msunified.net

Technical blog about Exchange, OCS and Lync by Ståle Hansen

  • TENA14

  • Proud contributor and fan of

  • wordpress visitors
    • 881,061 views since april 09

Archive for the ‘Lync Server 2010’ Category

Lync Server Mobility Troubleshooting Tips

Posted by Ståle Hansen on 23/12/2011

The Lync Mobility service and the Lync Clients was released 13.12.2011. Since then as we get more hands-on with the service there are in some cases trouble getting the it up and running. This post is dedicated to how you can test and troubleshoot the mobility service deployment. I will update this post when I find more information on how to troubleshoot and how to solve certain scenarios.

Last updated: 14.10.2012 Read the rest of this entry »

Posted in Lync Server 2010, Troubleshooting | Tagged: , , , , | 21 Comments »

Enabling Lync Server 2010 for Lync Mobile Clients

Posted by Ståle Hansen on 12/12/2011

As the Lync mobile clients are released so are the server side setup notes. This article will go through the steps for setting up your environment and make it ready for the Lync mobile clients.

Note: This post will be updated as the Lync community get more hands on with the service. Last update 10.04.2012

Lync Mobile features

Lync mobile client is released for Windows Phone 7, iPhone, iPad, Android and Nokia (Symbian). The feature set is about the same accross the platforms. There is no ability to view meeting content, video or do voice over IP. The main features is therefore

  • IM and presence
  • One Click join meetings
  • Call via work

For a detailed feature list see the TechNet article: http://technet.microsoft.com/en-us/library/hh691004.aspx

Planning for Lync Mobility

If you have a multi-homed Front End server the Mobility Service (Mcx) may sometimes fail

  • Reason: When calculating routing for a Mobility request the service makes a call to read DNS settings of the registered adapter. In some instances it is possible for the non-registered adapter to be returned.
  • This causes routing of the request to fail This is regardless subnet configuration on the second NIC
  • There should be a forthcoming Release Note or KB Article on this topic
  • UPDATE: This issue was fixed in the february 2012 mobility update: http://support.microsoft.com/kb/2675221

If you use a Director it must be updated the same way as for a Front End

If you plan to support Lync Mobility and Push Notifications over a Wi-Fi you need to

Prerequisites

This Lync Mobility guide requires that your Lync solution is deployed with Lync Edge server and Reverse Proxy. This guide will only talk about Lync Mobility specific configuration

Install CU4 (November release) or later in you Lync infrastructure: http://go.microsoft.com/fwlink/?LinkID=208564.

IIS 7.5 is recommended because of some high load request limitations

If you use Hardware Load Balancer

  • You must ensure that cookie-based persistence on a per port basis for external ports 4443 and 8080 on the hardware load balancer is configured
  • For Lync Server 2010 it is important to use cookie-based persistence so that multiple connections from a single client are sent to one server to maintain session state
  • For details on how to configure, see Load Balancing Requirements.

Install the IIS feature Dynamic Content Compression (Web-Dyn-Compression) on all involved Front End servers

  • Server 2008: ServerManagerCMD.exe –Install Web-Dyn-Compression
  • Server 2008 R2: Import-Module ServerManager; Add-WindowsFeature Web-Dyn-Compression

Enabling Lync Mobility

Configure Lync Mobility Autodiscover CNAME DNS records

  • Internal: lyncdiscoverinternal.sipdomain.com
    • Point it to your Front End pool FQDN CNAME
  • External: lyncdiscover.sipdomain.com
    • Point it to your Reverse Proxy FQDN if using SSL or a new publishing rule and IP if you are using port 80
    • To find you reverse proxy FQDN use this PowerShell oneliner on your Front End server
      • Get-CsService -WebServer | ft ABHandlerExternalUri

Configure listening ports for the Mobility Service (Mcx)

  • Verify that your server version is correct by running PowerShell cmdlet: Get-CsServerVersion
    • Version should be 4.0.7577.0 or newer
  • In PowerShell run the following cmdlet for internal and external listening port
    • Set-CsWebServer –Identity <internal FE Pool FQDN> -McxSipPrimaryListeningPort 5086 -McxSipExternalListeningPort 5087
  • Publish the updates to the CMS database
    • Enable-CsTopology –verbose

