Microsoft SfB VKM Configuration Guide

Overview

The Microsoft Skype for Business (SfB) Vendor Knowledge Module (VKM) is used to manage the SfB servers and associated collections and call detail. Leveraging the power of the Nectar Unified Communications Management Platform (UCMP), Nectar is able to deliver real-time visibility, map system interdependencies, and zero in on failed links, services, and components to minimize business interruption.

Nectar VKM provides faster deployment and unsurpassed visibility into the health and availability of your applications. VKM delivers broad, deep, dynamic polling, and reporting functionality with increased automated process capabilities. Key features include auto discovery, auto dependency tree generation, inventory, pre-defined dashboards for visualization, and leverage interrogation mechanisms for performance and capacity.

About this Guide

This guide provides the instructions to configure the monitoring and management of the Microsoft SfB server using the Nectar Microsoft SfB VKM, a core component of Nectar Foundation.

This guide provides the following:

Configure the Nectar RIG

Validate Prerequisites Using PIVT

Configure Microsoft SfB

Configure Microsoft SfB VKM

Edit the Trap Configuration

View Inventory

Manage Microsoft SfB Server Configurations

Auto-Provisioning API Sample Documentation

Configure server.properties File (Optional)

Enable SSL Support in application.properties File (Optional)

Configure Memory for Windows PowerShell

Increase the Session Limit for Windows PowerShell

Change CDR Retention

Customize Windows Event Alert Levels (Optional)

Note

SfB and S4B are used interchangeably in this guide.

Audience

This guide is intended for system administrators or engineers who have system administration access and technical knowledge of Microsoft SfB along with a familiarity with deploying Nectar Foundation.

Supported Software Versions

• Nectar UCMP v8.7
• Microsoft Skype for Business 2015

Configure the Nectar RIG

Configuring the RIG includes the following tasks:

Prerequisites

Update Nectar RIG Service Account

Enable Key Health Indicator Support

Configure log4j2.xml File to Redirect Log Messages (Optional)

Configure lync-config.xml File (Optional)

Prerequisites

• RIG must be a Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 with PowerShell 3.0 or higher installed.
• Windows PowerShell 3.0 or higher must be installed on each computer that is part of your SfB Server topology.
• RIG must be a member of Active Directory (AD) domain.
• RIG must have network connectivity to the SfB infrastructure.
• RIG must have DNS name resolution for the SfB infrastructure.
• Port 443 must be enabled on the firewall from the RIG to the SfB servers for the Secure PowerShell Session.

Note

The WSMAN and PowerShell Remoting default ports are 5985 and 5986. These ports should be enabled. You can verify with the following command:

winrm e winrm/config/listener

For RIGs running Windows Server 2008 R2 SP1, you need to install PowerShell v3.0 as a prerequisite before deploying SfB VKM on Nectar UCMP v5.5 and v5.5.1.

For large user counts (above 100,000), you may need to adjust the RAM for PowerShell. For more information, see Configure Memory for Windows PowerShell.

Update Nectar RIG Service Account

Follow these steps to update the Nectar RIG service account:

Note

This section applies only if using v5.5.1 (and forward) and Windows authentication

for the SfB SQL monitoring server instance.

This section is not applicable, if you create a new SQL user account (see Create a SQL User and Configure Permissions).

This section does not apply to v5.5.

1. Navigate to Administrative Tools > Services. The Services window appears.
2. Navigate to NectarRIG.
3. Right-click and select Properties.

The Nectar RIG Server Properties window appears.

Figure 2-1 Nectar RIG Server Properties

1. Click the Log On tab.
2. Select This account.
3. Enter the name of the Windows domain account that you previously created to be used for Windows authentication.
4. Enter and confirm the password for the account.
5. Click OK.
6. When prompted, restart the NectarRIG service.

Enable Key Health Indicator Support

This section explains how to:

Enable KHI Support Between RIG and Edge Server

Enable KHI Support for Edge

Recreate KHIs for a Server (Optional)

Enable KHI Support Between RIG and Edge Server

Follow these steps to enable key health indicator (KHI) support between the RIG and each Edge server.

Note

The following procedure needs to be completed on the Edge server(s) and the Nectar Foundation RIG server. You need to configure the trusted host list on both sides of the connection. Specifically, add the RIG server(s) to the trusted host list on the Edge server; then add the Edge server(s) to the trusted host list on the RIG.

1. Remote desktop or log in to the RIG.
2. Open the Windows PowerShell console in Administrator mode.

Figure 2-2 Windows PowerShell

1. Execute the following PowerShell command to add the Edge server as a trusted host:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value Edgeservername -Force

1. Add each Edge server, separated by commas.
2. Execute the following to verify that the server(s) is listed as trusted host(s):

Get-Item -Path WSMan:\localhost\Client\TrustedHosts | fl Name, Value

1. Exit the PowerShell console.

Figure 2-3 Verify Trusted Hosts

Enable KHI Support for Edge

Follow these steps to enable KHI support for Edge server.

Note

You may run into an issue adding servers to the trusted hosts file on non-domain joined servers, such as WAP and Edge server.

1. Remote desktop to the Edge server.
2. Open the Windows PowerShell console in Administrator mode.
3. Execute the following commands:

Start-Service WinRM

Figure 2-4 Command

Set-ItemProperty -Path

HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name LocalAccountTokenFilterPolicy -Value 1 -Type DWord

Figure 2-5 Command

Set-Item WSMan:\localhost\Client\TrustedHosts -Value nectarserver.rig.com"RIG Server Name" -Force

1. Add each RIG.

Figure 2-6 Command

1. Execute the following to verify that the server(s) is listed as a trusted host(s):

Get-Item -Path WSMan:\localhost\Client\TrustedHosts | fl Name, Value

1. Exit the PowerShell console.

Figure 2-7 Command

Recreate KHIs for a Server (Optional)

Follow these steps to recreate the KHIs for a server:

Note

This procedure is used only when you want to recreate additional KHIs on an onboarded SfB server.

1. Navigate to RIG > Admin > Maritime Terminal.

Figure 2-8 RIG > Admin > Maritime Terminal

The Maritime Terminal window appears.

Figure 2-9 Maritime Terminal

1. Enter the following command:

lyncmodule recreateKHIsForServer [servername] [agentindex]

Note

[servername] is the server name as it appears in the Servers Collection.

