Archive for the ‘Lync Server 2010’ Category

Todays Lesson Learned – Lync Server 2010 and ST node for OpsMgr 2007 R2

Posted by Ståle Hansen on 15/02/2012

This is a follow-up post in a series called Todays Lesson Learned started by fellow Lync MVP Tommy Clarke with this post: Todays lesson learned–Exchange 2010 upgrade with Active Sync and MobileIron It is a blog series noting down “learn from my mistakes” and “gotchas that can stop an entire project” type of problems with learning by doing and learning the hard way.

Lately I have been working with Lync Server 2010 and using System Center Operations Manager 2007 R2 (OpsMgr) for the best possible monitoring and troubleshooting environment for a customer. Everything got set up correct and the integration seemed to look ok. Except that Synthetic Transactions did not work.

Background

Synthetic Transactions can be run from PowerShell in any Lync deployment. They are “test-cs” cmdlets and enables you to test features serverside with actual users. If you run (get-command “test-cs*”).count from Lync Server Management Shell you will see that there are 36 test cmdlets ranging from testing the ability to log on (Test-CsRegistration) to testing Audio Video conferencing (Test-CsAvConference).

OpsMgr continuously run Synthetic Transactions (ST) against the Lync environment to make sure everything is working. In a best practice environment you should deploy a dedicated server to run the ST’s from. This is because they may generate heavy load on you production servers. OpsMgr runs a PowerShell script that access the node remotely and runs the test cmdlets

For more information on how to deploy Lync Server 2010 Management Pack for System Center Operations Manager 2007 R2, download and read the documentation here: http://www.microsoft.com/download/en/details.aspx?id=12375

Symptoms

After OpsMgr was deployed we noticed the following symptoms

Some of the ST’s did not work failing with a “This operation has timed out” message
The ones that did not work was
- AV conferencing
- Instant Messaging Conferencing
- Instant Messaging P2P
- Presence
- P2P AV
The rest of them seemed to work
Logging on the ST Node we ran the test cmdlets manually and all of them worked
- Telling us that the users configured to run the cmdlets worked with the CsHealthMonitoringConfiguration
- We did not have the problem depicted in this forum post: http://social.technet.microsoft.com/Forums/en-US/ocsmonitoring/thread/81d1b976-ca07-41e8-9ede-6c600f5c2e33/
So the problem was that it worked locally, but not remotely from OpsMgr and no other indications or errors where thrown

Resolution

I figured it had to be a configuration problem somewhere and went through all of the configuration on the Node from start to end using this blog post: http://www.vnext.be/2011/03/06/scom-opsmgr-lync-2010-management-pack-deploying-synthetic-transactions-sts/ It hit me when I saw the cmdlet for configuring CsTrustedApplication that we defined a port this application would access.

New-CsTrustedApplication -ApplicationId -TrustedApplicationPoolFqdn -Port <PortNumber> -Verbose

Checking the local Windows Firewall on the server I found that an exception for that port had not been created, and it dawned on me that they need to be created manually. Adding the exception for the port on the server and recalculating the ST health on OpsMgr solved to problem this time, saving the day and made me able to roll out Lync to that customer.

Conclusion

Always remember when creating Trusted Applications you need to manually create a firewall rule allowing inbound traffic to that specific port.

Posted in Lync Server 2010 | Tagged: Lync Server 2010, Operations Manager 2007 R2, OpsMgr, Synthetic Transactions, System Center | Leave a Comment »

Lync Server and PowerShell – My favourite features, oneliners and scripts

Posted by Ståle Hansen on 18/01/2012

I was preparing to speak at Microsoft Technology User Group (MTUG) here in Norway at the PowerShell Script Club. My session for the night was going to be Lync Server Management Shell. First I thought I was not going to prepare anything and wing the whole session. The more I thought about it, winging any session that I am going to give in front of an audience is seldom a good idea. So I thought, ok make a blog post instead. I will here add my favourite features, oneliners and scripts that I have found working with Lync Server. I will update this blogpost as I remember and find new features, oneliners and scripts. Please let me know of your best PowerShell tricks in Lync.

Last updated 17.01.2012

Connecting

In addition to log on the Lync Server and open Lync Server Management Shell you can also access and work with Lync through remote PowerShell which came available in V2. Here is what you need to connect. The url could be your external webservices url as well

$session = New-PSSession -ConnectionUri https://lync-admin.contoso.local/OcsPowershell -Credential (Get-Credential)
Import-PSSession -Session $session

Finding cmdlets

There are several ways to find cmdlets in Lync. If you like the graphical representation like a mind map there is some good ones created by MVP Tom Arbuthnot

In PowerShell there is some cmdlets available as well when finding what is available

#Get all cmdlets for Lync that contains -Cs
Get-Command *-Cs* -CommandType cmdlet -Module Lync
#Get all cmdlets that contains user
Get-Command *user* -CommandType cmdlet -Module Lync

#When you find the cmdlet you want to use find the syntax on how to use it
Get-Help Get-CsUser -Examples
#Use -Online to open the TechNet website for that cmdlet
Get-Help Get-CsUser -Online

#Looking for a specific setting to set and don't know which cmdlet that can modify it use the below code
$params = Get-Command -CommandType Cmdlet *-Cs* | % { $n = $_.Name ; $_.Parameters.Values | % { Add-Member -in $_ noteproperty CmdletName $n; $_ } }
$params | where { $_.Name -like "*meeting*" } | select Name,CmdletName
#This is cool, found the trick over at http://blogs.technet.com/b/csps/archive/2010/06/14/howtofindsetting.aspx

Cmdlets

There are some cmdlets I use more than others and find useful. Let me know what is your most used cmdlets.

