23 March 2015

Lync federation error ID 504 source id 239

When you receive the following error:

The (root) certificate from the company you are trying to federate with is not available.
And by root certificate i mean the CA the company has accuired their certificate; Comodo, Baltimore Cyber Trust, Go Daddy etc.

There are 2 ways to resolve this, find the sipfederationtls SRV DNS record like this:

nslookup -type=SRV _sipfederationtls._tcp.microsoft.com

SRV hostname = sipfed.microsoft.com

Now you can try to get a certificate by guessing webmail domain names because the certificate at https://sipfed.microsoft.com:5061 doesnt return the certificate that you want.

An easier ways is to download the RUCT tool (Remote RU Troubleshotter) found here
Type the domain of the company you want to federate with and select the sipfederationtls SRV record, and on the Certificate Information tab click Go.

After finding the domain you want to federate with you can install the certificate with one mouse click in the local trusted certificate store on the Lync EDGE server.

You can easily find the imported certificate chain in the local trusted root store.

11 March 2015

Deleted item retention policy not working, well actually your just being impatient

If you implement the deleted item policy retention tag in Exchange 2010 and assign it to a retention policy, you'll notice that it takes a long period before it actually starts working.

Searching the internet for a solution can lead you to the most critical blog posts, forums, dodgy solutions and advice.

In fact it's quite simple. If you set a retention policy tag for the deleted items for lets say 31 days, then the moment you assign it to a retention policy the clock starts ticking. This means from that date the retention kicks in, the 31 days you selected. Then after those 31 days if a user deletes a mail message the retention clock starts ticking and it takes 31 days before it gets marked as expired and deleted.

For emails already in the deleted items folder after the first 31 days, on the 32 day the emails would be processed accordingly.

So it's a combination of retention policy activation time, user email deletion date and the actual delete date.

Remember this before diving in the Google-O-matic or logging a call at Microsoft. It's not really well documented but if you read carefully enough you could figure it out, i figured this out by checking every week what had happened thus far.