[agentindex] is the onboarded S4B instance

View the following Figure 2-10.

Figure 2-10 Example

Configure log4j2.xml File to Redirect Log Messages (Optional)

In order to redirect the Microsoft SfB-specific server log messages to a dedicated log file, make the following changes to the log4j2.xml file:

Follow these steps to change the log4j2.xml file, as needed:

1. Navigate to RIG > File Manager. The File Manager window appears.
2. Navigate to C:\Apps\nectar\etc.
3. Right-click on the log4j2.xml file and select Download.
4. Save the log4j2.xml file to your local drive or desktop.
5. Navigate to the log4j2.xml file on your local drive or desktop.
6. Right-click on the log4j2.xml file and select Open With.
7. Open using Notepad.
8. Add the following content in red to the log4j2.xml file:

"1.0" encoding="UTF-8"?>

fileName="log/channel.log" filePattern="log/channel.%d{yyyy-MM-dd}.log">

fileName="log/lync-vkm.log" filePattern="log/lync-vkm.%d{yyyy-MM-dd}.log">

1. From Notepad, navigate to File > Save to save the changes to the log4j2.xml file.
2. Navigate to RIG > File Manager. The File Manager window appears.
3. Navigate to C:\Apps\nectar\etc.
4. Right-click on the log4j2.xml file and select Upload.
5. Browse to the log4j2.xml file on your local drive or desktop.
6. Select the file; then click Open. The Upload File window appears.

1. Click Upload.

Figure 2-11 Upload

1. To restart the RIG and apply the changes:
   1. Navigate to RIG > Admin > Restart.
   2. When the following message appears, click Yes.

Figure 2-12 Restart

Configure lync-config.xml File (Optional)

To set up a filter to limit the number of pools and servers that the SfB VKM loads, add the following

lync-config.xml file to a new vkm folder:

Follow these steps to add the lync-config.xml file to a new folder, vkm, as needed:

1. Navigate to RIG > Admin > Command Line. The Telnet Command Line window appears.

Figure 2-13 Telnet Command Line

1. From the C:\Apps\nectar> prompt, enter the following commands to change to the etc

folder and create a new folder, vkm:

cd etc md vkm

1. Close the Telnet Command Line window.
2. Open Notepad and create the lync-config.xml file using the following content.

Note

See Table 2-1 for additional information.

A

C

D

Table 2-1 Descriptions

1. Save the new lync-config.xml file to the local destination.
2. Navigate to RIG > File Manager. The File Manager window appears.
3. Navigate to etc\vkm.
4. Right-click and select Upload.
5. Browse to the lync-config.xml file, select, and click Open. The Upload File window appears.

1. Click Upload.

Figure 2-14 Upload

1. To restart the RIG and apply the changes:
   1. Navigate to RIG > Admin > Restart.
   2. When the following message appears, click Yes.

Figure 2-15 Restart

Validate Prerequisites Using PIVT

The PIVT tool is designed to validate the necessary prerequisites in a SfB environment needed to successfully onboard the Nectar SfB VKM.

This section explains the following:

Tool Prerequisites

Add Remote PowerShell Capabilities

Run the Tool

Remove PowerShell Capabilities

Tool Prerequisites

The following prerequisites are required in order to successfully run the PIVT tool:

• The account used to run the tool must:
  • Be a member of the CSAdministrator Group.
  • Be a Local Administrator on all servers in the SfB environment, including non-domain joined servers (Edge, Web Application Proxy, etc.).
  • Have “Read Only” access in AD.
• PowerShell 3.0 or higher must be run as Administrator.
• All servers must allow unrestricted remote script execution.
• Firewalls must be on all servers while using the tool.
• Must ensure WINRM remote execution is enabled on all non-domain joined servers in the SfB environment.

Add Remote PowerShell Capabilities

Follow these steps to enable the remote PowerShell capabilities on the server and create a specific listener for the Front-End server that the PIVT tool is running from. This must be run on each individual server.

Note

This is required for the PIVT tool as well as the SfB VKM. In order to add the RIG server to the trusted host file of the WAP and Edge servers (non-domain joined), WINRM must be running and configured. It is recommended to allow only the Front-End server (from which the PIVT tool is run from) and the RIG for successful VKM onboarding and ongoing functionality.

1. Start-Service WinRM
2. Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System-Name LocalAccountTokenFilterPolicy -Value 1 -Type DWord
3. Set-Item WSMan:\localhost\Client\TrustedHosts -Value nectar1vm.domain.com - Force

Run the Tool

Follow these steps to use the PIVT tool:

1. Copy the PIVT script to a SfB Front-End server.
2. Open and Run PowerShell as Administrator.
3. Navigate to the directory where the PIVT scripts were copied.
4. Run the tool using the following command:

.\PIVT_3.1_Standard.ps1 or .\PIVT_3.1_Enterprise.ps1

The time to run the script depends upon the size and complexity of the environment. The progress, required user input, and completion are displayed on the screen.

The output will be sent to the following location on the local server:

C:\PIVT\PIVT_Summary.txt

Remove PowerShell Capabilities

Follow these steps to remove an entry, if required, after using the PIVT tool. This must be run on each individual server.

1. Stop-Service WinRM
2. Set-Service -Name winr -StartupType Disabled
3. winrm delete winrm/config/ Listener?Address=nectar1vvm.domain.com+Transport=HTTP

Get-NetFirewallRule | ? {$_Displayname -eq “Windows Remote Management (HTTP-In)”} | Set-NetFirewallRule -Enabled “False”

1. Confirm the firewall exception has been removed using the following command:

Get-NetFirewallRule | ? {$_.Displayname -eq "Windows Remote Management (HTTP-In)"}

1. Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name LocalAccountTokenFilterPolicy -Value 0
2. Confirm the UAC exception has been removed using the following command:

Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name LocalAccountTokenFilterPolicy

1. The script prompts for the following information:
   • Nectar RIG FQDN or IP

It is not part of the SfB Topology, so it cannot be automatically discovered.

• 
  
  • Edge Server(s) and Reverse proxy FQDN/IP and Local credentials These servers are not domain joined.

