Making SharePoint Trust Enterprise CAs

If you have an enterprise PKI, or even just a single CA, that issues certificates to services such as ADFS or Workflow Manager that you intend to use with your SharePoint Farm, it might be worth while importing you Root and Intermediate CA Certificates into SharePoint to make it trust the other services.

Currently we have a PKI setup similar to the following:

-Enterprise Root CA (Offline)
—Enterprise Intermediate CA (Offline)
——Web Services CA (Online)
——Authentication CA (Online)

The Root and the Intermediate CA are offline and secured except for planned maintenance, such as publishing new certificate revocation lists. The Web Services CA is the CA that issues the certificates we use for web services like Workflow Manager, and the Authentication CA issues the ADFS signing Certificate, which also needs to be trusted by SharePoint.

First of all, you need to grab a copy of the certificate of each CA in the Chain. If you have your PKI configured correctly, they should be readily available so I won’t go into that process. If you are exporting them from the CA servers, DO NOT export private keys, SharePoint doesn’t need them and that would be a major security concern. Once you have them, copy them to a directory on your SharePoint server(s).

Then, make sure the certificates are in the trusted root certificate authorities on every server in your farm. the easiest was to do this is to publish the certificates using group policy, but you can do this manually if you like. Simply follow these steps on each server in the farm:

  1. Double click the first certificate.
    cert_overview.jpeg
  2. Click Install.
  3. Select “Local Machine” and click Next.
  4. Click Yes on AUC prompt.
  5. Select “Place all certificates in the following store”.
  6. Click Browse and select “Trusted Root Certificate Authorities” or “Intermediate Certificate Authorities” depending on if the certificate is at the root of the chain.
  7. Click Next.
  8. Click Finish.
  9. Repeat for each certificate in the chain.

On your SharePoint server execute the following powershell commands for each certificate, changing “C:\RootCA.cer” to the path of each certificate, and “Enterprise Root CA” to a friendly name for each CA.


$path = “C:\RootCA.cer”
$root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($path)
New-SPTrustedRootAuthority -Name "Enterprise Root CA" -Certificate $cert

If you don’t like powershell or are unable to access powershell for whatever reason, you can also install the certificates from Central Admin.:

  1. Navigate to Central Admin -> Security -> Manage Trust.
  2. Click “New”.sharepoint_ca_add_trust.jpeg
  3. Add a friendly Name for the certificate.
  4. Click Browse and select your certificate.
  5. Click OK.
  6. Repeat for each certificate in your PKI chain.

 

Controlling the Startech VS421HDPIP with C#

As part of a project I have been working on to spec and install a video conferencing solution I purchased a couple of Startech VS421HDPIP units to switch between camera inputs. I chose this unit for a couple of reasons; it has enough inputs for the project, it’s capable of doing picture in picture, it can be controlled via telnet or RS232, our supplier could get it for half the RRP and it’s made by Startech, who’s kit has never left us in an awkward situation.

When I first hooked it up it just worked and the presets that were built-in were decent. Unfortunately it didn’t have presets to support the use cases I required, but I expected that from reading the manual prior to purchasing them. The presets can be changed from the web interface, which is the only downside to this unit… its utter pants. Fortunately it supports some pretty advanced commands via telnet so all is not lost. After playing with the telnet prompt for a while I figured that I could probably write some form of application to change the video output layout from a PC, which would certainly make it more user-friendly. The VC solution is going to be installed in a remote office and anything to make operation easier for the end users is a big plus. This will also allow me to have basically unlimited “presets” to cover more use cases without reconfiguration. Bonus.

Driver

I decided that the application should probably allow control of the PTZ cameras too to encompass the entire VC solution in one control panel, so a simple “driver” style API would be the best bet for controlling each component. The driver for the Startech VS421HDPIP only took two hours to write, including an application to test the class, and is incredibly simple to use. It is available to download at the end of this post. Here’s an example of how to use it.

//create a new instance of the VS421HDPIP class.
VS421HDPIP Conn = new VS421HDPIP();

//set the unit IP address and port
Conn.Ip = IPAddress.Parse(“192.168.1.6”;
Conn.Port = 23;

//open the connection to the unit.
Conn.Open();

//execute commands. See list of commands in the accompanying blog post.
Conn.PowerOn();  //Power on the unit from standby
Conn.Recall(VS421HDPIP.WindowState.Fav1);  //Recall the Fav.1 Preset
Conn.SetImagePosition(VS421HDPIP.InputChannel.Input2, 1420, 790); //Sets the possition of channel 2.