#List a lot of the topology information, here you can sort to find URLs, ports and servernames configured
Get-CsService

#List all pools in your topology, useful for finding Front End pool name, when you forget it
Get-CsPool

#The only policy that is not available in Lync Control Panel, lot of nice features can be configured here
Get-CsClientPolicy

#Update the AddressBook files
Update-CsAddressBook

#List the CMS replication status for each Lync Server
Get-CsManagementStoreReplicationStatus

Oneliners

The most used oneliners that I use

#Find what Lync Services are running
Get-CsWindowsService -ExcludeActivityLevel | ft Name, Status
#Start any stopped services
Get-CsWindowsService -ExcludeActivityLevel | where {$_.Status -like "Stopped"} | Start-CsWindowsService

#Find all users that are enabled for Lync and have a LineUri, sort them by LineUri, display displayname and LineUri
Get-CsUser -Filter {LineURI -ne $Null} | sort -Property LineURI | ft DisplayName,LineURI

#Quickly find and open the share folder for the Lync pool
Invoke-Item(Get-CsService -FileStore | Select-Object -ExpandProperty UncPath)

Scripts

There are a lot of scripts that is created and expand on Lync Server PowerShell functionality and and some that simplifies working with Lync as well as monitors the solution. Below are some of my favourite scripts. Please let me know of other epic scripts out there.

Set-Lync2010Features.ps1

A script to install prerequisites on Server 2008 R2 before you start install Lync Server on the OS. You can download the resource kit tools, Silverlitght and other tools easily. You even have som post deployment options in the script as well. This script is highly recommended and I use it in every deployment.

List-UnusedNumbers.ps1

A scripts that read unassigned numbers and depends on you having put you entire number serie there. It will find all numbers assigned to users, devices and features in Lync and find what numbers are available in any given unassigned numbers series. This is a script that saves you the pain of managing available numbers in an excel sheet.

Set-GlobalVoiceRouting.ps1

This script is for demo or initial deployments only. It is created for norwegian rules and genereates an easy way to dial out through one gateway and has the usual normalization rules for Norway. To edit the script and find the nomralization rules for your country see the Dialing Rule Optimizer.

Reset-UserPolicies.ps1

This script is used in an OCS to Lync migration scenario. It will reset all policies to $Null so that they use Global or Pool level policies for External access, Voice Policy and so on. The reason for this is that all users should use what you define for Lync and not what you inherit from OCS.

Get-CsConnections.ps1

This script lists user connections, client versions and the distribution of users in a load balanced scenario

Monitoring OCS and Lync Peak Call Capacity

Script to monitor how many concurrent calls a particular OCS or Lync Mediation Server is handling. The script grabs the counters for inboud and outbound calls, parses their values, adds them together, and dumps the output into a CSV file. A good tool to find how many concurrent calls you have on your deployment

Update-AdPhoto.ps1

A script that enables you to import AD photos from file and store it in the thumbnailPhoto attribute. It is a central feature in Lync to show a photo of users

New-SipContact.ps1

A script to enable users to search for external contacts and Video Conferencing endpoints from Lync. It creates a contact in AD and adds the SIP address to the msRTCSIP-PrimaryUserAddress so it will be synced to the addressbook in Lync.

Scripting Tips

There is a lot of techniques used for scripting. The best script tips I know of I will list here.

Use Write-Debug

Lets you easilly define debug lines that can test variables and logic in you script that is good to use when developing the script but that not need to be there when it is used in production. When you want to debug the script you change the $DebugPreference from ‘SilentlyContinue’ to ‘Continue’. Then all Write-Debug lines will be displayed.

$DebugPreference = 'Continue'

$var = Read-Host "Enter a computer name"
Write-Debug “’$var’ contains $var“

$DebugPreference = 'SilentlyContinue'

Use Functions

Functions are scripts in scripts. If it is certain things you need to do more than once in you script, make it a function with an input and output. I have also seen functions being used to organize your script in a better way to make it easier and more ordered to view.

Function Do-Something ($computername,$domainname) {
	# function code goes here
}

Resources

The Official Lync PowerShell Blog: http://blogs.technet.com/b/csps/p/categories.aspx
The Official Lync PowerShell Blog Cmdlet Descriptions: http://blogs.technet.com/b/csps/archive/2010/07/16/refallcmdlets.aspx
MVP Pat Richard’s Blog: http://www.ehloworld.com/category/powershell

Posted in Lync Server 2010 | Tagged: Lync Server 2010, PowerShell | 2 Comments »

Lync Server Mobility Troubleshooting Tips

Posted by Ståle Hansen on 23/12/2011

The Lync Mobility service and the Lync Clients was released 13.12.2011. Since then as we get more hands-on with the service there are in some cases trouble getting the it up and running. This post is dedicated to how you can test and troubleshoot the mobility service deployment. I will update this post when I find more information on how to troubleshoot and how to solve certain scenarios.

Last updated: 18.01.2012

Deployment

If you have a multi-homed Front End server the Mobility Service (Mcx) may sometimes fail

Reason: When calculating routing for a Mobility request the service makes a call to read DNS settings of the registered adapter. In some instances it is possible for the non-registered adapter to be returned.
This causes routing of the request to fail This is regardless subnet configuration on the second NIC
There should be a forthcoming Release Note or KB Article on this topic

Make sure you have deployed the solution correct by following one of these guides created by myself and fellow MVP’s Jeff Schertz and Adam Jacobs.

Enabling Lync Server 2010 for Lync Mobile Clients: http://msunified.net/2011/12/12/enabling-lync-mobility/
Using Lync Mobile with Office 365 and Lync Online: http://msunified.net/2011/12/12/using-lync-mobile-with-office-365-and-lync-online/
Deploying the Lync 2010 Mobility Service: http://blog.schertz.name/2011/12/deploying-the-lync-2010-mobility-service/
Step-by-step Microsoft Lync 2010 Lync Mobility (MCX) Installation Guide: http://imaucblog.com/archive/2011/12/09/step-by-step-microsoft-lync-2010-lync-mobility-mcx-installation-guide/

Testing

To validate the installation and configuration on the server side before you involve clients use the following techniques

To check that Autodiscover is working as expected, check the Autodiscover urls in a webbrowser

Get-CsService -WebServer | fl autodiscover* to find the urls
Example: https://<Webservices URL>/autodiscover/autodiscoverservice.svc/root
- Note: Make sure you don’t have “/” after root, because then you just get a “Endpoint Not Found” page
You should get to download the root file stating the following: {“AccessLocation”:”External”,”Root”:{“Links”:[{"href":"https...... and so on pointing to your Webservices URL

To check that the mobility service is working use the following url

https://<FE pool FQDN>/mcx/mcxservice.svc

You can test the Push Notificaton Service using the following cmdlet where sip.sipdomain.com is you AccessEdgeFQDN

Test-CsFederatedPartner –TargetFqdn <AccessEdgeinternalFqdn> –Domain push.lync.com –ProxyFqdn sipfed.online.lync.com
Test-CsMcxPushNotification -AccessEdgeFqdn <AccessEdgeinternalFqdn>
- NOTE: you may get a 30008 error when running Test-CsMcxPushNotification, but it is working anyway

You can test the Mobility Service using the following script, at this time it does not work with preconfigured CsHealthMonitoringConfiguration

$passwd1 = ConvertTo-SecureString "Password01" -AsPlainText -Force
$passwd2 = ConvertTo-SecureString "Password02" -AsPlainText -Force
$tuc1 = New-Object Management.Automation.PSCredential("contoso\UserName1", $passwd1)
$tuc2 = New-Object Management.Automation.PSCredential("contoso\UserName2", $passwd2)
Test-CsMcxP2PIM -TargetFqdn pool01.contoso.com -SenderSipAddress sip:UserName1@contoso.com -SenderCredential $tuc1 -ReceiverSipAddress sip:UserName2@contoso.com -ReceiverCredential $tuc2 –v

Troubleshooting

Microsoft has released CU4 release notes with known issues for Lync Mobile and workarounds. I have listed some of the most important issues here

Issues with switching between Wi-Fi and 3G with Lync Mobile for Windows Phone. Resolution: Exit Lync Mobile and start Internet Explorer to reestablish network connectivity
Lync might not connect to an IM conversation from push notification on Lync 2010 for Windows Phone. Resolution: Conversation must be reestablished because of timeout or the conversation was answered on another device
In iOS, not all Lync meetings show up as Lync meetings. Resolution: Expected behavior when the meeting is scheduled by copying the Lync Online link, created in webaccess or created by Lync Online user that is not enabled for the audio conferencing provider (ACP)
Push notification over a Wi-Fi network requires that firewall UDP port 5223 is open for incoming HTTP traffic. Resolution: This is because of Apple Push Notification service requires it

Download the release notes here: http://www.microsoft.com/download/en/details.aspx?id=28549

Other issues that may occur and are described by Microsoft

Microsoft push notification messages are not delivered to Lync mobile clients because of URL filtering on the Edge server: http://support.microsoft.com/kb/2664650

I have seen an issue where Call via Work does not work. When you use Call via Work Lync will dial the phone number you have specified only to get disconnected when

Symptoms

When you use Call via Work Lync will dial the phone number you have specified only to get disconnected when you try to answer the call
In the Lync server SIP logs you see a 603 Decline message from the SIP Trunk GW

Resolution

Use Lync Server Management Shell to verify that Get-CsTrunkConfiguration | fl EnableReferSupport is set to True
If it is you can try to set it to false
Set-CsTrunkConfiguration -EnableReferSupport $False
Now try the Call via Work feature and it should work
The reason for this is that the SIP Trunk provider is not configured to support SIP REFER

You may have the problem with users not being able to sign in. Make sure the following is true

Go through the logs from the sign in process, Lync Mobile has the ability to send diagnostic logs from the client to the administrator
- MVP Randy Wintle has an excellent post on how to: http://blog.ucmadeeasy.com/2011/12/13/how-to-lync-mobile-diagnostic-logs
Lyncdiscover is a CNAME pointing to Web Services URL found using Get-CsService -WebServer | ft ABHandlerExternalUri
The certificate on the ISA/TMG is updated with the Lyncdiscover.domain.com SAN
If it is over Wi-Fi and users connect internally the clients must trust the Root certificate used on the Front End server
If you are using port 80 make sure you are using a separate publishing rule, listener is configured for 80->8080 and no authentication and clients can not authenticate is set
The Lync Mobile client can’t sign in and you get a 401 unauthorized in the logs, may be due to multiple NIC’s on the FE: http://www.lync-blog.nl/?p=596&lang=en
The Lync Mobile client can’t sign in when you publish LoadBalanced FE using TMG Web farm for the web services, try switching your TMG persistence to source IP: http://www.confusedamused.com/notebook/lync-mobile-clients-and-tmg-server-farms/

Troubleshooting articles

A good Lync Mobile troubleshooting story by flinchbot: http://flinchbot.wordpress.com/2011/12/12/troubleshooting-tips-for-lync-mobility/
Lync 2010 Mobility Sign-in Process: http://blog.kloud.com.au/2011/12/12/lync-2010-mobility-sign-in-internals/
Windows Phone 7 mobile devices: use and troubleshooting: http://support.microsoft.com/kb/2636318
Google Android mobile devices: use and troubleshooting: http://support.microsoft.com/kb/2636313
Apple iPhone and iPad mobile devices: use and troubleshooting: http://support.microsoft.com/kb/2636320
Lync Online Troubleshooting “Cannot connect to the server” errors on Lync mobile devices: http://support.microsoft.com/kb/2636329
Lync Mobility – Understanding SIP Sign-in Address vs. User Principle Name (UPN): http://blogs.pointbridge.com/Blogs/Crockett_keenan/Pages/Post.aspx?_ID=14

Posted in Lync Server 2010 | Tagged: Lync Mobile, Lync Mobile Call via Work, Lync Mobile Troubleshooting, Lync Server 2010 | 16 Comments »

Enabling Lync Server 2010 for Lync Mobile Clients

Posted by Ståle Hansen on 12/12/2011

As the Lync mobile clients are released so are the server side setup notes. This article will go through the steps for setting up your environment and make it ready for the Lync mobile clients.

Note: This post will be updated as the Lync community get more hands on with the service. Last update 23.12.2011

Lync Mobile features

Lync mobile client is released for Windows Phone 7, iPhone, iPad, Android and later on Nokia (Symbian). The feature set is about the same accross the platforms. There is no ability to view meeting content, video or do voice over IP. The main features is therefore

IM and presence
One Click join meetings
Call via work

For a detailed feature list see the TechNet article: http://technet.microsoft.com/en-us/library/hh691004.aspx

Planning for Lync Mobility

If you have a multi-homed Front End server the Mobility Service (Mcx) may sometimes fail

Reason: When calculating routing for a Mobility request the service makes a call to read DNS settings of the registered adapter. In some instances it is possible for the non-registered adapter to be returned.
This causes routing of the request to fail This is regardless subnet configuration on the second NIC
There should be a forthcoming Release Note or KB Article on this topic

If you use a Director it must be updated the same way as for a Front End

If you plan to support Lync Mobility and Push Notifications over a Wi-Fi you need to

Add lyncdiscover (and resolve it the external IP) in the internal DNS
Open TCP 5223 outbound in you firewall to support Push Notifications
For more information see TechNet Article: http://technet.microsoft.com/en-us/library/hh690030.aspx

Prerequisites

This Lync Mobility guide requires that your Lync solution is deployed with Lync Edge server and Reverse Proxy. This guide will only talk about Lync Mobility specific configuration

Install CU4 (November release) or later in you Lync infrastructure: http://go.microsoft.com/fwlink/?LinkID=208564.

Best practice when applying Lync CU: http://www.ultimate-communications.com/2011/12/best-practices-when-updating-lync-server-with-those-cumulative-updates-lync/
Remember to update the database manually as pointed out in part 6 of the above guide

IIS 7.5 is recommended because of some high load request limitations

If you are running Server 2008 and IIS 7.0 you need to configure ASP.NET flags to improve performance manually
See TechNet on this: http://technet.microsoft.com/en-us/library/hh690042.aspx

If you use Hardware Load Balancer

You must ensure that cookie-based persistence on a per port basis for external ports 4443 and 8080 on the hardware load balancer is configured
For Lync Server 2010 it is important to use cookie-based persistence so that multiple connections from a single client are sent to one server to maintain session state
For details on how to configure, see Load Balancing Requirements.

Install the IIS feature Dynamic Content Compression (Web-Dyn-Compression) on all involved Front End servers

Server 2008: ServerManagerCMD.exe –Install Web-Dyn-Compression
Server 2008 R2: Import-Module ServerManager; Add-WindowsFeature Web-Dyn-Compression

Enabling Lync Mobility

Configure Lync Mobility Autodiscover CNAME DNS records

Internal: lyncdiscoverinternal.sipdomain.com
- Point it to your Front End pool FQDN CNAME
- Is it needed? See this blogpost by Brendan Carius: http://blog.kloud.com.au/2011/12/12/lync-2010-mobility-do-i-need-lyncdiscoverinternal/
External: lyncdiscover.sipdomain.com
- Point it to your Reverse Proxy FQDN if using SSL or a new publishing rule and IP if you are using port 80
- To find you reverse proxy FQDN use this PowerShell oneliner on your Front End server
  - Get-CsService -WebServer | ft ABHandlerExternalUri

Configure listening ports for the Mobility Service (Mcx)

Verify that your server version is correct by running PowerShell cmdlet: Get-CsServerVersion
- Version should be 4.0.7577.0 or newer
In PowerShell run the following cmdlet for internal and external listening port
- Set-CsWebServer –Identity <internal FE Pool FQDN> -McxSipPrimaryListeningPort 5086 -McxSipExternalListeningPort 5087
Publish the updates to the CMS database
- Enable-CsTopology –verbose

Download and enable the Lync Mobility

Do not install, but download the McxStandalone.msi and place it in the following folder on all Front End servers and Directors
- Download link: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=28356
- Folder to place the file: C:\ProgramData\Microsoft\Lync Server\Deployment\cache\4.0.7577.0\setup
Run the Lync Server Deployment wizard, found under Administrative tools-> Lync Server
- In the wizard click Install or update Lync Server System
- Choose Step 2: Setup or Remove Lync Server components
- This will reconfigure the Lync Services on the Front End with the new listening ports
Verify that the server is configured correct, open IIS and check for Autodiscover and Mcx Vdirs

Update certificates on Front End and Edge/TMG

Still in the Lync Server Deployment Wizard choose step 3: Request, Install or Assign Certificates
You need to request a new certificate with the new name, make sure you get all additional SAN entries from the old certificate
If you use the same certificate on all Front End services you can use this PS onliner to get a list of your certificates SAN’s
- On FE: Get-CsCertificate -Type default | Select-Object -ExpandProperty AlternativeNames
If you use the same certificate on Edge and TMG you can run the below command to get all SAN’s
- On Edge: Get-CsCertificate -Type DataEdgeExternal | Select-Object -ExpandProperty AlternativeNames
To reissue the certificates using PowerShell see Ari Protheroe’s blog post: http://ariprotheroe.wordpress.com/2011/12/10/reissuing-certificates-for-lync-mobile/

Configuring Push Notification

Push Notification is used by the Mobility Service to send notifications to Apple and Microsoft phones that has the Lync application running in the background to wake them up
To enable push notification run the following cmdlet:
- Set-CsPushNotificationConfiguration -EnableApplePushNotificationService $True -EnableMicrosoftPushNotificationService $True
You need to enable federation with Office365 as a hosted provider if you have not already done so
- New-CsHostingProvider -Identity ”LyncOnline” -Enabled $True -ProxyFqdn ”sipfed.online.lync.com” -VerificationLevel UseSourceVerification
You then need to set up a hosting proivder between your organization and the Push Notification Service at Lync Online
- New-CsAllowedDomain -Identity “push.lync.com”

Publishing externally

There is two possibilities when publishing Lync Mobility through a reverse proxy

Publish through port 80 using the same IP as your existing Lync publishing rule
- Pros: you don’t have to update on your reverse proxy certificate with an extra SAN name
- Cons: you need to open port 80->8080 on a new rule and it is not recommende to do this by Microsoft
- Result: discovery information for you Lync mobile clients will get information about logon server unencrypted, the rest is encrypted the usual way
Publish through port 443 using the same IP as your existing Lync publishing rule
- Pros: All traffic will be encrypted, you just need to add lyncdiscover.sipdomain.com to public name on the publishing rule
- Cons: You need to add an extra SAN name for lyncdiscover.sipdomain.com on your reverse proxy certificate
- Result: all traffic are encrypted
Take a look at Adam Jacobs blogpost at the bottom for how to create a new rule

Testing and Troubleshooting

I have written a blogpost on how to test and troubleshoot Lync Mobile and Mobility here: Lync Server Mobility Troubleshooting Tips: http://msunified.net/2011/12/23/lync-server-mobility-troubleshooting-tips/

How to test the services

You can test that the services are working correct by accessing some URLs

To check that Autodiscover is working as expected, check the Autodiscover urls in a webbrowser

Get-CsService -WebServer | fl autodiscover* to find the urls
Example: https://<Webservices URL>/autodiscover/autodiscoverservice.svc/root/

To check that the mobility service is working use the following url

https://<FE pool FQDN>/mcx/mcxservice.svc

You can test the Push Notificaton Service using the following cmdlet where sip.sipdomain.com is you AccessEdgeFQDN

Test-CsFederatedPartner –TargetFqdn <internal edge fqdn> –Domain push.lync.com –ProxyFqdn sipfed.online.lync.com
Test-CsMcxPushNotification –AccessEdgeFqdn <internal edge fqdn>
NOTE: you may get a 30008 error when running Test-CsMcxPushNotification, but it is working anyway

You can test the Mobility Service using the following script, at this time it does not work with preconfigured CsHealthMonitoringConfiguration

$passwd1 = ConvertTo-SecureString "Password01" -AsPlainText -Force $passwd2 = ConvertTo-SecureString "Password02" -AsPlainText -Force
$tuc1 = New-Object Management.Automation.PSCredential("contoso\UserName1", $passwd1)
$tuc2 = New-Object Management.Automation.PSCredential("contoso\UserName2", $passwd2)
Test-CsMcxP2PIM -TargetFqdn pool01.contoso.com -SenderSipAddress sip:UserName1@contoso.com -SenderCredential $tuc1 -ReceiverSipAddress sip:UserName2@contoso.com -ReceiverCredential $tuc2 –v

Monitoring the Mobility Performance

There are several places you can monitor Mobility, here from TechNet:

References

MVP Adam Jacob’s blog: http://imaucblog.com/archive/2011/12/09/step-by-step-microsoft-lync-2010-lync-mobility-mcx-installation-guide/
Ben Lee’s blog: https://www.bibble-it.com/2011/12/10/configuring-lync-mobility-part-1
MVP Jeff Schertz’s blog: http://blog.schertz.name/2011/12/deploying-the-lync-2010-mobility-service/
Lync Server Mobility Troubleshooting Tips: http://msunified.net/2011/12/23/lync-server-mobility-troubleshooting-tips/
Microsoft Lync Server 2010 Mobility Guide: http://www.microsoft.com/download/en/details.aspx?id=28355
Planning for Mobility: http://go.microsoft.com/fwlink/?LinkId=235303
Deploying Mobility: http://go.microsoft.com/fwlink/?LinkId=235304
Monitoring Mobility for Performance: http://go.microsoft.com/fwlink/?LinkId=235305

Posted in Lync Server 2010 | Tagged: Lync Mobile, Lync mobile prerequisites, Lync Mobility, Lync Server 2010, lyncdiscover, Mcx | 42 Comments »

Lync AddressBook Process stops and starts every two minutes with Event ID 12330

Posted by Ståle Hansen on 04/11/2011

At a customer site I got EventID 12330 LS Server stating that abserver worker process failed to initialize itself. A quick google search lead me to this forum article:http://social.technet.microsoft.com/Forums/en-US/ocsaddressbook/thread/6365091e-ec34-46cc-b9f7-e362b9084bb3

There MVP colleague Johan Veldhuis found a cause of this problem. The cause was that the SQL database being backed up when the Addressbook was being generated resulting in low responce time and therefore the process did not complete its update. The addressbook is being generated at 01.30 default every night, and if it can not update we will see this kind of behaviour

Resolution

Use the Set-CsAddressBookConfiguration cmdlet to change the generation time
Set-CsAddressBookConfiguration -RunTimeOfDay 23:00
This will set the addressbook update to happen at 11 in the night to ensure no SQL backup overlap

Detailed error messages

Event ID 12330 LS Server

Failed starting a worker process.

Process: ‘C:\Program Files\Microsoft Lync Server 2010\Server\Core\ABServer.exe’ Exit Code: C3E8302D!_HRX! (The worker process failed to initialize itself in the maximum allowable time.!_HRM!).
Cause: This could happen due to low resource conditions or insufficient privileges.
Resolution:
Try restarting the server. If the problem persists contact Product Support Services.

Event ID 12331

Worker process exited prematurely. The process will be automatically restarted.

Process: ‘C:\Program Files\Microsoft Lync Server 2010\Server\Core\ABServer.exe’ Exit Code: 0!_HRX! (The operation completed successfully.
!_HRM!)

Posted in Lync Server 2010 | Tagged: Event ID 12330, Event ID 12331, Lync Server 2010 | 2 Comments »

Deep Dive Class – Understanding, Administering and Troubleshooting Lync Server 2010

Posted by Ståle Hansen on 11/09/2011

Together with Tommy Clarke I am developing a Deep Dive Class for those who wish to understand, administer and be able to do initial troubleshooting within a Lync Server environment. The course is aimed and made for administrators and will feature enterprise voice labs and troubleshooting hands on

Course overview

Day 1 – Understand the Lync infrastructure
Day 2 – Administration in Lync Control Panel and PowerShell. Enterprise Voice labs
Day 3 – Troubleshooting deep dive day 1: Understand the SIP protocol, ICE, STUN and TURN. Hands-on labs
Day 4 – Troubleshooting deep dive day 2: Troubleshooting the Lync infrastructure with hands-on labs

The first run will be held at Glasspaper in Oslo and starts september 19th. Second run starts november 28th. Visit Glasspaper to sign up: http://kursbase.glasspaper.no/Kurs/KursPomelding.aspx?KursID=1850

See this cool teaser Tommy made for his Swedish version of the course

Posted in Lync Server 2010 | Tagged: Lync Course, Lync Course Norway, Lync Server 2010 | Leave a Comment »

How to Check if you are running Lync Server Evaluation or Licensed Version

Posted by Ståle Hansen on 23/08/2011

At a customer site I was not sure if the PoC Lync environment was running Evaluation Version of the Lync Front End server or the Volume Licensed Version. They where looking to migrate from PoC to production so I had to make sure that the services didn’t stop in the middle of production.

Found a simple cmdlet to verify this: Get-CsServerVersion

When run it will attempt to
Read the registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Real-Time Communications\{A593FD00-64F1-4288-A6F4-E699ED9DCA35}\Type
Based on that registry value, the cmdlet will then report back the version number of the software and the Lync Server licensing information the local computer and report back one of the following:

That the Lync Server volume license key has been installed on the computer, meaning that no updating is necessary.
That the Lync Server evaluation license key has been installed, meaning that the computer must be updated.
That no volume license key is required on the computer. Updating from the evaluation version to the licensed version is only required on Front End Servers, Directors, and Edge Servers.

What if Evaluation Version is installed and you have to upgrade to Licensed Version?

Log on to the computer as a local administrator
Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell
In the Lync Server Management Shell, type the following command and then press ENTER:

msiexec.exe /fvomus server.msi EVALTOFULL=1 /qb
Note that you might need to specify the full path to the file server.msi. This file can be found in the Setup folder of the Lync Server Volume media installation files.

