FreePBX 6.12.65 Integration with Lync 2013

Installing AsteriskNow (FreePBX 6.12.65) and integration with Lync 2013
Download AsteriskNow from the following Link
First the setup window will come: there I will choose No RAID on Asterisk 13 since this is a virtual machine.
Here I will choose IPv4 static IP (Manual configuration) and click OK
Choose the time zone according to the nearest location to you
Next, we’ll configure the root password
Here it’s formatting the Disk that I have assigned to the VM.
It should start the installation now and should download all the required packages from the internet incase they were not found on the ISO which I’ve loaded.
Now the installation is about to finish and once it does, the machine is supposed to restart on its own allowing you to go to the Web UI.

Upon setup and restart, you might get the following error! The error states that your PBX can’t access the internet so you might wanna double check your NIC configuration and that you’re able to reach to it. 
This is usually related to the DNS setup on the Centos machine where “AsteriskNow” is setup.
If you do a test and try to update your system from the CLI window you might get this error which is related to the DNS.
To resolve it, you’ll have to replace the localhost with any public DNS e.g. (google or comodo DNS) or any internal DNS that’s capable of reaching out to the internet to resolve this problem.
To edit the DNS you will have to type in the command  “nano /etc/resolv.conf”
The default DNS is the localhost
and you’ll have to manually change it and save the  settings
Press Ctrl + X and then Press Y to save and hit Enter
To test that we can access the internet you can nslookup for instance and see if it works

Once you are able to resolve the, that error will go.

Now to continue, let’s setup a FreePBX Admin (Make sure you remember both username and password)