Download and enable the Lync Mobility

  • Do not install, but download the McxStandalone.msi and place it in the following folder on all Front End servers and Directors
  • Run the Lync Server Deployment wizard, found under Administrative tools-> Lync Server
    • In the wizard click Install or update Lync Server System
    • Choose Step 2: Setup or Remove Lync Server components
    • This will reconfigure the Lync Services on the Front End with the new listening ports
  • Verify that the server is configured correct, open IIS and check for Autodiscover and Mcx Vdirs

Update certificates on Front End and Edge/TMG

  • Still in the Lync Server Deployment Wizard choose step 3: Request, Install or Assign Certificates
  • You need to request a new certificate with the new name, make sure you get all additional SAN entries from the old certificate
  • If you use the same certificate on all Front End services you can use this PS onliner to get a list of your certificates SAN’s
    • On FE: Get-CsCertificate -Type default | Select-Object -ExpandProperty AlternativeNames
  • If you use the same certificate on Edge and TMG you can run the below command to get all SAN’s
    • On Edge: Get-CsCertificate -Type DataEdgeExternal | Select-Object -ExpandProperty AlternativeNames
  • To reissue the certificates using PowerShell see Ari Protheroe’s blog post: http://ariprotheroe.wordpress.com/2011/12/10/reissuing-certificates-for-lync-mobile/

Configuring Push Notification

  • Push Notification is used by the Mobility Service to send notifications to Apple and Microsoft phones that has the Lync application running in the background to wake them up
  • To enable push notification run the following cmdlet:
    • Set-CsPushNotificationConfiguration -EnableApplePushNotificationService $True -EnableMicrosoftPushNotificationService $True
  • You need to enable federation with Office365 as a hosted provider if you have not already done so
    • New-CsHostingProvider -Identity “LyncOnline” -Enabled $True -ProxyFqdn “sipfed.online.lync.com” -VerificationLevel UseSourceVerification
  • You then need to set up a hosting proivder between your organization and the Push Notification Service at Lync Online
    • New-CsAllowedDomain -Identity “push.lync.com”

Publishing externally

There is two possibilities when publishing Lync Mobility through a reverse proxy

  • Publish through port 80 using the same IP as your existing Lync publishing rule
    • Pros: you don’t have to update on your reverse proxy certificate with an extra SAN name
    • Cons: you need to open port 80->8080 on a new rule and it is not recommende to do this by Microsoft
    • Cons: I have experienced problems using port 80 event though all config was correct. Everything worked fine when adding a certificate. So I don’t recommend it.
    • Result: discovery information for you Lync mobile clients will get information about logon server unencrypted, the rest is encrypted the usual way
  • Publish through port 443 using the same IP as your existing Lync publishing rule
    • Pros: All traffic will be encrypted, you just need to add lyncdiscover.sipdomain.com to public name on the publishing rule
    • Cons: You need to add an extra SAN name for lyncdiscover.sipdomain.com on your reverse proxy certificate
    • Result: all traffic are encrypted
  • Take a look at Adam Jacobs blogpost at the bottom for how to create a new rule

Validating and Troubleshooting

I have written a blogpost on how to validate and troubleshoot Lync Mobile and Mobility here: http://msunified.net/2011/12/23/lync-server-mobility-troubleshooting-tips/

Monitoring the Mobility Performance

There are several places you can monitor Mobility, here from TechNet:

References

MVP Adam Jacob’s blog: http://imaucblog.com/archive/2011/12/09/step-by-step-microsoft-lync-2010-lync-mobility-mcx-installation-guide/
Ben Lee’s blog: https://www.bibble-it.com/2011/12/10/configuring-lync-mobility-part-1
MVP Jeff Schertz’s blog: http://blog.schertz.name/2011/12/deploying-the-lync-2010-mobility-service/
Lync Server Mobility Troubleshooting Tips: http://msunified.net/2011/12/23/lync-server-mobility-troubleshooting-tips/
Microsoft Lync Server 2010 Mobility Guide: http://www.microsoft.com/download/en/details.aspx?id=28355
Planning for Mobility: http://go.microsoft.com/fwlink/?LinkId=235303
Deploying Mobility: http://go.microsoft.com/fwlink/?LinkId=235304
Monitoring Mobility for Performance: http://go.microsoft.com/fwlink/?LinkId=235305