//always close the connection when done. The unit only allows one session at a time and not closing a session will result in you having to reboot the unit or waiting for the session timeout on the unit before opening a new connection.
Conn.Close();

Unfortunately the telnet prompt doesn’t let you retrieve information. Maybe this is something Startech will add to future models but it is what it is.

Commands

The commands I implemented are basically identical to the commands listed in the manual for the VS421HDPIP. I won’t go over available parameters for each here. The parameters are similar to those listed in the manual as well so I’m sure they’d be easy to figure out with intellisense.

  • PowerOn() – Power on the unit from standby.
  • PowerOff() – Place the unit in standby.
  • SetOutResolution(Resolution res) – Sets the output resolution.
  • OsdDisable() – Disable the On Screen Display.
  • OsdEnable() – Enable the On Screen Display.
  • OsdHOffset(int offset) – Sets the horizontal offset of the OSD.
  • OsdVOffset(int offset) – Sets the verticle offset of the OSD.
  • OsdTimeout(int timeout) – Sets the timeout of the OSD.
  • OsdGain(int gain) – Sets the gain of the OSD.
  • SetBrightness(InputChannel chan, int level) – Sets the brightness level of an input.
  • SetContrast(InputChannel chan, int level) – Sets the contrast level of an input.
  • SetSaturation(InputChannel chan, int level) – Sets the saturation level of an input.
  • SetHue(InputChannel chan, int level) – Set the hue level of an input.
  • Mute() – Mutes the audio output of the unit.
  • Unmute() – Unmutes the audio output of the unit.
  • SetImageSize(InputChannel chan, int h, int v) – Sets the size of a channel.
  • SetImagePosition(InputChannel chan, int h, int v) – Sets the position of a channel.
  • ChannelImageOn(InputChannel chan) – Turns a channel on.
  • ChannelImageOff(InputChannel chan) – Turns a channel off.
  • ChannelPriority(InputChannel chan, int priority) – Sets a channel’s priority.
  • SetChannelLabel(InputChannel chan, string label) – Sets a channel’s label.
  • StoreCurrentConfiguration(Favorite loc) – Stores current settings to a preset.
  • MirrorOn() – Makes the unit mirror it’s output (rear projection).
  • MirrorOff() – Disables the output mirror feature.
  • SetOutputRotation(Rotation value) – Rotate unit output (ceiling hung projector).
  • SetFadeDuration(Fadetime time) – Sets fadetime between windows.
  • SendTelnetCommand(string command) – Send a telnet command to the unit.

Download

I have provided the driver I wrote in case it is useful to anybody. I do so with absolutely no warranty or support and you use it at your own risk.

Compiled DLL
Visual Studio Project Files

ShoreTel LLDP Followup

A while ago I wrote a post about the experience I had setting up LLDP on Cisco switches with ShoreTel phones. Since then I have learned a trick or two and though I’d give a little update.

In the post I mentioned changing the configuration files for the phones on the ShoreTel server in order to correctly set the language and country, thus making the dial tone etc sound correct to end users. Unfortunately, this approach is broken. While it works to start with, we found that ShoreTel overwrites the configuration files periodically and removes the custom settings enter, which is a pain un the UK when the default country for ShoreTel is USA.

To get around this, there are some other configuration files which I was made aware of by our ShoreTel partner. Fortunately though ShoreTel provide some custom configuration files for each phone which are included in the main configuration file. The table below shows which custom configuration file you need for each model of phone.

Capture.PNG

So within the c:\inetpub\ftproot\sevgcustom.txt file for the IP 230g phones we use, all we have to do is add the following to the file.

# Please consult Shoreline support before editing or deleting this file

Include “Country_7.txt”
Include “Language_4.txt”

And done. If you reboot a phone, you will see it downloads the sevgcustom.txt file from the server and the language and country settings are all correct.

Don’t forget to change the configuration files for any other model phones you have!

Trunking From Skype for Business to Shoretel via FreePBX

Recently I was tasked with setting up Dial-in conferencing in Skype for Business using a Shoretel voip system and the PSTN Gateway. Seems simple, until you do some digging and find out that Shoretel 14 doesn’t support SIP over TCP, and S4B doesn’t support SIP over UDP.