Click on the (FreePBX Administration) and enter the username and password you have just created in the previous step.
This will allow you to the configuration portal
Extensions configuration:
To start, let’s configure an extension (Since I don’t have an IP phone now) so I will use a SIP application for my test (Zoiper or Xlite would do fine)
Select Chan SIP device as this talks directly with Lync Trunk then Click Submit once you choose the device .
Now I will configure the new extension’s number, name and secret and port too.
Under device options, you have to set the secret (Password) which you’ll use to login to your sip phone or sip softphone..
You need to also make sure that the port configured under the device is what will be used for the device to login with this sip extension
so basically the sip port in this case is 5060 which is the default one unless you’re already using a different port then you’ll have to reconfigure it here.
I’ll leave the rest of the options on default value and click submit. Then apply Config
Applying Configuration
Now I will use a soft phone (SIP Application) on my PC to check out if calls are working properly. And for the second extension a second computer with the same software or even A software like Zoiper or Xlite can be utilized on iPhone or Android for the same purpose.
No other settings are required on the SIP phone after that it should register without an issue. And you’ll be able to make calls between SIP phones
I am going to call my computer (3700) sip phone (Xlite) from my iPhone (Zoiper) soft phone (3800)
So calls are working properly between SIP extensions, now we’ll have to go configure Lync and Asterisk Configuration.
Before starting, we’ll have to enable the TCP protocol on Asterisk for Lync to send calls to Asterisk since Lync talks only TCP.
Enabling Asterisk to listen on TCP
Enable TCP for Lync and SIP Phones for Asterisk
I’ll have to configure the local networks and the RTP port range as well.
Next I’ll click on Submit, and apply configuration then on top right I’ll click on Chan SIP to configure the ports and the right protocol
Under SIP Settings, make sure your settings matches the snapshot below, then navigate to advanced settings
Under Advanced General settings make sure that CHAN_SIP is bind to port 5061 or else calls from Lync will fail with “Unauthorized” error code.
Once you change the port scroll further down to Other SIP settings and add the following variables
Tcpenable = Yes
Transport = tcp
Submit the changes and apply the configuration.
Lync Configuration
Now I will go on Lync server now (Standard edition) and enable the TCP port for the mediation server (Collocated mediation service)
To do so
Right click on your Mediation server and edit properties and Enable TCP port and change it from 5068 to 5060.
I will publish the topology
Published the topology and now it’s time to run the setup as it will install the mediation server role on Front end.
Next I will run the second step (Setup or remove Lync Server Components):
I will go check if the mediation service is enabled now
I will run the command netstat -anb >1.txt
The command will export all the ports status on the server including each of the Lync services.
So Lync mediation service is listening on the default sip port 5060.
Now I will go back to the topology and add the PSTN Gateway (AsteriskNow)
Right click on PSTN Gateways –> Click add PSTN gateways
Next, I will type in the AsteriskNow PBX IP address and the port that “Chan_SIP” driver is listening on since all calls are going to be routed to it.
And will select my mediation server and the Mediation server’s configured port on Lync.
Click Finish and Right click on your front end server and click properties
Make sure you
Click on Make default and then OK then publish the topology
Asterisk Configuration
Asterisk side of the Integration
In order for the configuration to work, we’ll have to configure a new trunk of the Asterisk IP PBX to identify where is the Lync server ..etc
Let’s go to our Asterisk portal, configure new trunk by going to Connectivity -> Trunks then choose “Add SIP(chan_sip) Trunk”
You will need to fulfill the boxes in red below each with what pertain to it.
The IP is my Mediation server (Front end since Mediation server is collocated)
TCP is the protocol that Lync uses
5060 is the port which Lync listens on
I will clear all the settings below “User Details” and save this trunk
Now field cleared and next will click on Submit Changes.
Inbound Routes
I have applied the configuration and now it’s time to create routes on Asterisk to route calls to Lync.
To configure routes, click on Connectivity and then Inbound routes
Click Submit now and Apply Config for changes to take effect
Outbound Routes
It’s time to configure the outbound routes, Depending on your Lync users URI or telephone number and extension number you will have to configure
Your outbound routes according so it will be able to route it properly to Lync users.
I’m going to show my user’s uri and extension on Lync server and what does it look like now
So the entire number is +2163314210 but my extension is basically 4210
Now again click on Connectivity > Outbound routes and add new “Dial Pattern” as following
The +216331 will be automatically entered by AsteriskNow once you dial the number defined in the “Match Pattern” field
Once finished configuring the required dial patterns you can submit and apply …
Lync Voice Route Configuration
Now it’s time to go configure Lync Routes, Go to Lync Server and open the Control panel, Go to Voice routing there we will go under the dial plan
tab and choose New User Dial Plan.
If you don’t want to mess up your Global dial plan or let every new user be able to use this dial plan ,you will have to configure a user dial plan.
I will have to create 2 normalization rules at least in the new dial plan. The first one is going to normalize the inbound numbers
And the second one is going to normalize the outbound.
Since on PBX I choose to create extensions that begins with 3 and are 4 digits long, I will create a normalization rule that’s exactly 4 digits
And it starts with 3. depending on your PBX configuration for the extension and inbound routes Lync needs to either have or not have the + in the dial plan
Now I will create the second dial plan which is from Asterisk to Lync “To match the full URI”
The normalization rule that I am creating here is 10 digits long and it starts with 21633 and it has + digits to add
After creating the Dial plans, it’s time to test them now! I will go to the Test Voice Routing Tab and create a test
So the test for Asterisk Extensions goes well
Now I will test the Lync dial plan
Since Asterisk is going to send the full URI as it will auto complete it even if the user enters the extension only (4210) then our rule is configured properly
Now after configuring rules and testing them it’s time to go to Voice Policy tab and create a new voice policy for Asterisk
Click on New under “Associated PSTN Usages”
Click on New under Associated Routes
You can leave the pattern .* (Which will allow all calls) for the time being until we test everything between both systems.
Scroll down and click on Add next to “Associated Trunks”
Select the available trunk and add it then Click OK 3 times and commit all changes
Now after applying all the configuration, It’s time to apply some tests.
From Asterisk to Lync
Below when I initiated the call I managed to see the SIP invite coming from the IP “” which is my AsteriskNOW PBX IP going to Lync and then the phone starts ringing.
When I have answered the call the RTP starts flowing.
Here I typed RTP in the Wireshark filter and could see the RTP media flowing between Asterisk and Lync Mediation server on the G.711 codec.
What I like about Asterisk is that it sends all users information along with the call and doesn’t strip them out, in extension information I have typed the extension name as “NEWPHONE” and put it all in capitals.
From Lync to Asterisk
Since the call is from Lync to Asterisk, then I will have to run wireshark or trace on Asterisk to see the Invite.
You can see Asterisk logs if you click on “Reports> Asterisk LogFiles”
Once the call has ended I was able to see that in detail as well in the logs.
All the media was
Next few days I will install and configure Brekeke to work with both (Asterisk and Lync) in the same environment… and share my deployment update with you all.
Hope this would do be of good help Open-mouthed smile Tags: ,,,

