I haven’t done a blog entry for awhile on InsideOCS because I have spent a lot of my extra time developing a small free tool called: The Remote UC Troubleshooting Tool (RUCT).
The tool was born out of my former MOCLogin troubleshooting tool, but I decided to rename it because of the expanded features and all the great things it can do besides just troubleshoot DNS entries with Communicator and Lync client automatic sign-in.
I’ll go on record as saying that I think this is one of the best tools available for troubleshooting Lync and Communicator certificate issues!
A full description of RUCT is available here, and the tool can be downloaded here.
Here is a summary of what the tool can do:
1. Easily Query Important DNS Records used by Microsoft Lync Server and OCS.
DNS queries for the following Lync and OCS records are issued with one-click:
- All Lync and Communicator internal and external records used for automatic sign-in.
- Lync sign-in records used for Lync Online (in Office 365).
- Lync simple URL records used for Dial-In, Meetings, and Administration.
- Home registrar location records used by Lync devices.
- The automatic partner discovery record used in an Open Federation configuration.
2. Test Network Availability.
- Easily test the network connectivity to the hostname and port belonging to any matching DNS SRV record, or IP address belonging to an A record.
- A TCP connection is attempted for hostnames and ports, and a ping is attempted for IP addresses.
3. Certificate Retrieval, Installation, and Export.
- The tool can remotely retrieve X509 Certificate information on any Lync or OCS port that is secured using TLS (or SSL). Certificate information returned includes the Common Name (CN), Subject Name, Issuer, Certificate Authority, Expiry Date, Creation Date, and Subject Alternative Names (SANs), and the complete certificate chain.
- The remote certificate can also be installed locally or exported to a file. This makes client access to labs and self-signed certificates much easier to setup.
4. Easily Retrieve Important Client-Side Troubleshooting Information.
- Important client-side environment settings such as O/S version, 32-bit or 64-bit, current domain credentials, and Lync/Communicator sign-on settings are automatically retrieved and consolidated in one place.
- Recent Lync and Communicator specific event log errors and warnings can be retrieved with one-click.
Screenshots
DNS Information
Certificate Functionality
Client Troubleshooting
I hope this tool is a big help to people troubleshooting Lync Server and OCS issues. Feel free to provide any feedback.
Twitter
LinkedIn
I keep getting “An error occured while retrieving the certificate. Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..”
I cannot find any similar troubleshooting resources… any help is appreciated. thx
You are awesome! thank you for the great utility!
Fantastic and very useful tool!
I did run into one situation where a minor improvement could be made though. If the certificates could be checked against the current CRL(s) this would be very useful.
I ran into a situation helping a friend where he made the mistake of having a public cert re-issued and then only applied the new cert to one of his servers(the one where he needed the change made) without thinking about the fact that it would cause problems on the other servers.
As Dimitriy mentioned above, it would be nice to be have an option to specify where to pull DNS from when testing as well.
Thanks Soder.
That is an interesting use-case I hadn’t considered
I’ll check into making it UDP-only capable when I get a chance.
Curtis
The “Test port availability on selected record” fails on records that are based on UDP transport (for example the NTP record). Either you can filter the test for TCP-only and give a warning that the tool is not capable of testing UDP port availability, or you can implement a UDP-aware connection checker. Anyway, the tool is just awesome!
Thanks John! Comments like that increase the likelihood of further improvements
Glad it was helpful. I will add the Lync mobile records soon.
Curtis
This is great. Thank you very much.
Lifesaver material, goes straight into my toolbox !
Hi Jan,
That is a good idea and a simple change. I will add this shortly.
Curtis
Great tool! Wish I’d found it sooner
Any chance you could add support for “Lync Mobility”? It uses the lyncdiscover.domainname.com and lyncdiscoverinternal.domainname.com record for autoconfiguration of the clients.
Not possible to specify a separate external server dns
Great tool. Is there any way you can add functionality to test PIC federation? I assumed PIC would behave the same way that federation does but it seems there is a small difference (i’m still unsure what it is I can only see that its failing, but federated partners have no issue connecting).
I’m aware that most likely we would need to run the PIC test directly from the edge. If you have any suggestions for troubleshooting this let me know. BTW, i can see that its a TLS issue, i just cant see the details.
Excellent tool to help in verification and troubleshooting.
Address label “Enter a SIP domain or SIP address” is a little bit off and masking part of the entry field.
Eliminates all those manual NSLookup and telnet tests!
Way to go!
Totally awsome!
Directly to my ’sysadmin tools’ folder… and backup disk
[...] http://blog.insideocs.com/2011/11/14/the-remote-uc-troubleshooting-tool-ruct/ for more information on this free Windows [...]
[...] Veja aqui: http://blog.insideocs.com/2011/11/14/the-remote-uc-troubleshooting-tool-ruct/ [...]