I looked at the recommended option from Shoretel, which is a Mediant Session Border Controller to proxy between the two voip systems. I’m sure that would work fine if money was no object, but when the budget for the project is minimal, another option is required. The option I settled on was an open source PBX platform in the form of FreePBX, which is essentially a gui for Asterisk.

After a lot of research, posts with missing information and trial and error I finally got the solution working by following multiple guides for various products connecting to other products until I finally found a configuration that worked. The solution has been in place for roughly a month now and seen a reasonable amount of load while remaining stable. We haven’t had any call quality issues over PSTN either.

I should point out here though that this particular installation wasn’t configured to support enterprise voice and user extensions would still remain in Shoretel. If User Extensions on Skype is your end game, then maybe this solution isn’t for you. Feel free to follow along though.

Disclaimer: Some of the configuration detailed in this post is quite advanced and shouldn’t be attempted on a live system unless you are confident you know what you are doing. I am not responsible for any damage you cause to your own systems. The settings in this post are the settings used in our setup and work for us. The settings required for your setup may differ.

The version numbers of the components used are as follows.

  • Shoretel – 19.42.8801.0
  • FreePBX – 12.0.76.4
  • Skype For Business – 6.0.9319.0

FreePBX Installation

To start with I followed a guide on PowerPBX to get Asterisk installed on Ubuntu Server. I’d recommend doing the same if you don’t already have a FreePBX installation or are as new to FreePBX as I am. Some of the settings later in this post may conflict with settings currently in use if you already have a FreePBX installation that you intend to use.

Shoretel Trunk Setup

Next you need to make sure your Shoretel system is ready to use SIP trunks. This involves allocating switch ports for SIP trunks. To do this, you need to do the following:

  1. Open up Shoreware Director.
  2. Navigate to Platform Hardware > Voice switches > Primary.
  3. Click the name of the switch you want to allocate the SIP Trunks on.
  4. Change one (or more) of the ports to 5 SIP Trunks.
  5. Click Save.

Next you need to configure a Trunk Group on the Shoretel system. To do this you need to navigate to Trunks > Trunk Groups. Select the site that contains your switch with the SIP trunk port(s) configured and select SIP from the Type drop down before clicking Go.

I’ll list the settings used by our setup below. You may need to tweak these for your own deployment.

  • Name – Skype for Business.
  • Enable SIP Info for G.711 DTMF Signalling – Unchecked.
  • Profile – Default Tie Trunk.
  • Digest Authentication – {None}.
  • Username – siptrunkusername (Not my actual username).
  • Password – siptrunkpassword (Not my actual password).
  • Number of Digits from CO – 4.
  • DNIS – Unchecked.
  • DID – Unchecked.
  • Extension – Checked
    • Translation Table – Checked []
    • Prepend Dial In Prefix – Unchecked
    • Use Site Extension Prefix – Unchecked
  • Tandem Trunking – Checked
    • User Group – Skype (This is a custom user group we created to force outbound calls through a certain ISDN trunk group. If you need to change this from the default you will probably know how to create a new user group anyway.)
    • Prepend Dial In Prefix – 9
  • Destination – 1700: Default.
  • Outbound – Checked.
  • Access Code – 9.
  • Local Area Code – 1670 (Yours will be different).
  • Carrier Code – Blank.
  • Billing Telephone Number – Blank.
  • Trunk Services Section
    • Local – Unchecked
    • Long Distance – Unchecked
    • National Mobile – Unchecked
    • International – Unchecked
    • Enable Origin Called Information – Unchecked
    • Caller ID not blocked by default – Checked
    • Enable Caller ID – Checked [Blank]
    • Emergency – Unchecked
  • Trunk Digit Manipulation Section
    • Dial Local Numbers in National Form – Unchecked
    • Dial in E.164 Format – Checked
    • Prepend Dial Out Prefix – Blank
    • Off System Extensions – Click Edit
      • Click New
      • Enter an extension range to be used by Skype. We used a range of 50 extensions to allow for future expansion, one will do usually though. Make sure the range of extensions are not in use else where on your system. They don’t need to have a DDI on a different trunk as we will be using a DNIS map later to route a DDI to the off system extension. We used 8500-8550
      • Click OK
    • Translation Table – {None}
  • Click Save.

Next you will need some individual trunks within the trunk group:

  1. Navigate to Trunks > Individual Trunks.
  2. Select the same site as the Trunk Group you have just created, and then select the Trunk Group from the drop down menu, followed by Go.
  3. Enter a Name for the trunks. Shoretel will increment the name with numbers if there is more than one individual trunk.
  4. Select the switch to use for the SIP trunks. This will be the switch you configured earlier.
  5. Enter the number of individual trunks you want in the group. A trunk is required for each phone call or participant of a conference. Don’t exceed your licensed amount of SIP Trunks unless you know how the licensing on Shoretel works..
  6. Enter the IP address of your Free PBX server.
  7. Click Save.

FreePBX System SIP Configuration

Now for the FreePBX configuration. Providing you followed the guide mentioned earlier, and didn’t have any problems, you should have a working FreePBX server installed and running. You will need to tweak some of the system SIP settings to make this solution work.

  1. Login to FreePBX Administration.
  2. Navigate to Settings > Advanced Settings.
  3. Scroll down to the Dialplan and Operations section.
  4. Set SIP Channel Driver to chan_sip.
  5. Navigate to Settings > Asterisk SIP Settings.
  6. Set Allow Anonymous Inbound SIP Calls to Yes.
  7. Enter your internal networks. For Example 192.168.1.0 / 24.
  8. Click Submit (bottom) followed by Apply Config.
  9. Click Chan SIP at the top right of the page.
  10. Set NAT to no.
  11. Set IP Configuration to Static IP.
  12. Set Override External IP to the IP address of your FreePBX server.
  13. Scroll down to Other SIP Settings and click Add Field once. In the two sets of fields add the following:
    • tcpenable = yes
    • tlsenable = yes
  14. Click Submit Changes followed by Apply Config.
  15. Reboot the FreePBX server.

FreePBX Trunk Configuration (Shoretel)

Once the server has rebooted ensure you can log back in to FreePBX and that you have no errors displayed on the home page. If everything is OK, then it is time to create the Trunks on the FreePBX end.

  1. Navigate to Connectivity > Trunks.
  2. Click Add SIP (chan_sip) Trunk.
  3. Enter a name for the Trunk. Ours is simply Shoretel.
  4. Set Maximum Channel to the number of individual trunks you created in Shoretel earlier.
  5. In the top Dialed Number Manipulation Rules row add a dot (.) in the match pattern field.
  6. In the Outgoing Settings section specify the Trunk Name Again.
  7. In the PEER Details section you need to add the following information, substituting anything in () for your details setup earlier. I’d recommend pasting the text into notepad to edit it.

    type=friend
    secret=(siptrunkpassword)
    host=(shoretelswitchIP)
    disallow=all
    allow=ulaw
    dtmfmode=rfc2833
    username=(siptrunkusername)
    insecure=very

  8. Click Submit Changes followed by Apply Config.

Now, hopefully, if you navigate back to Reports > System Status you should see the graph line for Trunk Reg has increased to 1 from 0.

FreePBX Trunk Configuration (Skype)

Next you need to create the trunk in FreePBX that connect to Skype for Business. The steps are similar to the steps for the Shoretel trunk with a few tweaked settings.

  1. Navigate to Connectivity > Trunks.
  2. Click Add SIP (chan_sip) Trunk.
  3. Enter a name for the Trunk. Ours is simply Skype.
  4. In the top Dialed Number Manipulation Rules row add a pattern that matches your Off-System Extension range added in Shoretel earlier in the match pattern field. Ours is set to 85XX which will match any four digit extension starting with 85.
  5. In the Outgoing Settings section specify the Trunk Name Again.
  6. In the PEER Details section you need to add the following information, substituting anything in () for your details setup earlier. I’d recommend pasting the text into notepad to edit it.

    type=friend
    tcpenable=yes
    transport=tcp
    qualify=yes
    promiscredir=yes
    port=5060
    insecure=very
    host=(skypepoolhostname)
    canreinvite=yes
    context=trunk_in

  7. Click Submit Changes followed by Apply Config.

Skype PSTN Gateway Configuration

Now you will need to make a topology change to your Skype for Business installation. You probably have some form of change control in place for these kind of changes so go and grab the required signatures and head back here.

Open up Skype Topology Builder and load your current topology ready to edit it. I won’t go into detail on how to do this here as any Skype Admin should know how to do it. Once open, you need to tweak the settings of your Mediation Pool in order to support this type of configuration. Heres how:

  1. Expand Skype For Business > Site Name > Skype for Business Server 2015 > Mediation Pools.
  2. Right-Click the mediation pool you want to use and click Edit Properties.
  3. Ensure Enable TCP Port is Checked.
  4. Set TLS: to 5067 – 5067.
  5. Set TCP: to 5060 – 5060.
  6. Click OK.