Outlook 2007 keeps prompting users for password

Outlook 2007 keeps prompting users for password

After migration from Exchange 2003 to Exchange 2010 outlook 2007 keeps prompting users for password:

After migration of Exchange 2003 to Exchange 2010, some outlook 2007 client users keeps getting prompted to enter their credentials once again.
The problem might be related to the authentication method used on Outlook Anywhere. (Basic Authentication). (due to password being not saved in windows authentication mode.).
Changing the authentication method of Outlook anywhere to NTLM will resolve the issue. 

Change Password Policy for AD and domain users

Change Password Policy for AD and domain users

To change the password policy we’ll have first to open Group policy management which is located in “Administrative Tools” on your DC

Right click on “Default Domain Policy” in order to change the password policy for all users within a domain.
This will open the Group Policy Management editor as you can see below where you will have to navigate to “Computer configuration -> Security Settings -> Password Policy” and there you can disable the password complexity, adjust it or change any other settings.

Next when the Group policy opens up the configuration I will go to “Account Policies” and disable the “Password must meet complexity requirements” since this is what I simply want do in my case.

After changing the policy you will need to force updating the policy on all the domain joined clients by using the command line GPupdate /force

When this is finished, all clients must be restarted in order for the group policy change to take effect.

Extend MS Exchange Server’s Certificate life

Extend MS Exchange Server’s Certificate life

On the Certification Authority Server open Certification Authority Console (MMC) 
Right click on Certificate Templates and click Manage

IN certificate templates console right click on Web Server and click Duplicate template
Select Windows Server 2003 Enterprise
Enable “Allow private key to be exported”
Under security tab Select Enroll for the Authenticated users
Back to the Certificate Authority Console, Right click on Certificate Templates and click New -> Certificate template to issue and add the certificate template you created to the list.
Web Server V2 is on top
Let’s check it on Certserv IIS
Certificate is generated for 5 years. The reason why the certificate is generated for 5 years is because the Certification Authority server’s Certificate is limited to 5 years.
So the CA certificate must be set to longer then the client’s requested Certificate limit.
Certification Authority Issuing Certificate validity period extending
To change the Validity Period for the Root CA you can configure a CAPolicy.inf.  To create a CAPolicy.inf file that changes the lifietime of the certificate to 30 years, you would type the following into a text file, and save it with the name CAPolicy.inf in the C:Windows directory,:
Signature= “$Windows NT$”
After this you will need to renew the CA certificate from the CA console : right click on your certification authority and choose All Tasks -> then choose -> Renew CA Certificate

When you click on Renew CA certificate you will get the following prompt asking you to stop the CA to renew its Certificate, Click Yes
Once you click on Yes the service will stop and you will get this window telling you if you would like to generate new public and private key it’s up to you to use a new or not but if you choose Yes the clients using the old Certificate might be provoked and you might need to install the new CA Certificate on all clients using GPO.
Click Ok 

After clicking OK you will see that you were able to generate the new CA Certificate and then you can issue clients certificates
Note: I created another template with 30 years expiration date this time after I created the CA policy for 30 years too.
Now In order to allow the CA to issue certificates that has longer than the default age (2 years) you must run the following command line on the CMD on the CA server.

