The Remote UC Troubleshooting Tool (RUCT) V1

Download

Description

RUCT is a free Windows utility for remotely diagnosing Lync Server and OCS issues. Specifically it helps to diagnose DNS configuration issues, certificate issues, and other Lync or Communicator client problems. It is not an official Microsoft tool – it is my own tool that I developed to help people diagnose and resolve Lync and OCS issues.

Feature Summary

 

The tool offers 4 primary features:

 

1.       Easily Query Important DNS Records used by Microsoft Lync Server and OCS.   DNS queries for the following Lync and OCS records are issued:

·         All Lync and Communicator internal and external records used for automatic sign-in.

·         Lync sign-in records used for Lync Online (in Office 365).

·         Lync simple URL records used for Dial-In, Meetings, and Administration.

·         Home registrar location records used by Lync devices.

·         The automatic partner discovery record used in an Open Federation configuration.

2.       Test Network Availability.

·         The hostname and port belonging to any matching DNS SRV record, or IP address belonging to an A record, can easily be tested for network connectivity.

·         A TCP connection is attempted for hostname’s and ports, and a ping is attempted for IP addresses.

3.       Certificate Retrieval, Installation, and Export.

·         The tool can remotely retrieve X509 Certificate information on any Lync or OCS port that is secured using TLS (or SSL).  Certificate information returned includes the Common Name (CN), Subject Name, Issuer, Certificate Authority, Expiry Date, Creation Date, and Subject Alternative Names (SANs), and the complete certificate chain.

·         The remote certificate can also be installed locally or exported to a file.

4.       Easily Retrieve Important Client-Side Troubleshooting Information.

·         Important client-side environment settings such as O/S version, 32-bit or 64-bit, current domain credentials, and Lync/Communicator sign-on settings are automatically retrieved and consolidated in one place.

·         Recent Lync and Communicator specific event log errors and warnings can be retrieved with one-click.

 

 

Detailed Feature Descriptions

 

1] Easily Query for Important DNS Records used in Lync Server and OCS.

 

The tool queries for different types of DNS Service Records (SRV), Address (A), and Canonical Name (CNAME) records used in Lync and OCS.  It queries the DNS server configured on the client machine and displays the results for the following DNS records:

 

a) Automatic Sign-in Records (used by the Lync or Communicator client to locate a Lync or OCS server to sign-in)

·         _sipinternaltls._tcp.<domain.com>

·         _sipinternal._tcp.<domain.com>

·         _sip._tls.<domain.com>

·         _sip._tcp.<domain.com>

·         sipinternal.<domain.com>

·         sip.<domain.com>

·         sipexternal.<domain.com>

 

The preferred DNS match (that the client will first attempt to use) is then highlighted in the results.

 

b) Office 365 Sign-In Records (used by the Lync or Communicator client to locate the Lync Online server to sign-in)

·         sip.<domain.com>

·         _sip._tls.<domain.com>

 

c) Lync Devices Records (used by Lync devices to locate a home registrar)

·         sipinternaltls._tcp.<domain.com>

·         _sipexternal._tls.<domain.com>

·         _sipexternaltls.<domain.com>

·         ucupdates-r2.<domain.com>

·         _ntp._udp.<domain.com>

 

d) Lync Simple URL Records (used by Lync if DNS is the chosen simple URL configuration)

·         meet.example.com

·         dialin.example.com

·         admin.example.com

 

e) Federation (used by partners to automatically discover your Edge)

·         _sipfederationtls._tcp.<domain.com>

 

 f) Lync Mobility Auto-discovery Records (used by Lync mobile clients to auto-discover the Lync mobility service)

·         Lyncdiscover.<domain.com>

·         Lyncdiscoverinternal.<domain.com>

 

2] Test Network Availability.  

 

A user can click on any of the DNS sign-in records that returned a match (resolved on the client) and then test the associated network connectivity in one of two ways:

1.       For a hostname and port, a TCP connection is attempted to the hostname and port.

2.       For an IP address (associated with the matching DNS record), a ping is attempted.

 

 

3] Certificate Troubleshooting.  

 

The tool offers several actions to troubleshoot certificate issues.

 

a)      Remotely Retrieve Certificate Information.  

Any Lync Server or OCS certificate can easily be retrieved remotely from the tool.  All the certificate information such as the Subject, SANs, Expiry Date, and Chain information can be retrieved and viewed.  This information can then be used to debug certificate issues.  To make it easier to identify the Lync Server or OCS network endpoint where the certificate is used, a user can click on any of the DNS matching records (from the DNS Information tab) and remotely retrieve the X509 Certificate with the associated hostname and port.

b)      Install the Certificate (including the certificate chain).

Once the remote certificate has been retrieved, a user can choose to install this certificate into the local trusted store.  This is very useful in lab environments with self-signed certificates, or in situations where the certificate authority is not trusted locally, but is a trustworthy certificate authority.

c)       Export the Certificate.

Once the remote certificate has been retrieved, a user can export it to a *.pfx file.

 

 

4] Client Troubleshooting Information

 

The tool offers easy access to important client side troubleshooting information.

 

a)      Automatically Displays Important Environment Information.

·         Sip Address                     

·         Sign-In Method (Configuration Mode)

·         Internal and External Server Addresses

·         Client Version and Install Path            

·         Machine Name, O/S, and O/S Version      

·         System type (32 or 64 bit)

·         User Name and Domain         

a)      Launch Windows Explorer to the Lync or Communicator Client Tracing Directory. This is the directory where the Lync and Communicator log files are stored.

b)      Get Lync and Communicator specific Event Log Errors and Warnings.

With one-click the most recent 20 application event log entries where the source is Communicator and type is Warning or Error are returned. A maximum of 1000 of the most recent entries will be searched to limit performance problems.

 

Screen Shots

 

DNS Information

 

Description: Description: Description: J:\RUCT V1.1\WebSite\RUCT_files\image001.jpg

 

Certificate Functionality

 

Description: Description: Description: J:\RUCT V1.1\WebSite\RUCT_files\image002.jpg

 

 

Client Troubleshooting

 

Description: Description: Description: J:\RUCT V1.1\WebSite\RUCT_files\image003.jpg

 

 

To Use

1.       Click on the download link and save the file on the client computer where the Lync or Office Communicator client is running.

2.       Extract the RUCT.exe file.  Right-click | Properties | “Unblock” it.  Double-click it to run the tool.

3.       Enter a SIP address or SIP domain name, and press Go.

4.       Optionally select a matching DNS record result and test the port connectivity or retrieve the certificate information from the Certificate Information tab.

 

Support

This tool is offered on a best effort basis by Curtis Johnstone. No formal support or warranty is offered, implied or intended.

 

Tested On

·         The tool was tested on Microsoft Windows XP, Vista, Windows 7, and Windows 2008 with the latest Service Pack’s (as of November 2011).  

·         The only language it was tested with is English.

 

Copyright

·         This tool is Copyright © 2011 Curtis Johnstone and cannot be distributed without explicit permission.

 

Known Issues

November 14, 2011 (Version 1)

1.       No Support for Multiple IP Addresses. The tool currently does not support DNS lookups for A records with multiple IP addresses.  The tool will return <null> for the IP address.

2.       Invalid DNS Sub-domains Might Resolve.  Some DNS servers will return A records for FQDN records such as sip.<garabage>.domain.com and “meet.<garbage>.scriptlogic.com and the tool will display those results even though they are not valid Lync and OCS records.

3.       No IP Address for a SRV Record.  If a DNS SRV record match does not contain an associated IP address for the hostname that is returned, no IP address will be shown in the tool for that SRV record.  That does not mean that a separate A record with an IP address does not exist.  When an action is carried out on the SRV record (i.e. test port or get certificate information), the tool will do an implicit A record lookup and attempt connecting the associated IP address.