Next you need to add the PSTN Gateway to your Skype topology. Follow the steps below to add the PSTN Gateway:

  1. Expand Skype For Business > Site Name > Shared Components and select PSTN Gateways.
  2. Right-Click the Container and select New IP/PSTN Gateway.
  3. For FQDN enter the IP address of your FreePBX server, then click Next.
  4. Click Next unless you need to change any settings for your environment.
  5. Set Trunk Name to FreePBX.
  6. Set Listening Port to 5067.
  7. Set SIP Transport Protocol to TLS.
  8. Select the Skype pool you want to associate as the Mediate Server.
  9. Set Associated Mediation Server Port to 5067.
  10. Click Finish.

Next it’s time to create a trunk in Skype:

  1. Expand Skype For Business > Site Name > Shared Components and select Trunks.
  2. Right-Click the Container and select New Trunk.
  3. Enter a Trunk Name.
  4. Select your PSTN Gateway from the drop down menu.
  5. Set Listening port for IP/PSTN gateway to 5061.
  6. Set SIP Transport Protocol to TCP.
  7. Select your Associated Mediation Server to the pool you want to use.
  8. Set Associated Mediation Server port to 5060.
  9. click OK.

Now you need to publish your topology in order to make the changes. I’ll leave that part up to you again incase you cause undesirable downtime or break something.

In theory, your trunks should come up shortly after the topology is published. You can check this from the home page of the FreePBX administration portal by checking the graph line for Trunk Rag has increased from 1 to 2.

Coffee Break

You’re probably getting bored with this post by now so I’d recommend a nice strong cup of coffee. I know I’m heading to grab one now while I’m typing it! I might even watch an episode of The Grand Tour while I drink it…

Skype Configuration

For the next part of the configuration you will need access to the Skype For Business Admin portal. Specifically the Voice Routing and Conferencing sections.

All of the steps in this section were performed on a Skype installation with no previous voice configuration. If your system already uses voice features I’d recommend leaving this bit to somebody that knows what they are doing if you don’t already.

First of all you need to create a Voice Policy:

  1. Navigate to Voice Routing > Voice Policy.
  2. Double click Global.
  3. Check all check boxes in the Calling Features section.
  4. Under Associated PSTN Usages section click New.
  5. Set Name to Shoretel and click OK.
  6. Set Call forwarding and simultaneous ringing PSTN usages to Route using the call PSTN Usages.
  7. Click OK.

Next comes a Route. Navigate to Voice Routing > Route. If you already have routes listed then I suggest you stop following this post and consult the person responsible for voice routing in Skype if you don’t understand how it works. If you don’t have any routes, go ahead and follow these steps:

  1. Click New.
  2. Type a Name of your choice. We chose Shoretel.
  3. Type .* (DotAsterisk) into the Match this pattern field.
  4. In the Associated trunks section click Add…
  5. In the Associated PSTN Usages section click Select…
  6. Click Shoretel Followed by OK.
  7. Click OK.
  8. Click Commit > Commit All.

Now comes some Trunk Configuration:

  1. Navigate to Voice Routing > Trunk Configuration.
  2. Double click Global.
  3. Ensure Encryption support level is set to Optional.
  4. In the Associated PSTN Usages section click select…
  5. Click Shoretel and click OK.
  6. Click OK.
  7. Click Commit > Commit all.

Time for the Dial Plan:

  1. Navigate to Voice Routing > Dial Plan.
  2. Double click Global.
  3. Specify a Dial-In Conferencing Region. We chose UK since that is where we are.
  4. Chose an External access prefix if you desire. We went with 9.
  5. In the Associated Normalization Rules section click new.
  6. Specify a Name of your choice.
  7. In the Build a Normalization Rule section input the following settings (you will need to click the edit button to modify the final two settings)
    • Starting digits – Blank
    • Length – At least 1
    • Digits to remove – 0
    • Digits to add – Blank
    • Pattern to match – ^(\d+)$
    • Translation Rule – $1
  8. Uncheck Internal extension.
  9. Click OK.
  10. Remove any other normalization rules.
  11. Click OK.
  12. Now click Commit > Commit all.

Skype Dial-In Access Number

While you are still in Skype you may as well configure the dial-in conferencing number. It won’t work yet but by doing so you will at least get some audible feedback to use to test your configuration while you complete the FreePBX and Shoretel routing later.