And here we go, after requesting the certificate from the server I got 30 years valid certificate.

Ping on Pfsense gives “Invalid argument”

When you enable DHCP server on the NIC that you’re trying to ping from, you get Invalid argument
If you have enabled DHCP server, the Static ARP option might be enabled by default. To fix the communication issue between clients and the firewall simply disable this option by un ticking the option “Enable static ARP entries”.
clip_image002 Tags: ,,

Testing Active Sync and fixing access issue on Exchange 2013

If you have an issue with ActiveSync on Exchange 2010/2013 and you want to troubleshoot it, you will have to first test ActiveSync from Microsoft Exchange Management shell for any failing user
You can use the following cmdlet to start
Test-ActiveSyncConnectivity -MailboxCredential (Get-Credential domainuser) -UseAutodiscoverForClientAccessServer
As you can see in the previous snapshot, the test failed in folder syncing part. But in order to get the full report on the failure we’ll have to add the option | fl and if you want to export the report to a text file you can use the parameter >c:1.txt which will export the command output to a text file name called 1.txt on the C root drive.
As you can see the eror says “Internal server error” and if you proceed to read the error in the middle it says “Active Directory operation failed on DC.server.local. This error is not retriable. Additional information: Access is denied. Active Directory response: 000000005 up to <INSUFF_ACCESS_RIGHTS>. Searching for this error a little bit I found that it’s related to Inheritance under the user’s security advanced settings.
Once this was applied the user was able to log in from mobile without an issue

Installing “Only” Trend Micro 11.0 on Exchange 2013 server

This guide will show you how to installing order to Install “Only” Trend Micro 11.0 on Exchange 2013 server

You will have to make sure that before you install Trend Micro you have enough resources on the mail servers or Edge servers depending on where you are intending to install it.


  1. You will need to install Windows IIS CGI role.
  2. Net Framework 3.5
  3. Trend Micro Setup.

If you did not install CGI you will get the following error, so you must install it


To install it you will need to go to Add Roles and then choose and install it.


If Net Framework 3.5 is not install the setup won’t proceed unless you do so and you will get the following error:


To install Net Framework 3.5 , you can use the wizard or you can use the Powershell but you’ll need to attach Windows Server ISO File to the VM or the physical machine.


Setup will restart from the beginning

NetFrame work fails from the Server Manager


Instead, I imported the Windows 2012 r2 server ISO into the VM and ran the powershell command line

Dism /online /enable-feature /featurename:NetFx3 /All /Source:D:sourcessxs /LimitAccess

Where D is the ISO drive name where Windows is.


Restarted the Trend Micro Setup and the setup is working

I already have copied the setup files on my mailbox servers, in my scenario I have 2 mail box servers which I am going to install it on.

I will launch the setup and go through the following wizard


As I mentioned earlier, I am planning to install it on Exchange 2013 Mailbox servers, so I will go ahead and choose Mailbox servers


I will click Browse and Add exchange servers and as in the following snapshot it’ll show me total server count


Next I will type the Exchange Admin account which I used to setup Exchange with and login to the admin Center which is also a local admin.


This is set by default so you will need to leave it as it is.


You can keep the following default settings or change the port in case it’s already used or enable SSL.


In my case I will enable SSL as well as it’s more preferable for security purposes.


Trend micro setup will check if there’s any previous instance on the target Mailbox server in order to check if it’s an upgrade or a fresh install.


I have no proxy so I will proceed without it.


I’m planning to ignore this now and register later, so you can provide the key if you already have it and want to register.


When you continue without activating the product you will get the following warning.


Depending on if you wanna be useful or not, you can just to participate with this program or just ignore it.