Posted in Lync Server 2010 | Tagged: , , , , , | 60 Comments »

Lync AddressBook Process stops and starts every two minutes with Event ID 12330

Posted by Ståle Hansen on 04/11/2011

At a customer site I got EventID 12330 LS Server stating that abserver worker process failed to initialize itself. A quick google search lead me to this forum article:http://social.technet.microsoft.com/Forums/en-US/ocsaddressbook/thread/6365091e-ec34-46cc-b9f7-e362b9084bb3

There MVP colleague Johan Veldhuis found a cause of this problem. The cause was that the SQL database being backed up when the Addressbook was being generated resulting in low responce time and therefore the process did not complete its update. The addressbook is being generated at 01.30 default every night, and if it can not update we will see this kind of behaviour

Resolution

  • Use the Set-CsAddressBookConfiguration cmdlet to change the generation time
  • Set-CsAddressBookConfiguration -RunTimeOfDay 23:00
  • This will set the addressbook update to happen at 11 in the night to ensure no SQL backup overlap

Detailed error messages

Event ID 12330    LS Server

Failed starting a worker process.

Process: ‘C:\Program Files\Microsoft Lync Server 2010\Server\Core\ABServer.exe’  Exit Code: C3E8302D!_HRX! (The worker process failed to initialize itself in the maximum allowable time.!_HRM!).
Cause: This could happen due to low resource conditions or insufficient privileges.
Resolution:
Try restarting the server. If the problem persists contact Product Support Services.

Event ID 12331

Worker process exited prematurely.  The process will be automatically restarted.

Process: ‘C:\Program Files\Microsoft Lync Server 2010\Server\Core\ABServer.exe’  Exit Code: 0!_HRX! (The operation completed successfully.
!_HRM!)

Posted in Lync Server 2010 | Tagged: , , | 3 Comments »

Deep Dive Class – Understanding, Administering and Troubleshooting Lync Server 2010

Posted by Ståle Hansen on 11/09/2011

Together with Tommy Clarke I am developing a Deep Dive Class for those who wish to understand, administer and be able to do initial troubleshooting within a Lync Server environment. The course is aimed and made for administrators and will feature enterprise voice labs and troubleshooting hands on

Course overview

  • Day 1 – Understand the Lync infrastructure
  • Day 2 – Administration in Lync Control Panel and PowerShell. Enterprise Voice labs
  • Day 3 – Troubleshooting deep dive day 1: Understand the SIP protocol, ICE, STUN and TURN. Hands-on labs
  • Day 4 – Troubleshooting deep dive day 2: Troubleshooting the Lync infrastructure with hands-on labs

The first run will be held at Glasspaper in Oslo and starts september 19th. Second run starts november 28th. Visit Glasspaper to sign up: http://kursbase.glasspaper.no/Kurs/KursPomelding.aspx?KursID=1850

See this cool teaser Tommy made for his Swedish version of the course

Posted in Lync Server 2010 | Tagged: , , | Leave a Comment »

How to Check if you are running Lync Server Evaluation or Licensed Version

Posted by Ståle Hansen on 23/08/2011

At a customer site I was not sure if the PoC Lync environment was running Evaluation Version of the Lync Front End server or the Volume Licensed Version. They where looking to migrate from PoC to production so I had to make sure that the services didn’t stop in the middle of production.

Found a simple cmdlet to verify this: Get-CsServerVersion

  1. When run it will attempt to
  2. Read the registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Real-Time Communications\{A593FD00-64F1-4288-A6F4-E699ED9DCA35}\Type
  3. Based on that registry value, the cmdlet will then report back the version number of the software and the Lync Server licensing information the local computer and report back one of the following:
    • That the Lync Server volume license key has been installed on the computer, meaning that no updating is necessary.
    • That the Lync Server evaluation license key has been installed, meaning that the computer must be updated.
    • That no volume license key is required on the computer. Updating from the evaluation version to the licensed version is only required on Front End Servers, Directors, and Edge Servers.