Configure Microsoft SfB

Configuring Microsoft SfB includes the following tasks:

Create a Domain Account and Configure Permissions

Create SfB Health Monitoring Configuration

Create a Local Account and Configure Permissions on Edge Server

Configure and Validate SfB Monitoring SQL Server

Configure Large Enterprise Deployments

Create a Domain Account and Configure Permissions

Creating a domain account and configuring permissions includes the following tasks:

Create a New Domain Account in AD

Create SfB RBAC Role

Configure Permissions for Domain Accounts in AD

Add Permissions for Remote Management, Performance Monitoring, and RTC Component Local Group

Set Permissions for Obtaining SQL/SfB Service Status

Create a New Domain Account in AD

Follow these steps to create a new user in AD:

1. Log on to your Domain Controller.
2. Open Active Directory Users and Computers with an account that has permissions to create new user accounts and assign permissions in SfB.
3. Right-click on your domain and select New > User.

Figure 4-1 Add New User

The New Object - User window appears.

Figure 4-2 New Object - User

1. Enter the following information about the new user:

Table 4-1 New User

1. Click Next.

Figure 4-3 Add Password

1. Enter your Password; then confirm your password.
2. Click Password Never Expires.
3. Uncheck any other boxes, if applicable.
4. Click Next; then click Finish.

A new user is added for the onboarding process.

Figure 4-4 New User

Create SfB RBAC Role

To effectively monitor your SfB infrastructure, a new SfB role-based access control (RBAC) role is required. This role will grant members the ability to run all Get-Cs* and Test-Cs* commands in SfB PowerShell.

1. Create a universal security group, CSMonitor, in the Users container of the domain where SfB is installed. This should be the same location where other SfB RBAC roles exist, such as CSAdministrator. Use the following PowerShell command to automate the process:

New-ADGroup CSMonitor -Description "Custom SfB RBAC role that includes all Get-Cs and Test-Cs commandlets for monitoring purposes" -GroupCategory Security -DisplayName CSMonitor -GroupScope Universal

1. Using an account that is a member of the CSAdministrator group, run the following PowerShell commands from a SfB server in your environment. This will grant the CSMonitor group created in Step 1 the rights to run all Get-Cs* and Test-Cs* commands:

New-CsAdminRole CSMonitor -Template CSHelpdesk

Set-CsAdminRole CSMonitor -Cmdlets (Get-Command -Module SkypeForBusiness - Type Cmdlet | Where-Object {$_.Name -match "^((Get|Test)-Cs)"}).Name - WarningAction SilentlyContinue

Configure Permissions for Domain Accounts in AD

Follow these steps to configure permissions for the domain accounts with role-based access control (RBAC) in AD:

1. From the Active Directory Users and Computers window, right-click on the newly created domain account and select Properties.

The Properties window appears.

1. Click the Member Of tab.

1. Click Add.

Figure 4-5 Properties - Member Of Tab

The Select Groups window appears.

Figure 4-6 Select Groups

1. Add the newly created domain account to the following (required) RBAC groups in AD:

CSMonitor RTCUniversalReadOnlyAdmins

1. Click OK.
2. Click Apply.
3. Click OK.

Add Permissions for Remote Management, Performance Monitoring, and RTC Component Local Group

You must have remote management, performance monitoring, and RTC component local group permissions on all servers, including FE, Mediation, SQL, and any other SfB-related servers. If not, the VKM process will not complete.

Note

This step is not applicable for the Edge servers.

Follow these steps to add remote management, performance monitoring, and RTC component local group permissions to the newly created domain account on each SfB-related server:

1. Log on to a SfB-related server.
2. Right-click on Start and select Computer Management to open the Computer Management

console.

1. Navigate to Local Users and Groups (Local) > Groups.

Figure 4-7 Performance Monitor Users/Remote Management Users

1. Add the CSMonitor group created earlier to the following local computer groups:

Remote Management Users

Performance Monitor Users

RTC Component Local Group

Note

Instead of adding the CSMonitor group to the above listed groups, you can add the group to the local Administrators group. This will eliminate the need to run the script listed in the following section.

1. Repeat this process for each SfB-related server, such as FE, Mediation, and SQL server.

Note

This process can be automated by creating a Group Policy Object (GPO) that adds the service account or CSMonitor group to the required groups on all SfB and related servers via Computer Configuration > Windows Settings > Security Settings > Restricted Groups, as shown in the following example.

Specific instructions for creating/updating such a GPO is outside the scope of this document.

Set Permissions for Obtaining SQL/SfB Service Status

To obtain service status for SQL/SfB services on SfB servers, the following Set-SDDL.ps1 script will need to be run by a user who has Administrator permissions on all SfB and associated SQL servers. It can be run remotely.

Note

An alternative to running the Set-SDDL script would be to add the service account to the local Administrators group on all SfB and associated SQL servers.

Follow these steps to obtain service status for SQL servers:

1. Copy the following PowerShell script to a file called Set-SDDL.ps1.
2. Run the script by typing ./Set-SDDL.ps1 -ServerName -UserOrGroupName

.

Table 4-2 Script Parameters

For example, ./Set-SDDL.ps1 -ServerName FE1.contoso.com -UserOrGroupName CONTOSO\CSMonitor

Tip

The Set-SDDL.ps1 command will accept pipelined input for the Servername and can be run against a number of servers at once. For example, the following PowerShell one-liner will grant the CSMonitor group service read permissions to all front-end servers in Contoso's New York SfB Enterprise pool:

(Get-CSPool NY-S4B-Pool.contoso.com).Computers | .\Set-SDDL.ps1

-UserOrGroupName CONTOSO\CSMonitor

Set-SDDL.ps1 script [cmdletbinding()] Param(

)

Begin {

[Parameter(Mandatory=$True)] [string]$UserOrGroupName, [Parameter(Mandatory=$True, ValueFromPipeline=$True)]

$ServerNames

# Get the SID of the entered user or group name

$DomainName = ($UserOrGroupName.split("\"))[0]

$AccountName = ($UserOrGroupName.split("\"))[1] try {

$ADAccount = New-Object System.Security.Principal.NTAccount($DomainName,$AccountName)

$SID =

($ADAccount.Translate([System.Security.Principal.SecurityIdentifier])).value

}

catch {

Write-Host -ForegroundColor Red "$UserOrGroupName cannot be resolved to a SID. Ensure the account name was entered correctly in the format domain\UserOrGroupName."

Exit

}

}

Process {

ForEach ($ServerName in $ServerNames) { try {

MSSQL*).Name Skype*).Name

}

catch {

$ServiceNames = @("scmanager")

$ServiceNames += (Get-Service -ComputerName $ServerName -ServiceName

$ServiceNames += (Get-Service -ComputerName $ServerName -ServiceName

Write-Host -ForegroundColor Red "Could not find a MSSQL service on

$ServerName. Nothing to do. Exiting"

Exit

}

$ServerName

#Remove any NULL entries from the list

$ServiceNames = $ServiceNames | ?{$_ -ne $null}

ForEach ($ServiceName in $ServiceNames) {

$SDDL = & $env:SystemRoot\System32\sc.exe \\$ServerName sdshow $ServiceName

If ($SDDL -match $SID) {

Write-Host -ForegroundColor Yellow "$UserOrGroupName already exists in the $ServiceName SDDL. Not modifying."

}

Else {

$SDDL_NEW = $SDDL -replace "\)S\:\(", ")(A;;CCLCLORC;;;$sid)S:("

$SDDL_SET = & $env:SystemRoot\System32\sc.exe \\$ServerName sdset

$ServiceName "$SDDL_NEW"

If ($SDDL_SET -notlike "*SUCCESS*") {

Write-Host -ForegroundColor Red "$ServiceName permissions

did not set properly on $ServerName"

}

Else {

Write-Host -ForegroundColor Green "Permission set

successfully on $ServerName for $UserOrGroupName on $ServiceName"

Write-Host "Original SDDL: $SDDL" Write-Host

Write-Host "New SDDL: $SDDL_NEW"

}

}

}

}

}

Create SfB Health Monitoring Configuration

The SfB VKM can run synthetic transactions to verify that users are able to successfully complete common tasks, such as logging on to the system, exchanging instant messages, or downloading the address book. Most synthetic transactions require two pre-assigned accounts to function correctly. These two accounts should be fully functional accounts that have been enabled for SfB and are specifically created for this purpose. Administrators can either assign a pair of unique accounts for every pool, or can use the same two accounts for every pool.

1. Verify that a Health Monitoring Configuration has not already been set up for each registrar pool using the following SfB PowerShell command:

Get-CsHealthMonitoringConfiguration

If Health Monitoring has been previously configured, each registrar pool should return values for FirstTestUserSipUri and SecondTestUserSipUri, as shown in the following example:

PS C:\ > Get-CsHealthMonitoringConfiguration Identity: NY-S4B-Pool1.contoso.com

FirstTestUserSipUri: sip:SfBNY1SynthTest1@contoso.com FirstTestSamAccountName :

SecondTestUserSipUri: sip:SfBNY1SynthTest2@contoso.com SecondTestSamAccountName :

TargetFqdn: NY-S4B-Pool1.contoso.com

1. If the Get-CsHealthMonitoringConfiguration command does not return any results, run one of the following options for each registrar pool in your environment:
   • To set test accounts for each pool individually:

New-CsHealthMonitoringConfiguration -Identity 

-FirstTestUserSipUri -SecondTestUserSipUri

Example:

New-CsHealthMonitoringConfiguration -Identity NY-S4B-Pool1.contoso.com

-FirstTestUserSipUri "sip:SfBNY1SynthTest1@contoso.com"

-SecondTestUserSipUri "sip:SfBNY1SynthTest2@contoso.com"

• 
  
  • To use the same test accounts for every registrar pool:

$x = Get-CsService -Registrar | Select-Object PoolFqdn

for each ($i in $x)

{New-CsHealthMonitoringConfiguration -Identity $i.PoolFqdn

-FirstTestUserSipUri "sip:SfBNY1SynthTest1@contoso.com"

-SecondTestUserSipUri "sip:SfBNY1SynthTest2@contoso.com"}

Create a Local Account and Configure Permissions on Edge Server

Create a local account on the Edge server using the same name and password as the Domain account previously created and the following steps:

1. Log on to the Edge server.
2. Navigate to Local Users and Groups > Users.

Figure 4-8 Local Users and Groups > Users

1. Right-click in the right pane and select New User from the pop-up menu. The New User window appears.

Figure 4-9 New User

1. Enter the following information about the new user:

Table 4-3 New User

1. Select the following check boxes:

User cannot change password

Password never expires

1. Click Create.
2. Double-click on the account you just created to launch the Properties dialog.
3. Select the Member of tab; then click Add. The Select Groups window appears.

Figure 4-10 Select Groups

1. Enter Administrators in the Enter the object names to select area; then select Check Names.
2. Click OK.

The Properties window reappears

1. From the Properties window, click Apply; then click OK.

Configure and Validate SfB Monitoring SQL Server

Configuring and validating the SfB monitoring SQL server includes the following tasks:

Verify SQL Server Monitoring Database Instance Port Configuration

Configure a TCP/IP Port for SQL Server Monitoring Database Instance

Create a SQL User and Configure Permissions

Set Up Windows Authentication Account for SQL Server Monitoring Database

Verify SQL Server Monitoring Database Instance Port Configuration

Follow these steps to verify the current SQL server monitoring database instance port configuration:

1. Log on to the SQL server with the monitoring database instance.
2. Verify that Port 1433 (or any other static port) is enabled for the instance:

Open SQL Server Configuration Manager.

• 
  
  1. Navigate to SQL Server Configuration Manager (Local) > SQL Server Network Configuration > Protocols for .

• 
  
  1. Double-click TCP/IP.

Figure 4-11 SQL Server Configuration Manager

The TCP/IP Properties window appears.

Figure 4-12 TCP/IP Properties - Port 1433

• 
  
  1. Click the IP Addresses tab, if not already selected.
  2. Notice that Port 1433 is configured and TCP Dynamic Ports field is empty in the IPAll

section. You may need to scroll down to view.

Note

Port 1433 is a standard port; you may use a different static port, such as 1434, 1435, and so on, depending on your security policies.

In case of multiple SQL instances on the same server, you should configure a unique port for each instance (see Configure a TCP/IP Port for SQL Server Monitoring Database Instance).

The default SQL port 1433 can sometimes be used by other SQL instances. For example, the SQL monitoring database is using a named SQL instance and is collocated with a default SQL instance already running but it has not been set up to use a static port. You need to change the SQL port to static and non- default 1433 and the dynamic port range must be disabled for the monitoring instance.