In case you would like to direct or send all incoming spam messages to the user to take the decision him/her self you can choose to integrate with Outlook junk e-mail or integrate with End user’s quarantine. In this case incoming infected or suspicious mails will be delivered to the user’s Quarantine but can be restored from/with trend micro.


Trend Micro have also a control manager for centralized management, so if you have it you can configure it and manage all those scanmail from one location. If not then just click next


Click browse and choose your domain in order to select the domain admin groups to manage the trend micro scan mail application.


All server details and configuration is going to be listed in the next snapshot.


And now installation should start.




The credentials to login might be standard but you could also try your domain admin which you have assigned during the setup to login to the portal.


Any configuration that you do on the Mailbox server 1, you will have to re-do it on Server 2 since this is not centralized management.


So first thing I’ll do is update the product to the latest version.


After selecting the components to update click on Update and wait for the process to finish.


After setting and configuring couple of rules and restarting Exchange transport service on each server . I was able to test It and see that it works as in the following snapshot.



Exporting and Importing PST from Exchange 2003 to Exchange 2013

In order to export mails from Exchange 2003 (should not exceed 2 GB) you will have to copy Administrator user into another user “admin” and give that user the rights to access all other mailboxes.

You will have to navigate to the Mailbox store


Right click the mailbox store and click on Properties

Go to Security tab and add the new user (Admin) and give it full control as below


Apply, then sign out of the windows session to the Exchange machine and use the newly added domain admin to login and then open the Exmerge application


Select the second step (Extract or Import)


Select step1


Select the Exchange name and the DC (They should be set automatically)


Select the users that you want to be exported (shouldn’t exceed 2 GB).


Select the local language


Select the destination folder (In my case I mapped a network drive)


Save settings for later use if you want or just click Next.


Once done, the mailbox will be exported.




Importing into Exchange 2013

In exchange 2013 Open the EMS as administrator

Before you start, you should move all the PST files into a shared folder in the network and add the “Exchange Trusted Subsystem” user to its permission.



The same user should be added to the security tab



Providing import and export permission on Exchange 2013

In order to import the PST files to Exchange 2013 users you will have first to assign the Exchange Admin account the capability of importing these PST files then sign out from the EAC portal and back in

To do so you will have to go to EAC then go to Permissions and double click on the Recipient Management

Click Add and select the Mailbox Import Export and click Add then OK



I will add members to this role group



After signing in back to the EAC with the administrator I got the Import PST options.





For Management shell usage

Importing PST using EAC and following up with EMS


Importing Single folder from source PST file into a target folder in email

Importing the folder Sent Items from the file basakc_backup.pst into target folder Sent Items in Mhamada user.


The parameter -TargetRootFolder will create a folder inside the existing Sent Items folder







Importing large items into mailbox in Exchange



That’s it Open-mouthed smile 


Prepare Active Directory Domain Service with 2012 R2 Powershell Script

If you’re planning to Install Active directory on multiple DCs for backup, you can speed up this process by using the following script which is provided by Microsoft. but you’ll have to copy and paste it in notepad and save it in .ps1 extension after editing the Domain Name and Domain Netbios name.

You may also wanna change the forest mode to match the one in your environment if you already have an old DC. 

# Windows PowerShell script for AD DS Deployment

Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath “C:WindowsNTDS” `
-DomainMode “Win2012” `
-DomainName “” `
-DomainNetbiosName “Moh10ly” `
-ForestMode “Win2012” `
-InstallDns:$true `
-LogPath “C:WindowsNTDS” `
-NoRebootOnCompletion:$false `
-SysvolPath “C:WindowsSYSVOL” `

Note: If you want to have a different Computer name, you will need to change that manually before you start the process below and restart after changing the computer name.
You will need to install the AD Domain Service management tools before you are able to run the powershell

Install-windowsfeature -name AD-Domain-Services –IncludeManagementTools


When the management tools are installed you can drag and drop the powershell file to powershell window and press Enter and as soon as you do that it will ask you for the SafeModeADministratorPassword.