What if Evaluation Version is installed and you have to upgrade to Licensed Version?

  1. Log on to the computer as a local administrator
  2. Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell
  3. In the Lync Server Management Shell, type the following command and then press ENTER:
    • msiexec.exe /fvomus server.msi EVALTOFULL=1 /qb
    • Note that you might need to specify the full path to the file server.msi. This file can be found in the Setup folder of the Lync Server Volume media installation files.
  4. After Setup finishes running, type the following from the command prompt and then press ENTER:
    • Enable-CsComputer
    • Repeat this procedure on any other Front End Server, Director, or Edge Server running an evaluation copy of Lync Server
    • This procedure should also be performed on any Branch Office Servers that were deployed by using the Lync Server media installation files

Using Get-CsServerVersion will also show you

  1. What Version Number you are running
  2. What patches has been installed
  3. For tips on determining if the latest CU has been installed see

References
TechNet: Updating From the Evaluation Version of Microsoft Lync Server 2010
TechNet: Get-CsServerVersion

Posted in Lync Server 2010 | Tagged: , , | 4 Comments »

Script to reset user policies in Lync on migrated OCS users

Posted by Ståle Hansen on 04/07/2011

A while back I was migrating a pilot OCS 2007 R2 solution to a Lync production solution. After moving the users I found that they had inherited their policies regarding external access and voice from OCS. In this case I was utilizing global policies in Lync and removing the need for granting specific policies to the users.

To change this I created a simple little script to reset these policies. The script is used at your own risk.

Download it here: http://msunified.net/lyncdownloads/script-reset-userpolicies-ps1/

The Script Does the Following

  • Gets all users that have an external policy set to other than $null
  • For each user all policies are set to $null
  • Writes the users who are changed, can be exported to csv if wanted
  • Also checks if any users failed and prints their names

If you can’t change settings on some users it is probably because of permission issues on the user object in AD. To check if that is the case do the following:

  • Open Active Directory Users and Computers (dsa.msc) from the Lync Front End server or any other server with ADDS
  • Go to View and select Advanced Features

  • Now find the user with the permission issues and select Properties
  • Select the security pane and click on Advanced
  • Make sure that “include inheritable permissions from this object’s parents” are checked

  • If not check it and OK out of there
  • Wait for AD replication and try again

This is an old Exchange AvtiveSync and OWA issue where users could not access these features. The affected users where probably a member of the below groups or have been at some point.

Found a good description of what can make this occur at: http://alanhardisty.wordpress.com/2010/03/05/activesync-not-working-on-exchange-2010-when-inherit-permissions-not-set/

The reason this happens is because Active Directory uses something called the AdminSDHolder to define what permissions the default protected security groups receive. Whilst you can change the inherited permissions, a process called SDPROP will run, by default every 60 minutes on the domain controller that holds the PDCe role. It will check the ACL of the protected groups and reset their inherited permissions and the users within the groups, with what has been defined by the AdminSDHolder object.

Microsoft’s recommendation and best practice is that if you are a domain administrator that you have 2 accounts. One for your everyday user which is restricted in the same way that every other user is and a second for your administration role.

The built in groups that are affected with Windows 2008 are:
Account Operators
Administrators
Backup Operators
Domain Admins
Domain Controllers
Enterprise Admins
Print Operators
Read-only Domain Controllers
Replicator
Schema Admins
Server Operators

The built in users that are affected with Windows 2008 are:
Administrator
Krbtgt

Posted in Lync Server 2010 | Tagged: , , , | Leave a Comment »

My Lync presentations at TechNet Live april 2011 available at TechNet Edge

Posted by Ståle Hansen on 09/05/2011

This year I got the honor to be a speaker at the business value track and the technical track at TechNet Live in Norway march 31 . I talked about Unified Communications in general and Lync Server 2010 as a PBX replace. TechNet Live is hold in the four largest cities in Norway every year and this year it was about 1000 attendees for all the cities. Below are the Screencasts from my sessions in Oslo. The presentations are in norwegian.

