Cool Tool – Find duplicate LineURIs

Every once in a while – and by that, I mean ALL. THE. TIME. – I run into a situation where a number that I’ve been asked to provision as a LineURI for a SfB endpoint is already in use:


“Filter failed to return unique result” has got to be one of the most frustrating errors that you can receive. At least it doesn’t tell you to contact your system administrator…

Sometimes this is easy to figure out by searching for that number in the User Search section of the Control Panel:


And other times it’s not, because the number is hiding, assigned to one of the following:

  • User LineURI
  • User PrivateLine
  • CsAnalogDevice
  • CsCommonAreaPhone
  • CsExUmContact
  • CsDialInConferencingAccessNumber
  • CsTrustedApplicationEndpoint
  • CsRgsWorkflow
  • CsMeetingRoom LineURI
  • CsMeetingRoom PrivateLine

And you know what you don’t want to do? You don’t to have to dig out PowerShell and search all of these manually. What you need is a script to do this for you, and while there are a couple out there, the one by Lasse Wedø is my favorite.

It’s comprehensive, well-written, has nicely formatted output, and has a tonne of parameters available if you want to do a more complex search. The simplest form of search looks like this:

PS Search

which seems just about right to me. Download the script and give it a try next time you run into duplicate number issues.

Patching Without an Internet Connection

In some organizations, allowing servers to have direct access to the Internet isn’t permitted. Or, it could be you have an isolated lab and need to patch your machines. WSUS is great, but not always possible to implement.

There are a couple of utilities available that help with this. The first is quite excellent,

The second one I haven’t personally used

Either of these tools should get you patched, without needing to worry about Internet connectivity from your machines.


Cool tool – MAdCaP manager for analog and common area phones

Let’s face it, creating Common Area Phones (CAPs) and Analog Phones in Lync is annoying. Managing them is even more annoying. Greig Sheridan has the answer with MAdCaP (“Manage Analog Devices & Common Area Phones”).

MAdCaP allows you to create and edit Common Area Phones and Analog Devices as the name implies. This includes the little details like setting the correct dial plan, voice policy, client policy, and PINs.

This is a great tool for an Admin who’s in charge of phones, but has zero idea what PowerShell is. I’ve also found it handy at the end of a very long day when my brain simply won’t do PowerShell commands.

Cool tool – IIS Crypto

Every once in a while, a Lync admin gets to experience the true horror of changing crypto settings. More often than not, this is through following a series of registry edits found online, either on TechNet or a helpful looking blog.

IIS Crypto is a tool that allows you to fiddle with the protocols, cyphers, hashes, key exchanges and cypher suite order, all in a nicely put together GUI. Better yet, there are templates that’ll set your server to Best Practices, PCI, FIPS140-2, and Windows Defaults. That last one comes in really handy when that helpful looking blog turns out to be not so helpful, and your notes on what keys you changed in RegEdit aren’t so clear.

Cool tool – Mirror Manager

Most Lync admins aren’t closet SQL admins, and things like “mirror” and “witness” sound more like “dragon” and “bear” than “puppies” and “beer”. When you throw in other mirroring language that’s eerily similar – principal, primary, secondary and mirror I’m look at you – it can be too much. Thankfully, James Cussen has whipped up an excellent tool that will display which database is being used, and with a few clicks, it whips up the PowerShell for you to move things around. This is a great tool to have handy for a Disaster Recovery scenario, in case the person executing the DR plan isn’t a PowerShell, Lync, and Mirror guru.

Cool tool – check the difference between two files

Comparing two files to try and find differences is something I consider to be an occupational hazard. You can dive into the weeds and run some command line tools, you can pop the files into Word, if you’re doing the comparison on a PC. If you’re trying to do a comparison on a server, you probably don’t have Word.

Diff Checker is an online diff tool that allows you to compare two text files. Any differences in the file are colour-coded so that you can easily spot them.


Cool tool – check certificates already installed on a server

Working with Lync everyday for a number of different organizations, I often need to gather information about the certificates that they’re using, or perhaps that a federated organization is using. This can be on a Lync Edge server, reverse proxy, web server, Exchange server, load balancer, or any number of other devices. The easiest way for me to get an overview of the certificates in use is with DigiCert’s SSL Certificate Checker.

When you enter an FQDN into the checker, you’re provided with a page of information including the Common Name/Subject Name, any Subject Alternate Names, and a variety of cryptography and administrative items.  A couple of certificate vulnerabilities are checked, as is the expiry date, revocation lists, and the certificate chain through any intermediates to the Root CA is validated.

I really appreciate how the checker displays some items with comments like “Signature algorithm = SHA1 + RSA (good)”, giving you a quick indication if things are in order.

If you’re not sure of an FQDN, you can use an IP address. I’ll do this sometimes when I don’t know the hostname for a server, but I know the IP address or the address of another server at the organization (changes are the one I’m after is plus or minus a few IP addresses). When you run the checker by IP address, you’ll receive a warning that the Certificate name doesn’t match what you entered. That’s fine, you can have a look at the Common Name and Subject Alternate Names and re-run the checker with one of those if you’d like.



Cool tool – Decode a CSR

Have you ever found yourself with a CSR file (a Certificate Signing Request), wondering what’s in it? The good news is that you can decode a CSR so that it’s human readable. There are a number of ways to do this, however the one I find easiest is this website

I use this whenever I’ve generated a CSR from a command line where there are a gazillion parameters and maybe and ini file involved, just to make sure that everything came through correct. This is especially useful if you’re the one generating the CSR, and you hand the CSR off to someone in another department to submit it to the certificate authority.



Cool tool – DigiCert Certificate Utility

The DigiCert Certificate Utility is one of the best certificate tools out there. You can use it to generate requests and process new certificates or renewals, fix missing private keys, fix certificate chains that are missing certificates – from any vendor, not just DigiCert. If you’re a programmer, you can use this to sign files and batches of code.

You can find this little bit of magic, along with the rest of what it can do, right here

The utility doesn’t install, it’s just an exe that you run. Best of all, it’s totally free!