Event Viewer logs remain one of the best troubleshooting tools for Lync and Skype for Business servers. An enormous amount of useful information can be found in the Event Viewer Logs, which can then be used to either understand the current state of the system or do root cause analysis on prior issues. 

So I decided to build a simple tool that centrally displays all of the Event Logs from Lync or Skype for Business servers or pools within an environment. This allows for a fast one-stop-shop for triaging issues across multiple Lync/Skype for Business servers in your environment. This can be especially handy for easily correlating problems that might have occurred across multiple servers in a pool.





1.01 Small Update

1.02 The Greig Request Update (15/7/2018)


Tool Requirements

The Centralised Event Viewer Tool must be run on a server with the Lync / Skype for Business module installed on it (as it uses Powershell commands to find the Lync/Skype4B pool information). This would usually be a front end server in the pool. The tool is capable of listing large numbers of events (tens-of-thousands of events), however, getting large numbers of events can take a while to process. The tool will process 1000 events in approximately 2 seconds (this scales fairly linearly). As a rule though it’s usually best to keep searches under a month in length so that the number of events don’t become problematic.

You must enable “Remote Event Log Management (RPC)” on all of your Lync/Skype for Business servers Windows firewalls in order to access these logs from the central server running the tool. This rule is already pre-populated in the Windows Firewall Advanced setting rules. So you simply need to Enabled the rule as shown below:

Open Firewall on all Lync / Skype for Business Servers:


This is a dynamic service rule that opens the required ports automatically. However, the ports that get used in practice are port TCP 135 (RPC) and port TCP 49153 (Remote Event Log). These firewall rules will become more important if you are trying to connect to Edge servers from an internal server, as the firewall between the servers will need to allow these ports.

Once this has been set on the servers that you are getting event logs from, you are set to go!


Full post available here: http://www.myskypelab.com/2016/07/Centralised-Event-Viewer-Tool.html