After you press Enter it will start the installation process


When finished it will let you know that server is going to be restarted automatically.


After restarting the server, this is how the Full computer name became.

clip_image005 Tags: ,,

Setting up a Signature or Disclaimer for a specific domain users on Office 365 Exchange Online

In order to setup a signature for all office 365 Exchange Online users without manually going after each client and set it up, you can do so by using mail flow rules to append the signature along within each and every out going email.
To do so, you will have to go to Office 365 Exchange admin portal, then navigate to Mail flow –> choose Rules and click on the + sign

 Click on “Apply disclaimers…”

When the new rules opens up, you will have to give it a name and apply condition for the rule. an empty form looks like this one


but here’s what mine looks like,
I choose the sender address includes “Specific domain” then in the append the disclaimer part, I have entered an HTML code which includes all user details

after applying the disclaimer I choose to wrap it up. and then in the exception part I added a rule that excludes adding the disclaimer and signature to any reply message by reading the “RE” word in the subject field.

Now the disclaimer code is as following and you may want to configure it or customize it according to your needs.

<div style=”font-size:9pt; font-family: ‘Calibri’,sans-serif;”>
<div><img alt=”Logo” src=”> <p><p><p>Tel: {308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}PhoneNumber{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}</br>
Gsm: {308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}MobileNumber{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}</br>
Fax: {308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}FaxNumber{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}{308b10a016e19a1cd6a208cbc3961927e16fc6766a4020d3c4ef54ea17925f0f}</br>
<span style=”font-size:12pt; font-family: ‘Cambria’,’times new roman’,’garamond’,serif; color:#100101;”>Disclaimer</span></br>
<p style=”font-size:8pt; line-height:10pt; font-family: ‘Cambria’,’times roman’,serif;”> ________________________________________
<span style=”padding-top:10px; font-weight:bold; color:#CC0000; font-size:10pt; font-family: ‘Calibri’,Arial,sans-serif; “><a href=””></a></span></br></div>

<span style=”font-size:10pt; font-family: ‘Cambria’,’times new roman’,’garamond’,serif; color:#928E8E;”>This e-mail and any information included within any attached document are private and confidential and intended solely for the addressee. Company name does not accept any legal responsibility for the contents of this message and any attached documents. If you are not the intended addressee, it is forbidden to disclose, use, copy, or forward any information within the message or engage in any activity regarding the contents of this message. In such case please notify the sender and delete the message from your system immediately. Company name also denounces any legal responsibility for any amendments made on the electronic message and the outcome of these amendments, as well as any error and/or defect, virus content and any damage that may be given to your system.</span>
<span style=”padding-top:10px; font-weight:bold; color:#CC0000; font-size:10pt; font-family: ‘Calibri’,Arial,sans-serif; “><a href=>Company Name </a></span></br></br>

I have highlighted the customizable part of the code in Yellow and red so you can change it or configure it according to how you want it to fit for you.
The Display name, Department, Email ….etc are all variables for users attributes and they are being pulled from the Microsoft Azure AD, so if your users don’t have any information filled in there then users will likely won’t show anything

Note for the red highlighted link you will have to import only “HTTP” link for the uploaded logo of your company. HTTPS won’t be acceptable or read.

If you’re an HTML noob , you can use the following links for testing and changing colors..etc
For color changing

Using the website, you can copy the code on the left pane and click on see results and it’ll show you the result on the right pane


Once you’re done with the code, you will have to copy and paste the link in the disclaimer part on the right pane. next click Save and probably this will take about 10 minutes to be applied or less.


To test if this is going to work, I will go on one of the users that I applied the rule for and fill out their details like display name, e-mail, street ..etc and try to send out an email with this user.

Mail is empty as you can see


Just another IT Website