• Make sure after the port has been changed, SfB topology and firewall configuration has been updated to ensure communication between the Pool servers and the SQL backend is functioning with the updated port.
• For more information, see:

https://technet.microsoft.com/en-us/library/gg425818(v=ocs.15).aspx

• 
  
  1. Click OK.

Configure a TCP/IP Port for SQL Server Monitoring Database Instance

Follow these steps to configure a TCP/IP port number for the SQL Server Monitoring Database instance:

Open SQL Server Configuration Manager.

1. Navigate to SQL Server Configuration Manager (Local) > SQL Server Network Configuration > Protocols for .

1. Double-click TCP/IP.

Figure 4-13 SQL Server Configuration Manager

The TCP/IP Properties window appears.

1. Click the IP Addresses tab, if not already selected.
2. Scroll to the IPAll section.
3. Make sure the TCP Dynamic Ports field is empty.
4. Enter the port number you want to use in the TCP Port field; then click OK.
5. In the Console pane, click SQL Server Services.
6. In the Details pane, right-click SQL Server ; then click

Restart to stop and restart the SQL Server Monitoring instance.

Note

If the SfB monitoring database shares the same instance as the CMS databases, it should be noted that restarting the SQL services for the instance causes a minor outage for SfB users. Calling and IM continue to work, but features, such as Presence and client history, are not updated or available until the instance services restart.

As of now, the VKM does not support mirroring for the monitoring databases. It is recommended that you disable this feature for monitoring databases only within the SfB Topology builder. If left enabled and the LcsCDR and QoeMetrics databases fail over to a mirrored server, this breaks the monitoring server connectivity into Nectar Foundation. The SfB client displays the message, Limited Functionality is Available Due to Outage.

Create a SQL User and Configure Permissions

Follow these steps to create a SQL user and configure permissions on the monitoring databases:

Note

Beginning with v5.5.1, you can use the Windows domain account you created in Create a New Domain Account in AD instead of creating a new SQL account and configuring permissions on the SfB monitoring database instance.

Proceed to Set Up Windows Authentication Account for SQL Server Monitoring Database.

If you prefer to use the Windows domain account, skip this section.

1. From the Microsoft SQL Server Management Studio (Administrator) window, navigate to

LYNCMONITORING (SQL Server) > Security > Logins.

1. Right-click on Logins and select New Login.

Figure 4-14 New Login

The Login - New window appears.

Figure 4-15 Login - New

1. Enter the new Login name, such as SqlUser.
2. Select SQL Server authentication.
3. Enter the password; then confirm the password.
4. Click Enforce password policy.
5. Uncheck the following:

Enforce password expiration

User must change password at next login

1. Change the Default database to QoEMetrics using the drop-down.
2. Click Server Roles.

Figure 4-16 Server Roles

1. Select the following server role, if not already selected:

public

1. Click User Mapping.

Figure 4-17 User Mapping

1. Select LcsCDR as a User mapped to this login, if not already selected; then select the following Database role membership for LcsCDR, if not already selected:

db_datareader

public

1. Select QoEMetrics as a User mapped to this login, if not already selected; then select the following Database role membership for QoEMetrics, if not already selected:

db_datareader

public

Note

These are the only two databases required for the VKM onboarding for both users.

1. Click Securables.
2. Select the SQL server:
3. Click Search.
4. Select the server you want to add from the server(s) that appear. The Add Objects window appears.

Figure 4-18 Add Objects

1. Select the object you want to add: The server [server name].
2. Click OK.
3. For Permissions, select Connect SQL, if not already selected.

1. Click Status.

Figure 4-19 Permissions

Figure 4-20 Status

1. Confirm the following Settings; then click OK.
   • Permission to connect to database engine: Grant
   • Login: Enabled

Set Up Windows Authentication Account for SQL Server Monitoring Database

Follow these steps to set up a Windows authentication account for SfB SQL server monitoring database.

Note

This section applies if using v5.5.1.

If you need to switch SQL authentication, for example, SQL server account domain to Windows, you do NOT need to re-onboard the SfB environment. Edit the onboarded configuration and change to the new authentication, such as Windows.

1. From the Microsoft SQL Server Management Studio (Administrator) window, navigate to

LYNCMONITORING (SQL Server) > Security > Logins.

1. Right-click on Logins and select New Login.

Figure 4-21 New Login

The Login - New window appears.

Figure 4-22 Login Properties

1. Enter the domain account Login name previously created.
2. Select Windows authentication, if not already selected.
3. Click Server Roles.

Figure 4-23 Server Roles

1. Select the following server role, if not already selected:

public

1. Click User Mapping.

Figure 4-24 User Mapping

1. Select LcsCDR as a User mapped to this login, if not already selected; then select the following Database role membership for LcsCDR, if not already selected:

db_datareader

public

1. Select QoEMetrics as a User mapped to this login, if not already selected; then select the following Database role membership for QoEMetrics, if not already selected:

db_datareader

public

Note

These are the only two databases required for the VKM onboarding for both users

1. Click Securables.
2. Select the SQL server:
3. Click Search.
4. Select the server you want to add from the server(s) that appear. The Add Objects window appears.

Figure 4-25 Add Objects

1. Select the object you want to add: The server [server name].
2. Click OK.
3. For Permissions, select Connect SQL, if not already selected.

1. Click Status.

Figure 4-26 Permissions

Figure 4-27 Status

1. Confirm the following Settings; then click OK.

• Permission to connect to database engine: Grant
• Login: Enabled

Configure Large Enterprise Deployments

There are recommended configuration options for large Enterprise deployments (over 8,000 users). It may be necessary to adjust PowerShell session limits and memory allocation to allow the collection process to complete successfully.

Note

These are not hard requirements, but the adjustment is recommended for large Enterprise deployments (over 8,000 users).

For more information, see:

Configure Memory for Windows PowerShell

Increase the Session Limit for Windows PowerShell

Configure Microsoft SfB VKM

Configuring Microsoft SfB VKM includes the following tasks:

Enable the Microsoft SfB VKM

Add a Server Configuration

View Collections

Enable the Microsoft SfB VKM

Follow these steps to activate the Microsoft SfB VKM:

1. Navigate to RIG > Module Configuration. The Module Configuration window appears.
2. Select the following modules:

Microsoft Skype for Business

Call Detail

Figure 5-1 Enable Microsoft Skype for Business VKM

1. Click Apply.
2. To restart the RIG and apply the changes:
3. Navigate to RIG > Admin > Restart.
4. When the following message appears, click Yes.