  1. Navigate to Conferencing > Dial-In Access Number.
  2. Click New.
  3. Enter the Display number as a the DDI you plan to use for your dial-in conferencing number for external parties. e.g. +441618444444.
  4. Add a Display name of your choice.
  5. in Line URI add tel:#### to represent the extension you want to use. In our case it reads tel:8500.
  6. In SIP URI add the sip address you want to assign. we went with sip:conferencing @ sipdomain.com.
  7. Select your Pool.
  8. Select the Primary Language for this particular number.
  9. In the Associated Regions section click Add…
  10. Select the region created in the dial plan and click OK.
  11. Click Commit.

Don’t forget your users will need to be allowed to use Dial-In conferencing in the conferencing policy applied to them.

FreePBX Routes

Now you need to head on over to the FreePBX admin portal again to create some routes. This is another part that caused a lot of confusion when I was initially trying to get this to work thanks to some other guides not being accurate. Again the settings here may differ slightly depending on your setup.

The easiest way I found to route all calls through the Shoretel trunk unless they were specifically for an extension I knew existed in Skype. First of all I created the Incoming route to catch the calls for Skype.

  1. Navigate to Connectivity > Inbound Routes.
  2. Click Add Incoming Route in the top right of the page.
  3. Populate the settings below. Any I miss assume they are left as default:
    • Description – ShortelIn8500
    • DID Number – 8500
    • Set Destination – [Trunks][Skype (sip)]
  4. Click Submit.

Then I created an Incoming Route for anything else:

  1. Navigate to Connectivity > Inbound Routes.
  2. Click Add Incoming Route in the top right of the page.
  3. Populate the settings below. Any I miss assume they are left as default:
    • Description – SkypeIn
    • Set Destination – [Trunks][Shoretel (sip)]
  4. Click Submit and then Apply Config.

Testing

Now in theory internal users should now be able to dial the extension assigned to Skype PSTN Conferencing and hear the auto attendant saying “Welcome to the audio conferencing center.”

You should also be able to start a Skype Meeting using the meet now feature in Skype and add a recipient by typing in their extension or telephone number and hitting enter.

Assigning a DDI

Since Shoretel allows you to add other internal people to a call anyway this solution won’t be much use unless you map a DDI to the extension setup for Skype. I did this using a DNIS mapping on the ISDN trunk that the DDI belongs to. To do this follow these steps:

  1. Login to Shoreware Director.
  2. Navigate to Trunks > Trunk Groups.
  3. Select the trunk group that carries the DDI you wish to use. This was one of our ISDN groups.
  4. Click Edit DNIS Map.
  5. In the Received Digits field, enter the DDI in local format, ie excluding the country code and area code.
  6. In the next field add a name for the map. We went with Skype conferencing.
  7. Next select the Off System radio button and select the range you created in your SIP Trunk Group Extensions earlier.
  8. In the next field type the extension number used by Skype. 8500 in our case.
  9. Leave the Music on Hold as default.
  10. Click Add this record to the left of the row you have just filled in.
  11. Click Save.
  12. click Save again.

At this point you should be able to dial the DDI you have just configured from a mobile phone and hear the same audio prompt from the Skype auto attendant.

Conclusion

No doubt this post was a little tedious to follow. Unfortunately there isn’t a technique I’m aware of to make SIP an interesting subject. I do hope it might have helped somebody though at the end of the day. Or prevented any premature hair loss.

SharePoint 2013 Product Configuration Wizard hangs on step 9 of 10

I was patching a SharePoint 2013 farm recently and all was going great while installing the CU’s on the servers. Once all of the patches were installed, I started to run the SharePoint 2013 Products Configuration Wizard on the first WFE server, which went without an issue. The second WFE server seemed to be running fine too, getting to step 9 out of 10. It was on this step for about an hour when I went home for the evening (this is a test environment). The next morning, it was still at the same stage.

Initially I reboot the server and tried again, but got the same results. To remedy this issue, I performed the following actions.

  1. Open services.msc
  2. Stop the SharePoint Timer Service
  3. Browse to C:ProgramDataMicrosoftSharePointConfig
  4. Open the folder with the newest date modified on it.
  5. Delete all files from the folder except for cache.ini
  6. Open cache.ini and change the number within to any random number ensuring it has the same number of digits as the original. I went with 12345.
  7. Run the following command from an elevated command prompt – Psconfig.exe -cmd upgrade -inplace b2b -wait -force

After that, the server was updated and ready to serve content again.