in this new NextHop series, senior Microsoft Support engineers walk you through a real-life support case, giving an insider’s view into the systematic approach they use to troubleshoot the issue. These incidents are picked based on areas seeing top support volume.

You know the saying: “Give a man a fish and you feed him for today. Teach a man to fish and you feed him for a lifetime.” Well, that is our intention with this series: To help you solve your own issues within specific areas with the same prescriptive steps that Microsoft Support engineers used to troubleshoot the issue.

Today’s article, the third in the series, comes from our esteemed colleague, Premal Gandhi, who initiated and leads this NextHop series. As a Microsoft Senior Support Program Manager, currently Premal engages with several teams within Microsoft on a biweekly basis and presents cumulative feedback to the Product Team through Lync Red Zone. You will find him interacting with Lync MVPs on monthly MVP calls too. He drives addressing Top Support Issues, which also feeds the Lync Top Solutions site.

Prior to this, Premal was Senior Escalation Engineer for Lync Product, working with customers and product team on critical issues, including but not limited to identifying product improvements through deep code debugging and analysis. He also authored the Lync Diagnostics Packages for Client and Server, available through the Microsoft Fix It Center.

Author: Premal Gandhi, Microsoft Senior Supportability Program Manager

Publication date: August 21, 2012

Product version: Lync Server 2010, Lync 2010, Exchange Server 2010

Keywords: delegate access, conferencing

Introduction

The Microsoft Lync Conferencing workload allows a delegate to schedule a meeting on behalf of a manager. In this article, we explore an inconsistency between Exchange and Lync permissions, which resulted in a support incident in which the delegate was unable to complete this task.

This article addresses a specific problem scenario in detail, but the intention is to provide a general thought process to follow when encountering this and other similar issues.

Part 1: Setting Up the Scenario

For this scenario, we provide a case study of a Microsoft Support incident in which a manager’s admin was unable to successfully schedule a meeting for the manager.

The admin is designated to schedule Lync meetings on behalf of the manager. But he encounters a permissions issue with setting up a meeting and doesn’t know why.

This article introduces the reader to different tools and options to detect the permissions issue and then correct it. The solution is aimed at detecting the issue at the admin level, without disturbing the manager.

Environment

  • Exchange Server 2010
  • Lync Server 2010
  • Lync Client 2010
  • Outlook 2010

Recommended Steps

To begin this scenario, the manager allows a delegate (in this case, the admin) to manage her Outlook mail and calendar. Here’s the procedure she follows:

To allow a delegate to manage your mail and calendar within Outlook

1. From Outlook, click the File tab.

2. Click the Account Settings drop-down arrow, and then click Delegate Access.

Figure 1. Shows the Delegate Access option available in Outlook 2010.

Figure 2. Shows the Default Permissions available for a delegate.

Because her Lync account is Enterprise Voice enabled, the manager also wants to allow her admin to manage her Lync calls. Here’s the procedure she follows:

To allow a delegate to manage your Lync calls

1. In Lync, click Tools, click Options, and then click Call Forwarding.

2. Click Edit My Delegate Members, click Add, and then from the Add Contacts drop-down, scroll to and double-click the name of your delegate. The delegate’s name will then appear in the Call Forwarding – Delegates box.

3. Click OK.

Figure 3. Shows how to access the Call Forwarding settings within Lync 2010.

Now that everything is set up, it’s time for the admin to schedule an online meeting on behalf of the manager. Here’s the procedure he follows:

To schedule an online meeting on behalf of your manager

1. Open Outlook, and from the Calendar tab, select your manager’s Calendar.

2. Select a time, and on the Outlook ribbon, click New Online Meeting.

3. Create a test meeting, and send the invite.

Hopefully, this process goes smoothly and the meeting invite launches as expected. The remainder of this article addresses what to do if the meeting does not launch as expected.

Part 2: Issue Resolution

Symptom

Now the trouble begins. When trying to set up the meeting, the admin receives an unexpected Outlook message, as shown in Figure 4 below. How can this occur? The admin is baffled.

Figure 4. Shows a prompt for permissions, as seen by the delegate when scheduling a meeting for the manager.

Cause

As it turns out, the issue is caused by a permissions inconsistency between Exchange and Lync, which in this case was caused by an accidental modification of the delegate’s permissions by the manager. Figure1 and Figure 2 above show the permissions that need to be consistent.

Resolution

To resolve this issue, the delegate must make sure that the permissions in Exchange and Lync are synchronized, as shown in Figure 1 and Figure 2 above.

Detection

To begin with, the delegate checks the UI for both the manager and the delegate, as shown in Figure 5 and Figure 6 below. Does the manager’s UI show the correct delegate (in this case, Delegate01)? Does the delegate’s UI show the correct manager (in this case, Boss01)? Okay then, so far, so good.

Manager

Delegate

Figure 5. Manager’s UI, under Delegates: Shows the manager’s delegates.

 

Figure 6. Delegates UI, under People I Manage Calls For: Shows the delegate’s
manager.

Next, the delegate checks the UCCP logs. This is where things get considerably more interesting.

Manager

Delegate

Locate the 200 OK response to the IP SUBSCRIBE

request for Event: vnd-microsoft-roaming-self.

03/11/2012|16:19:25.980 90C:4D0 INFO ::

DataReceived - 192.168.100.148:5061
(To Local Address: 192.168.100.21:64196)

22574 bytes:03/11/2012|16:19:25.980 90C:

4D0 INFO :: SIP/2.0 200 OK

Locate the 200 OK response to SUBSCRIBE message for

Event: vnd-microsoft-roaming-self.

03/11/2012|16:46:06.362 AF4:CA8 INFO :: Data Received - 192.168.100.148:5061
(To Local Address: 192.168.100.137:55826) 4914 bytes:

03/11/2012|16:46:06.362 AF4:CA8 INFO :: SIP/2.0 200 OK

Contact:
<sip:cspool01.contoso.com:5061;transport=tls;

ms-fe=CS-FE01.contoso.com>

Contact:
<sip:cspool01.contoso.com:5061;transport=tls;ms-fe=CS-FE01.contoso.com>

Authentication-Info:

TLS-DSK qop="auth", opaque="EF866A37", srand="AF28F922", snum="5",
rspauth=

"805c93a281873779b0dfb

0c67437e62d77f19830",
targetname="CS-FE01.contoso.com", realm=

"SIP Communications Service", version=4

Proxy-Authentication-Info:

Kerberos qop="auth", opaque="F44B44FC", srand=

"C4CBE3C3", snum="5",rspauth=

"040401ffffffffff0000000000000000

d782af55bb0668c160db4233", targetname="sip/CS-FE01.contoso.com", realm="SIP
Communications Service", version=4

Content-Length: 21726

Content-Length: 4027

From:

"Boss01"<sip:boss01@contoso.com>;tag=

f864fc773e;epid=599a249f55

From:

"Delegate01"<sip:delegate01@contoso.com>;

tag=50fcb47400;epid=78346e6207

To:

<sip:boss01@contoso.com>;tag=6C3D0080

To:

<sip:delegate01@contoso.com>;tag=84670080

Call-ID:

6cb18f17d9254282bda88a8a76cdad57

Call-ID:

70b427b8625e481ca79da1d45222f685

CSeq: 1 SUBSCRIBE

CSeq: 1 SUBSCRIBE

Via:

SIP/2.0/TLS
192.168.100.21:64196;ms-received-port=64196;

ms-received-cid=38200

Via:

SIP/2.0/TLS
192.168.100.137:55826;ms-received-port=55826;

ms-received-cid=44000

Expires: 31535

Expires: 26496

Require: eventlist

Require: eventlist

Content-Type:

application/vnd-microsoft-roaming-self+xml

Content-Type:

application/vnd-microsoft-roaming-self+xml

Event:

vnd-microsoft-roaming-self

Event:

vnd-microsoft-roaming-self

subscription-state:

active;expires=31535

subscription-state:

active;expires=26496

Now the delegate needs to verify the following for the manager only:

Manager

Delegate

<roamingData xmlns="http://schemas.microsoft.com/

2006/09/sip/roaming-self" xmlns:del=

"http://schemas.microsoft.com/2007/09/sip

No verification required.

/delegates">

<delegates xmlns="http://schemas.microsoft.com/

2007/09/sip/delegates" version="2">

<delegate uri="Delegate01@contoso.com" publish="false"
redelegate="false"/>

</delegates>

</roamingData>

NOTE: If the delegate setup is modified after the

manager signs in, the above changes are reported

to the client via BENOTIFY message, for Event:

vnd-microsoft-roaming-self.

<subscribers xmlns="http://schemas.microsoft.com/

2006/09/sip/presence-subscribers">

<subscriber user="Boss01@contoso.com" displayName="Boss01"
acknowledged="false" type="sameEnterprise">

<context>

<subscriptionContext xmlns="http://schemas.microsoft.com/2008/09/

sip/SubscriptionContext" majorVersion=

"1" minorVersion="0">

<delegation></delegation></subscriptionContext>

</context>

</subscriber>

</subscribers>

<delegates xmlns="http://schemas.microsoft.com/

2007/09/sip/delegates" version="1"/>

</roamingData>

Shows the delegates Access Control List (ACL)

in the manager’s calendar in MFCMapi.

See Figure 7 below.

Cannot detect on the Delegate.

Figure 7. Shows the delegates ACL in the manager’s calendar in MFCMapi.

Action Plan

However, sometimes things just aren’t this easy. So if the above investigation does not resolve your issue, complete the following steps and then enlist assistance from Microsoft Support:

1. From the server, collect dbAnalyze information for the manager and delegate, and upload to Support. Here’s how:

a. From Microsoft Lync Server 2010 Resource Kit Tools, download OCSReskit.msi. The .msi installs all the tools in \Program Files\ Microsoft Lync Server 2010\ResKit. (Tools that are self-contained executables are in this folder. Tools that also have files are in their own sub folders.)

b. Locate, install, and run the DBAnalyse tool. To install Dbanalyze.exe, copy it to a local folder and then run the tool. To use the tool, run the following command from the command line.

dbanalyze.exe [/v] [/report:value] [/sqlserver:value] [/user:user@domain.com] [/conf:value][/pstnid:Value] [/maxcontacts:value]

NOTE: DBAnalyze can be run only from a domain-joined computer that has Lync Server 2010 installed.

Standard Edition: C:\Program Files\Microsoft Lync Server 2010\Reskit>DBAnalyze.exe /report:user /user:<user@domain.com>

Enterprise Edition: C:\Program Files\Microsoft Lync Server 2010\Reskit>DBAnalyze.exe /report:user /user:<user@contoso.com> /sqlserver:<FQDN of the SQL Server>\rtc

2. Upload the output of the above as BossDbAnalyze-<Date-time>.zip and DelegateDbAnalyze<Date-Time>.zip.

3. Collect logs for the Microsoft Lync Support Team to analyze, as follows.

Manager

Delegate

Server

Verify Tracing is enabled.

See Figure 8 below.

Verify Tracing is enabled.

No action here.

Exit Outlook.

Exit Lync.

Exit Outlook.

Exit Lync.

No action here.

Start Outlook and Log in.

   

Verify Delegate Access, as described above in these procedures:

To allow a delegate to manage your mail and calendar within Outlook

To allow a delegate to manage your Lync calls

No action here.

No action here.

No action here.

No action here.

Start OCS Logger on the Front End Server, where manager and delegate are homed and Log for SipStack, UserServices components (Level -> All, Flags -> All Flags).

See Figure 9 below.

Start Lync and Log in.

Start Lync and Log in.

No action here.

No action here.

Set up a test meeting as described above in this procedure:

●  To schedule an online meeting on behalf of your manager

No action here.

4. Now verify that the issue reproduces, as shown in figure 4. 

Manager

Delegate

Server

No action here.

Verify that logging is turned on.

See Figure 10 below.

No action here.

Exit out of Lync

Exit Out of Lync

Stop Logging

Collect all logs under %userprofile%\tracing and upload to support.

Collect all logs under %userprofile%\tracing and upload to support.

Click View Logs, click Package for PSS or just Click View, and then collect the converted text file.

Upload these logs as Boss-<Date-time>.zip.

Upload these logs as Delegate-<Date-time>.zip.

Upload these logs as Server-SipStack-UserServices-<Date-time>.zip.

Figure 8. Shows how to verify that logging is turned on.

Figure 9. Shows the OCSLogger options to enable and collect logging.

Figure 10. Shows the prompt for permissions seen by the admin when scheduling a meeting for the manager.

5. Collect the output of MrMapi from the manager, as follows:

a. Download MrMapi from http://mfcmapi.codeplex.com/releases/view/73290#DownloadId=280885.

b. From the Start menu, click Run. In the Open text box, type Cmd, and then click OK.

c. In the command prompt, type whoami, and then press enter to make sure you have the desired user.

d. In the command prompt, type MrMapi.exe -Acl -Folder "@PR_IPM_SUBTREE_ENTRYID\Calendar" > BossCalendarACLs.txt.

6. Upload these logs as BossCalendarACLs.txt.

You are now prepared to enlist Microsoft Support in troubleshooting your issue.

Summary

In this article, you got a glimpse of how Microsoft Support engineers systematically troubleshoot real-life support cases. It is our hope that following these same processes yourself will assist you in troubleshooting this and other similar issues. If you do get stuck, however, the information you gathered in completing the above process will help Microsoft Support efficiently resolve your issue.

Related Information

To learn more, check out the following articles:

  • KB Article 977282: Error message when a delegate user tries to schedule an Office Communications Server 2007 R2 conference on behalf of another user: "You do not have permissions to schedule meetings and conferences on behalf of the owner of this account
  • Microsoft Lync 2010 Delegate Training
  • Lync Server 2010 Cmdlets Index: Set-CsClientPolicy (scroll down to EnableExchangeDelegateSync: When set to True, delegates a user that has configured in Microsoft Exchange will be allowed to schedule meetings for that user.

Lync Server Resources

We Want to Hear from You