Figure 5-2 Restart

Add a Server Configuration

Before you can deploy the Microsoft SfB VKM, you must add the SfB FE server with credentials as well as the credentials for the SQL back-end (BE) server to be monitored by Nectar UCMP.

Follow these steps to add a server configuration:

1. From the Nectar Foundation RIG, navigate to Modules > Microsoft Skype for Business. The Microsoft Skype for Business window appears.

1. Click Add.

Figure 5-3 Microsoft Skype for Business - Add

The Add Microsoft Skype for Business Instance - General window appears.

Figure 5-4 Add Microsoft Skype for Business Instance

1. Enter the following information about the new server configuration; then click Next.

Table 5-1 General - Add Server Configuration

The Add Microsoft Skype for Business Instance - Monitoring Database window appears.

Figure 5-5 Add Microsoft Skype for Business Instance - Monitoring Database

1. If database monitoring should be configured on your server, then select the Authentication Type using one of the following:

Note

Select None for no database monitoring.

• 
  
  • Select SQL as the Authentication Type using the drop-down. The following window appears.

Figure 5-6 Monitoring Database - SQL

• 
  
  • Select Windows as the Authentication Type using the drop-down.

The following window appears.

Figure 5-7 Monitoring Database - Windows

1. Enter the following Monitoring Database information, as needed; then click Next.

Note

The parameters that appear will be based on the selected Authentication Type

(SQL or Windows) in Step 4.

Table 5-2 Monitoring Database

The Add Microsoft Skype for Business Instance - SNMP window appears.

Figure 5-8 SNMP

Note

SNMP is no longer used for the SfB VKM, but has not been removed from the VKM wizard.

1. Enter any text, such as public, for the community string; then click Next.

Note

If validation or PowerShell session to front-end server fails, the message appears in the area below Privacy Password.

The Add Microsoft Skype for Business Instance - Sites window appears.

Figure 5-9 Sites

1. Select a site to monitor; then click Next.

Note

You can select more than one site.

The Add Microsoft Skype for Business Instance - Pools window appears.

Figure 5-10 Pools

1. Select one or more Pools to monitor; then click Next.

The Add Microsoft Skype for Business Instance - User Pools window appears.

Figure 5-11 User Pools

1. Select one or more User Pools to monitor; then click Next.

The Add Microsoft Skype for Business Instance - Servers window appears.

Figure 5-12 Servers

1. Select one or more servers to monitor; then click Next.

When the Edge server is selected, the following Server Credentials window appears.

You can change the credentials for the Edge server, if the credentials are not the same as the Front-End server credentials.

Figure 5-13 Server Credentials

1. Click Edit in the Actions column to the right of the server name. The Edit Edge Server Credentials window appears.

Figure 5-14 Edit Edge Server Credentials

1. Enter the Username and Password; then click OK.
2. Click Finish.

The new server configuration appears in the Microsoft Skype for Business window.

The VKM collection processes and Nectar monitoring are also initiated. For more information, see View Collections.

Note

If you need to edit a server configuration, see Edit a Server Configuration.

Auto-Provisioning API

The auto-provisioning API provides another method to add a server configuration. Follow these steps to use the auto-provisioning API:

1. Access your RIG.
2. Access the API documentation using the following link (Swagger Editor):

http://ip:port/localhost/nectar/api-docs

where ip:port is the port and IP address of your RIG.

Note

The port information comes from the serverport property in the

server.properties file.

To navigate to this file, see Configure server.properties File (Optional).

Note

The SSL support must be enabled in the application.properties file.

For more information, see Enable SSL Support in application.properties File (Optional).

The Auto-Provisioning API provides the following commands:

• 
  
  • POST
  • GET
  • DELETE

For more information on these commands, see Auto-Provisioning API Sample Documentation.

POST Example

Below is an example JSON for the POST request:

When the POST request returns the JSON, it shows the index of the agent that was created, in this case, 145. It also provides the Status of the POST request: “status”:“Executing collections”. View the following example:

GET Example

Next, issue a GET request using the agent index.

If successful, the Status of the POST request will be: “status”:“onboarded successfully”,. View the following GET example:

Nectar Foundation UI Example

After performing a successful POST request, you can also confirm that the node (server configuration) was added using your RIG and Client.

Navigate to Modules > Microsoft Skype for Business. The Microsoft Skype for Business window appears with a list of server configurations.

Note

If the POST request fails, the node (server configuration) is not added, and you cannot view using the Nectar Foundation UI.

View Collections

Microsoft SfB has several types of collections that it monitors. The types that appear in Nectar UCMP depend on the SfB configuration. Each collection can be enabled or disabled. You can also change the frequency at which the collection occurs.

Follow these steps to view a list of collections for a particular SfB server:

1. Navigate to Modules > Microsoft Skype for Business. The Microsoft Skype for Business window appears.
2. Select a server configuration; then select View Collections.

Figure 5-15 View Collections

The Collections window appears.

Figure 5-16 Collections

1. View a list of collections for that server, such as:
   • Certificate Collection for Agent
   • Pool Collections for Agent
   • Registrations Collection for Agent
   • Server Collection for Agent
   • SIP Domain Collection for Agent
   • Site Collection for Agent
   • Usage Summary Collection for Agent
   • Users Collection for Agent
   • Windows Lync Events Collection for Agent

For more information on managing collections, see Manage Collections.

6.Edit the Trap Configuration

The Receiver module sends a command to the module that was configured for an individual trap. This is how the specific traps that are configured to be processed by the respective module are relayed to them. You cannot manually execute the command.

When a trap is received, it is processed, and an event is sent. The user can change the OID and the Nectar trap alert level mappings.

Follow these steps to edit a trap configuration:

1. Navigate to Modules > Microsoft Skype for Business. The Microsoft Skype for Business window appears.
2. Select a server configuration; then select Event Trap Receivers.

Figure 6-1 Event Trap Receivers

The following Microsoft Skype for Business window appears.

Figure 6-2 Edit Trap Configuration

1. Change the Microsoft Enterprise OID and Trap Level Mappings, as needed.
2. Click OK.

7.View Inventory

Follow these steps to view and verify the collected inventory data:

1. Navigate to Reports > Inventory > Microsoft Skype for Business.

Figure 7-1 Reports > Inventory > Microsoft Skype for Business

The Microsoft Skype for Business Inventory window appears.

Figure 7-2 Microsoft Skype for Business Inventory

1. Select a collection, such as Site, Pool, Server, etc.

The Listing pane appears to the right with data from the collection.

Figure 7-3 Listing

Manage Microsoft SfB Server Configurations

This section explains several tasks that can be used to manage the SfB server configurations, including:

Edit a Server Configuration

View Agents and Poll Functions

View Dependency Trees

Manage Collections

Edit a Server Configuration

Follow these steps to edit a server configuration:

1. Navigate to Modules > Microsoft Skype for Business. The Microsoft Skype for Business window appears.
2. Right-click on the server you want to change and select Edit. The Edit Microsoft Skype for Business window appears.

Figure 8-1 Edit Microsoft Skype for Business

1. Click on each of the following tabs and make changes, as needed:

General

Monitoring Database

SNMP

Topology

1. Click OK.

Note

For information on adding a server configuration, see Add a Server Configuration.

Remove a Server Configuration

Follow these steps to remove a server configuration:

1. Navigate to Modules > Microsoft Skype for Business. The Microsoft Skype for Business window appears.
2. Right-click on the server you want to remove and select Remove. The Remove window appears.

1. Click Yes.

Figure 8-2 Remove

The server configuration is removed.

View Agents and Poll Functions

Follow these steps to view an agent and poll functions that were created for each onboarded server:

1. Navigate to Health > Elements. The Elements window appears.

Figure 8-3 Elements

1. Click on Agents.
2. View a list of agents.

Figure 8-4 Agents

1. Click on a SfB agent and view the poller functions for that agent/server.

Note

When onboarding Standard edition with a collocated Mediation server, the Mediation server poll functions will be on the Front-End server agent(s) that are created as part of the VKM onboarding process.

View the following example.

Figure 8-5 Poller Functions

View Dependency Trees

The Microsoft SfB VKM creates a dependency tree for each agent/server. Follow these steps to view the dependency tree for an agent/server:

1. Navigate to Configure > Dependency Trees. The Dependency Trees window appears.

Figure 8-6 Dependency Trees

1. Select the Name of the dependency tree in the left pane; then click View.

The dependency tree appears in the pane to the right.

Figure 8-7 Dependency Tree

Note

You can also double-click on the dependency tree you want to view.

Manage Collections

Managing collections also includes the following tasks:

Disable a Collection

Enable a Collection

Change a Collection Schedule

Execute a Collection

Note

For information on viewing a collection, see View Collections.

Disable a Collection

Follow these steps to disable a collection for a particular SfB server:

1. Select the collection you want to disable.
2. Right-click on the collection and select Disable.

The Enabled column for the server changes to false.

Enable a Collection

Follow these steps to enable a collection for a particular SfB server:

1. Select the collection you want to enable.
2. Right-click on the collection and select Enable. The Enabled column for the server changes to true.

Change a Collection Schedule

Follow these steps to change the collection schedule for a particular SfB server:

1. Select the collection you want to change.
2. Right-click on the collection and select Change Cron String. The Update Cron String window appears.

Figure 8-8 Update Cron String

1. Enter the new collection schedule using a Cron expression.

Note

For more information about Cron expressions, see:

www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger

1. Click OK.

Execute a Collection

Follow these steps to execute a collection:

1. Select the collection you want to execute.
2. Right-click on the collection and select Execute Now.

Auto-Provisioning API Sample Documentation

View the following sample API documentation html:

Figure A-9 GET

Figure A-10 POST

Figure A-11 GET Agent Index

Figure A-12 DELETE

Figure A-13 Monitor Nodes

Figure A-14 Monitor Nodes

Configure server.properties File (Optional)

For Nectar UCMP to discover the SfB infrastructure, the path to PowerShell must be added to the

server.properties file on the RIG.

Note

This section only applies to v5.5.1 or older.

Follow these steps to configure the server.properties file, if not already configured:

1. Navigate to RIG > File Manager. The File Manager window appears.
2. Look for the Remote File System pane on the right; then navigate to

etc\server.properties configuration file in the RIG installation directory.

1. Right-click on the server.properties file and select Download.
2. Save the server.properties file to the local destination.
3. Navigate to the server.properties file.
4. Right-click on the server.properties file and select Open With.
5. Open using Notepad.
6. Add the following line PRIOR to the start of the modules:

powershell.install.path=C:/Windows/System32/WindowsPowerShell/v1.0

View the following example.

Add this PowerShell command PRIOR to the start of Modules

Figure B-15 server.properties File

1. Navigate to File > Save to save the changes to the file.
2. Navigate to RIG > File Manager. The File Manager window appears.
3. Navigate to etc\server.properties configuration file in the RIG installation directory.
4. Right-click on the server.properties file and select Upload.
5. Browse to the updated server.properties file, select, and click Open.

The Upload File window appears.

1. Click Upload.

Figure B-16 Upload

1. To restart the RIG and apply the changes:
   1. Navigate to RIG > Admin > Restart.
   2. When the following message appears, click Yes.

Figure B-17 Restart

Enable SSL Support in application.properties File (Optional)

Follow these steps to enable SSL support in the application.properties file, if not already enabled:

1. Navigate to RIG > File Manager. The File Manager window appears.
2. Look for the Remote File System pane on the right; then navigate to

applications.properties configuration file in the RIG installation directory.

1. Right-click on the application.properties file and select Download.
2. Save the application.properties file to the local destination.
3. Navigate to the application.properties file.
4. Right-click on the application.properties file and select Open With.
5. Open using Notepad.
6. Enable SSL support as follows:

#server.ssl.enabled = true

View the following example.

Figure C-18 application.properties File

1. Navigate to File > Save to save the changes.
2. Navigate to RIG > File Manager. The File Manager window appears.
3. Navigate to application.properties configuration file in the RIG installation directory.
4. Right-click on the application.properties file and select Upload.
5. Browse to the updated application.properties file, select, and click Open. The Upload File window appears.
6. Click Upload.
7. To restart the RIG and apply the changes:
   1. Navigate to RIG > Admin > Restart.
   2. When the following message appears, click Yes.

Figure C-19 Restart

Configure Memory for Windows PowerShell

Follow these steps to configure memory resources for Windows PowerShell:

1. Launch Windows PowerShell with Admin rights.

Note

If you attempt to do anything on the WSMAN: drive as a normal user, you will receive the following Access is denied. error message:

1. Make sure the WinRM service is running.

Note

In Windows PowerShell 3.0 in Windows 8, this service starts on demand.

The first attempts to access the WinRM drive result in a prompt to start the WinRM service.

You can use the Get-Service cmdlet to ensure that everything started properly. Refer to the following example:

PS C:\> get-service *win*

1. To check and set the machine-wide setting:
   1. Navigate to the following directory in the Windows PowerShell console:

WsMan:\Localhost\Shell

• 
  
  1. Use the Get-ChildItem cmdlet (dir is alias) to see all settings. Refer to the following example:

PS C:\> sl WSMan:\localhost\Shell PS WSMan:\localhost\Shell> dir

WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Shell

1. To set the MaxMemoryPerShellMB:
   1. Use the Set-Item cmdlet and change the value of MaxMemoryPerShellMB from 1 GB to

2 GB. Refer to the following example:

Set-Item .\MaxMemoryPerShellMB 2048

• 
  
  1. Use the Up arrow and change Get-Item to Set-Item.

The command and its output are shown in the following example:

Figure D-20

Note

The example above is already in WsMan:\LocalHost\Shell when running the

Set-Item command.

If you do not want to navigate to the folder first, you can use the following command:

Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 2048

1. Notice that a warning appears that states that you also need to change memory settings for plug-ins.

Note

This is true in Windows PowerShell 3.0.

1. Navigate to the plug-ins directory to make these changes.

Before you make any changes, notice there are several plug-ins listed:

PS WSMan:\localhost\Plugin> dir

WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Plugin

1. Make a memory change for each plug-in endpoint configuration targeted from the Client. The default Windows PowerShell endpoint is Microsoft.PowerShell, which is the only one to change. Refer to the following example:

Set-Item .\microsoft.powershell\Quotas\MaxConcurrentCommandsPerShell 2048

The command results in a warning that states to restart WinRM and that the value for the plug- in only works, if it is less than or equal to the value for the global memory setting.

Here is the command and the output:

Figure D-21

Note

From the Wsman:\LocalHost\Plugin directory, you can run the command to set the memory for the plug-in.

If you do not want to navigate to the location, use the following command:

Set-Item WSMan:\localhost\Plugin\Microsoft.PowerShell\ Quotas\MaxMemoryPerShellMB 2048

1. Use the Get-Item cmdlet to ensure that the new value took. Refer to the following example: PS WSMan:\localhost\Plugin> get-Item .\microsoft.powershell\ Quotas\MaxMemoryPerShellMB

WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Plugin\microsoft.powershell\Quotas

1. To restart the WinRM service, use the Restart-Service cmdlet. The command is shown here:

Restart-Service winrm

1. Rerun the Get-Item commands to confirm as indicated in the following example.

Figure D-22

Increase the Session Limit for Windows PowerShell

Follow these steps to change the PowerShell session limits:

1. Change to the Shell directory:

PS> cd WSMan:\localhost\Shell

1. View the contents of the directory:

PS> dir

A list of the current settings and values appear similar to the following:

WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Shell

WARNING: column “Type” does not fit into the display and was removed.

NameValue

—---—–---

AllowRemoteShellAccesstrue IdleTimeout180000

MaxConcurrentUsers5

MaxShellRunTime2147483647

MaxProcessesPerShell15

MaxMemoryPerShellMB150

MaxShellsPerUser5

1. Change a value, such as MaxConcurrentUsers or MaxShellsPerUser:

PS> Set-Item .\MaxConcurrentUsers 25

PS> Set-Item .\MaxShellsPerUser 25

1. For more information about the drive and values:

PS> Get-Help WSMAN

PS> Get-Help About_WSMAN

Change CDR Retention

Follow these steps to change the CDR retention value in order to limit data that is stored:

1. Navigate to RIG > File Manager. The File Manager window appears.

Figure F-23 Remote File System

1. Look for the Remote File System pane on the right; then navigate to etc\lyncModule- module.properties configuration file in the RIG installation directory.

Figure F-24 lyncModule-module.properties File

1. Right-click on the lyncModule-module.properties file and select Download.
2. Save the lyncModule-module.properties file to the local destination.
3. Navigate to the lyncModule-module.properties file.
4. Right-click on the lyncModule-module.properties file and select Open With.
5. Open the file using Notepad.
6. Change the CDR retention value using the qoeAgeInDays parameter.

The default value is 30 days, as shown in the following example.

Figure F-25 qoeAgeInDays

Note

If the qoeAgeInDays parameter is set to less than 1, then it will default to 30 days.

1. Navigate to File > Save to save the changes.
2. Navigate to RIG > File Manager. The File Manager window appears.
3. Navigate to etc\lyncModule-module.properties configuration file in the RIG installation directory.
4. Right-click on the lyncModule-module.properties file and select Upload.
5. Browse to the updated lyncModule-module.properties file, select, and click Open. The Upload File window appears.
6. Click Upload.
7. To restart the RIG and apply the changes:
   1. Navigate to RIG > Admin > Restart.
   2. When the following message appears, click Yes.

Figure F-26 Restart

Customize Windows Event Alert Levels (Optional)

Nectar Foundation can trigger alerts when warnings or errors occur in the Windows Event Log. By default, a Windows error event triggers a level 4 (Major) alarm, and a warning or audit failure event triggers a Level 2 (Warning) alarm.

The alert levels can be modified from the default values using the following steps:

1. Navigate to RIG > File Manager. The File Manager window appears.
2. Look for the Remote File System pane on the right; then navigate to one of the following properties files in the RIG installation directory:

etc\sfbModule-module.properties

• etc\lyncModule-module.properties (for Legacy)

1. Right-click on the file and select Download.
2. Save the file to the local destination.
3. Navigate to the file.
4. Right-click on the file and select Open With. Use Notepad.
5. Add the following values to the file:

windows.event.error=4 windows.event.failureaudit=2 windows.event.warning=2

You can change the values, as needed.

View the following example.

Figure G-27 properties File

1. Navigate to File > Save to save the changes to the file.
2. Navigate to RIG > File Manager. The File Manager window appears.
3. Navigate to the correct properties file in the RIG installation directory.
4. Right-click on the properties file and select Upload.S
5. Browse to the updated properties file, select, and click Open. The Upload File window appears.
6. To restart the RIG and apply the changes:
7. Navigate to RIG > Admin > Restart.
8. When the Restart message appears, click Yes.