Key benefits with Unified Communications and how to realize them. Talks about:

  • How to work more effectively with UC
  • Where are the primary benefits
  • How do you succeed with you UC deployment
  • Download PDF

Lync Server 2010, your new PBX?. Talks about:

  • Whats new in Lync Server 2010
  • The topology of Lync Server 2010
  • Demo of how to manage response groups
  • Lync Server 2010 troubleshooting
  • Download PDF

Demo: Microsoft Unified Communications. Talks about:

  • What is Microsoft Unified Communications
  • Demos how to work effectively during projects with UC
  • Download PDF

Posted in Lync Server 2010 | Tagged: , , , , | Leave a Comment »

Lync Server 2010 Troubleshooting Tips

Posted by Ståle Hansen on 15/04/2011

Last updated: 24.10.2012

When deploying Lync Server 2010 you will most likely come across a lot of strange behaviour and stuff that don’t work as expected due to configuration errors or environmental issues. I will in this post try to collect the solutions and articles I find and update along the way, to have troubleshooting tips in one place. Please let me know if any good blog posts or articles that solve some specific problems is not listed here.

General Troubleshooting
Troubleshooting Lync may be a daunting task since there is a lot of elements that is involved in a deployment. Over the years troubleshooting OCS and Lync I have found a routine for eliminating problems. If you have deployed Lync Server and there is connectivity issues or some features not working I usually go about it in the following order: Read the rest of this entry »

Posted in Lync Server 2010, Troubleshooting | Tagged: , | 12 Comments »

Stale OCS objects showing up in Lync BPA

Posted by Ståle Hansen on 13/04/2011

Recently I ecountered a problem within the Lync Server 2010, Best Practices Analyzer where it found an error for the old OCS 2007 R2 EDGE server.

Problem

  • Lync Server 2010, Best Practices Analyzer returned an error stating the following
    • Error: A trusted service with the type “MRAS” and the fully qualified domain name (FQDN) “” was found for empty or unmatched Globally Routable User Agent URI (GRUU)
  • Searching this up in ADSI edit showed the object present under Trusted Services and aslo under Global Objects container
    • Full path: CN=RTC Service,CN=Services,CN=Configuration,DC=Contoso,DC=com

  • Notice in the picture the yellow highlight that the GRUUID is in capital letters. It turns out that OCS objects are in capital letters and Lync object are in small letters. This is confirmed by Microsoft
  • It is safe to remove these stale objects and OCS objects are easy to identitfy

Solution

  • Delete the stale objects from TrustedServices and Global Objects, containing references to the old EDGE server
  • When running Test-CsTopology again, wich also returned the error code, we got error messages on EDGE server having a missing GRUUID
  • Did rerun Publish-CsTopology
  • The missing objects got recreated
  • Test-CsTopology went through fine
  • Lync Server 2010, Best Practices Analyzer returned a healthy deployment

Conclusion

  • When uninstalling the OCS 2007 R2 services and serves we forgot to remove the OCS 2007 R2 EDGE from the OCS Configuration
    • These settings can be found under Global Properties->EDGE Servers in the OCS GUI
  • The OCS objects should be uninstalled when doing a proper removing of services and features
  • It is safe to remove stale OCS objects that is in capital letters
  • Publish Topology will recreate objects that are missing

NOTE: When you install OCS or OCS R2, the SIP Domain object in the Global Settings container is created as a Version 4 (legacy) object. Be careful not to accidentally delete your SIP Domain object, as it will appear as a legacy object in ADSI edit.