After Setup finishes running, type the following from the command prompt and then press ENTER:

Enable-CsComputer
Repeat this procedure on any other Front End Server, Director, or Edge Server running an evaluation copy of Lync Server
This procedure should also be performed on any Branch Office Servers that were deployed by using the Lync Server media installation files

Using Get-CsServerVersion will also show you

What Version Number you are running
What patches has been installed
For tips on determining if the latest CU has been installed see

Lee Desmond’s Blog article:
Lync Server 2010 – Which Version Do I Really have?: http://www.leedesmond.com/weblog/?p=744

References
TechNet: Updating From the Evaluation Version of Microsoft Lync Server 2010
TechNet: Get-CsServerVersion

Posted in Lync Server 2010 | Tagged: Get-CsServerVersion, Lync Server 2010, Lync Server Evaluation | 3 Comments »

Script to reset user policies in Lync on migrated OCS users

Posted by Ståle Hansen on 04/07/2011

A while back I was migrating a pilot OCS 2007 R2 solution to a Lync production solution. After moving the users I found that they had inherited their policies regarding external access and voice from OCS. In this case I was utilizing global policies in Lync and removing the need for granting specific policies to the users.

To change this I created a simple little script to reset these policies. The script is used at your own risk.

Download it here: http://msunified.net/lyncdownloads/script-reset-userpolicies-ps1/

The Script Does the Following

Gets all users that have an external policy set to other than $null
For each user all policies are set to $null
Writes the users who are changed, can be exported to csv if wanted
Also checks if any users failed and prints their names

If you can’t change settings on some users it is probably because of permission issues on the user object in AD. To check if that is the case do the following:

Open Active Directory Users and Computers (dsa.msc) from the Lync Front End server or any other server with ADDS
Go to View and select Advanced Features

Now find the user with the permission issues and select Properties
Select the security pane and click on Advanced
Make sure that “include inheritable permissions from this object’s parents” are checked

If not check it and OK out of there
Wait for AD replication and try again

This is an old Exchange AvtiveSync and OWA issue where users could not access these features. The affected users where probably a member of the below groups or have been at some point.

Found a good description of what can make this occur at: http://alanhardisty.wordpress.com/2010/03/05/activesync-not-working-on-exchange-2010-when-inherit-permissions-not-set/

The reason this happens is because Active Directory uses something called the AdminSDHolder to define what permissions the default protected security groups receive. Whilst you can change the inherited permissions, a process called SDPROP will run, by default every 60 minutes on the domain controller that holds the PDCe role. It will check the ACL of the protected groups and reset their inherited permissions and the users within the groups, with what has been defined by the AdminSDHolder object.

Microsoft’s recommendation and best practice is that if you are a domain administrator that you have 2 accounts. One for your everyday user which is restricted in the same way that every other user is and a second for your administration role.

The built in groups that are affected with Windows 2008 are:
Account Operators
Administrators
Backup Operators
Domain Admins
Domain Controllers
Enterprise Admins
Print Operators
Read-only Domain Controllers
Replicator
Schema Admins
Server Operators

The built in users that are affected with Windows 2008 are:
Administrator
Krbtgt

Posted in Lync Server 2010 | Tagged: Lync, Lync Migration, Lync Server 2010, OCS 2007 R2 | Leave a Comment »

My Lync presentations at TechNet Live april 2011 available at TechNet Edge

Posted by Ståle Hansen on 09/05/2011

This year I got the honor to be a speaker at the business value track and the technical track at TechNet Live in Norway march 31 . I talked about Unified Communications in general and Lync Server 2010 as a PBX replace. TechNet Live is hold in the four largest cities in Norway every year and this year it was about 1000 attendees for all the cities. Below are the Screencasts from my sessions in Oslo. The presentations are in norwegian.

Key benefits with Unified Communications and how to realize them. Talks about:

How to work more effectively with UC
Where are the primary benefits
How do you succeed with you UC deployment
Download PDF

Lync Server 2010, your new PBX?. Talks about:

Whats new in Lync Server 2010
The topology of Lync Server 2010
Demo of how to manage response groups
Lync Server 2010 troubleshooting
Download PDF

Demo: Microsoft Unified Communications. Talks about:

What is Microsoft Unified Communications
Demos how to work effectively during projects with UC
Download PDF

Posted in Lync Server 2010 | Tagged: Lync Server 2010, Presentation, TechNet Edge, TechNet Live, Unified Communications | Leave a Comment »

Lync Server 2010 Troubleshooting Tips

Posted by Ståle Hansen on 15/04/2011

: Last updated: 10.10.2011

When deploying Lync Server 2010 you will most likely come across a lot of strange behaviour and stuff that don’t work as expected due to configuration errors or environmental issues. I will in this post try to collect the solutions and articles I find and update along the way, to have troubleshooting tips in one place. Please let me know if any good blog posts or articles that solve some specific problems is not listed here.

General Troubleshooting
Troubleshooting Lync may be a daunting task since there is a lot of elements that is involved in a deployment. Over the years troubleshooting OCS and Lync I have found a routine for eliminating problems. If you have deployed Lync Server and there is connectivity issues or some features not working I usually go about it in the following order:

Remember to run the Lync Control Panel, Lync Server Management Shell, BPA and other tools by right clicking and choose “Run as administrator”
Check that services are running
- Use PS command: Get-CsWindowsService -ExcludeActivityLevel | ft Name, Status
Start any stopped services
- Use PS onliner: Get-CsWindowsService -ExcludeActivityLevel | where {$_.Status -like "Stopped"} | Start-CsWindowsService
Check CMS replication
- Use PS command: Get-CsManagementStoreReplicationStatus
Check Event Viewer on Server and Client if there are any errors
Open the Topology Builder, check for misconfiguration
Check that ports are open and listening using the PortQueryUI tool
- Download it here: http://support.microsoft.com/kb/310099
- Use netstat: netstat -an | find /i “5060″
Install the Microsoft Lync Server 2010 Resource Kit Tools, if its not already installed
- Download it here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=80cc5ce7-970d-4fd2-8731-d5d7d0829266&displaylang=en
Run the TopologyValidator from the Resource Kit
- Using the Lync Topology Validator: http://www.confusedamused.com/notebook/using-the-lync-topology-validator/
Install and run Lync Server 2010, Best Practices Analyzer
- Download it here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=030548df-0dc7-4f86-b8a9-2f5ec8de8ba5&displaylang=en
Break out Lync Logging tool and analyze traffic with Snooper from the Resource Kit
Analyze protocol traffic with Network Monitor or Wireshark
- Network Monitor: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en
- Wireshark: http://www.wireshark.org/
- Wireshark Capture Tips: http://blog.schertz.name/2011/10/wireshark-capture-tips/
Stress test the solution to see if load is the issue, download and install Lync Server 2010, Stress and Performance Tool
- Download it here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=94b5f191-6d80-4dec-94c2-fca57995f8b7&displaylang=en

If you have any tips of commands or tools not listed here, please let me know

Deployment Troubleshooting

Lync Server 2010 Setup or Remove Lync Components Fails on Windows Server 2008 R2 SP1: http://blogs.technet.com/b/nexthop/archive/2011/03/15/lync-server-2010-setup-or-remove-lync-components-fails-on-windows-server-2008-r2-sp1.aspx
Error 0×80070020 when you try to run Setup Lync Server Components: http://msunified.net/2010/12/15/error-0×80070020-when-you-try-to-run-setup-lync-server-components/
Dedicated Lync Server 2010 Mediation Server with two NIC’s: http://msunified.net/2011/02/22/dedicated-lync-server-2010-mediation-server-with-two-nics/
Message Queuing Issues on Microsoft Lync Server 2010: http://blogs.technet.com/b/nexthop/archive/2011/05/03/troubleshooting-microsoft-message-queuing-issues-on-microsoft-lync-server-2010.aspx
Error Deploying Lync 2010 Monitoring Reports: http://waveformation.com/2011/03/31/error-deploying-lync-2010-monitoring-reports/
Troubleshooting Lync Edge, XMPP Gateway, and TLS Negotiation Errors: http://blogs.pointbridge.com/Blogs/Crockett_keenan/Pages/Post.aspx?_ID=7

Client Troubleshooting

How to check SRV records for OCS/Lync and Exchange: http://msunified.net/2010/08/09/how-to-check-srv-records-for-ocs-and-exchange/
Lync cannot verify that the server is trusted for your sign-in address: http://blogs.technet.com/b/jenstr/archive/2011/02/10/lync-cannot-verify-that-the-server-is-trusted-for-your-sign-in-address.aspx
Troubleshooting Microsoft Lync Server 2010 Clients: Help Desk Resource: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=4222e61c-c199-47e0-b649-495b12d0b5e7&displaylang=en
TechNet Article Troubleshooting Clients: http://technet.microsoft.com/en-us/library/gg195811.aspx
TechNet Article Troubleshooting Devices: http://technet.microsoft.com/en-us/library/gg425952.aspx
Troubleshooting Connectivity for Mac clients: http://blogs.technet.com/b/nexthop/archive/2010/12/13/troubleshooting-connectivity-for-messenger-for-mac-7-0-2-and-communicator-for-mac-2011-with-communications-server-2007-r2-and-lync-server-2010.aspx
Lync 2010 stopped joining Online Meetings: http://trogjels.wordpress.com/2011/05/18/lync-stopped-joining-online-meetings/

Control Panel Troubleshooting:

TechNet Article Troubleshooting Lync Server 2010 Control Panel: http://technet.microsoft.com/en-us/library/gg195689.aspx
“Insufficient access rights to perform the operation” when attempting a move user or enable user command: http://support.microsoft.com/kb/2466000#appliesto
Lync Control Panel Fails When Moving Legacy Users: http://blogs.pointbridge.com/Blogs/Crockett_keenan/Pages/Post.aspx?_ID=4

Post Deployment

Stale OCS objects showing up in Lync BPA: http://msunified.net/2011/04/13/stale-ocs-objects-showing-up-in-lync-bpa/
Lync Server Front End: Lost connection to the Web Conferencing Edge Server: http://msunified.net/2011/02/09/lync-server-front-end-lost-connection-to-the-web-conferencing-edge-server/
Troubleshooting Archiving Server: http://blogs.technet.com/b/nexthop/archive/2011/05/09/troubleshooting-archiving-server.aspx
Understanding and Troubleshooting Microsoft Exchange Server Integration White Paper: http://blogs.technet.com/b/nexthop/archive/2011/05/11/understanding-and-troubleshooting-microsoft-exchange-server-integration-white-paper.aspx
Logging on a Lync Enterprise Pool – Federation Troubleshooting: http://ocsguy.com/2011/07/11/logging-on-a-lync-enterprise-pool/

Also se the Lync Resource Kit Book chapter about Troubleshooting Basics: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8c64a1e1-f0b3-479c-a265-e480875c61d8&displaylang=en

Posted in Lync Server 2010 | Tagged: Lync Server 2010, Lync Troubleshooting | 10 Comments »

« Previous Entries

Technical blog about Exchange, OCS and Lync by Ståle Hansen

Categories

Popular Posts

Tag Cloud

Forums

Technical Resources

Other Links