Posted in Lync Server 2010 | 2 Comments »

Topology Basics You Must Know Before Planning for Lync Server 2010

Posted by Ståle Hansen on 07/04/2011

In preparation for the Exam 70-665: PRO: Microsoft Lync Server 2010, Administrator I found this article on TechNet useful: http://technet.microsoft.com/en-us/library/gg398552.aspx. It’ s about need to know basics and numbers when planning your Microsoft supported Lync design. Here is a summary with the numbers you must know before taking the Lync PRO Exam:

Site Types

  • Central Site
    • Contains at least one Front End Pool or Standard Edition Server
    • Is mandatory in a Lync Server Deployment
  • Branch Site
    • Is connected to exactly one Central Site and contain one of the following
    • A PSTN gateway and, optionally, a Mediation Server.
      • Designed for branch sites with between 1 and 25 users
    • Survivable Branch Appliance (SBA)
      • Is an industry-standard blade server with a Microsoft Lync Server 2010 Registrar and Mediation Server running on Windows Server 2008 R2
      • The SBA also contains a PSTN gateway
      • Designed for branch sites with between 25 and 1000 users
    • Survivable Branch Server (SBS)
      • Is a server running Windows Server that meets specified hardware requirements, and that has Lync Server 2010 Registrar and Mediation Server software installed on it
      • Does not contain a PSTN gateway
      • Designed for branch sites with between 1000 and 5000 users

Server Roles

  • Standard Edition Server
    • Uses local SQL Express database to host users
    • One Standard Edition server supports as many as 5,000 users
    • In virtual deployments this is reduced to about 2,500 users
    • Can be part of a backup pool topology
  • Front End Server and Back End Server
    • Front End pool is a set of Front End Servers, configured identically, that work together to provide services for a common group of users
      • One Front End pool in the deployment also runs the Central Management Server
      • The Central Management Server also provides Lync Server Management Shell and file transfer capabilities
    • Back End Servers do not run any Lync Server software
      • Can be a single SQL server, but its recommended to run a cluster of two or more
      • Information stored in the Back End Server databases includes
        • presence information
        • users’ Contacts lists
        • conferencing data including persistent data about the state of all current conferences
        • conference scheduling data
    • Front End Server scalability
      • One Front End Server for every 10,000 users homed in the pool
      • In virtual deployments this is reduced to about 5,000 users
      • The maximum number of users in one Front End pool is 80,000, if more than this, deploy an additional pool
  • A/V Conferencing Server
    • It can be collocated with Front End Server, or deployed separately as a single server or A/V Conferencing Server pool
    • One A/V Conferencing Server deployed as a single server for each 20,000 users at a site
  • EDGE Server
    • Server enables your users to communicate and collaborate with users outside the organization’s firewalls
    • Can be deployed with
      • One external IP
      • Three external IP’s
      • Can be behind NAT
      • But when in HA scenario, AV EDGE need to be directly routable
    • Deploy one Edge Server for every 15,000 users you expect to access a site remotely
    • In virtual deployments this is reduced to about 7,500 users
  • Mediation Server
    • Mediation Server translates signaling and, in some configurations, media between your internal Lync Server infrastructure and
      • Public switched telephone network (PSTN) gateway
      • IP-PBX
      • Session Initiation Protocol (SIP) trunk
    • Estimating Voice Usage and Traffic
      • For Light traffic (one PSTN call per user per hour) figure 15 users per port
      • For Medium traffic (2 PSTN calls per user per hour) figure 10 users per port
      • For Heavy traffic (3 or more PSTN per user calls per hour) figure 5 users per port
  • Monitoring Server
    • Monitoring Server collects data about the quality of your network media and collects call error records (CERs), which you can use to troubleshoot failed calls
    • can support up to 250,000 users if not collocated with Archiving Server
    • If collocated, it can support up to 100,000 users
  • Archiving Server
    • Enables you to archive IM communications and meeting content for compliance reasons
    • If you do not have legal compliance concerns, you do not need to deploy Archiving Server
    • Archiving Server can support up to 500,000 users if not collocated with Monitoring Server
    • If collocated, it can support up to 100,000 users
  • Director
    • Can authenticate Lync Server user requests, but do not home user accounts, or provide presence or conferencing services
    • Most useful in deployments that enable external user access, where the Director can authenticate requests before sending them on to internal servers
    • Directors can also improve performance in organizations with multiple Front End pools
    • Deploy one Director for every 15,000 users who will access a site remote
    • In virtual deployments this is reduced to about 7,500 users

Posted in Lync Server 2010 | Tagged: , , | 1 Comment »

 
Follow

Get every new post delivered to your Inbox.

Join 58 other followers

%d bloggers like this: