Slides and videos from my Lync sessions on NIC2012 are now available

This year Nordic Infrastructure Conference (NIC) arranged for the first time. I am really honored to be considered to speak at an international conference and together with so many great speakers that I look up to. Speakers like Brian Komar, Johan Arwidmark, Martin Lidholm, Olav Tvedt, Thomas Lee and many others attended and I enjoyed their sessions. See list of speakers here: My sessions where about Lync Server 2010 troubleshooting and integrations. I enjoyed speaking there even though my spoken english is not the best, I think I got the points accross :) View the videos from NIC: Continue reading

Virtual Technical Solution Professional (V-TSP) at Microsoft Norway

In january 2012 I became a Virtual Technical Solution Professional (V-TSP) at Microsoft Norway. Virtual means that I am still employed by Atea but work closely with the local Microsoft team.

My role as a V-TSP is to provide technology overviews, proofs-of-concept, technical demonstrations, and technology assessments for Microsoft customers. The V-TSP program demands that the partner have the gold competency and that the provided resource is highly skilled and certified within the area of expertise.

I am really looking forward to work even more closely with Microsoft and make sure their customers implement Microsoft Lync and the Unfied Communications proftfolio to the fullest by combining the broad best-of-breed UC technologies from Atea together with Microsoft.

Here is some information I found regarding the V-TSP program

The Microsoft Virtual Technology Specialist Program (V-TSP) is a select group chosen from the elite in Microsoft’s partner community, whose focus is to augment Microsoft’s internal Technology Specialist team. Their primary role is to communicate the value of Microsoft Solutions to customers and to provide architectural guidance for Enterprise Integration solutions. The Microsoft V-TSP program was designed to create a deeper relationship with Microsoft Partners, the Product Teams at Microsoft Corporate, and Regional Microsoft Offices, in order to provide highly skilled solution specialists to Microsoft customers. It is designed to enable a high performance team of partner-based resources to deliver pre-sale activities and resources to empower customers and help them meet their solution and integration needs.

V-TSPs are chosen by Microsoft because of their superior architectural, development, consulting, and customer interfacing skills. Microsoft utilizes these type of individuals in partnership with the Microsoft regional Offices, in pre-sales efforts to secure Microsoft solution opportunities. This includes meeting with Microsoft customers, participating in customer visits with Microsoft representatives, as well as, participating in broad reach events like presenting training and seminars to Microsoft customers.

Microsoft V-TSPs have direct access to online resources and documentation and resources that are usually solely reserved for the Microsoft internal teams. They also have early access to extensive information about all new Microsoft product releases, which benefit Atea and Microsoft customers.

Lync Server Mobility Troubleshooting Tips

The Lync Mobility service and the Lync Clients was released 13.12.2011. Since then as we get more hands-on with the service there are in some cases trouble getting the it up and running. This post is dedicated to how you can test and troubleshoot the mobility service deployment. I will update this post when I find more information on how to troubleshoot and how to solve certain scenarios.

Last updated: 14.10.2012 Continue reading

Enabling Lync Server 2010 for Lync Mobile Clients

As the Lync mobile clients are released so are the server side setup notes. This article will go through the steps for setting up your environment and make it ready for the Lync mobile clients.

Note: This post will be updated as the Lync community get more hands on with the service. Last update 10.04.2012

Lync Mobile features

Lync mobile client is released for Windows Phone 7, iPhone, iPad, Android and Nokia (Symbian). The feature set is about the same accross the platforms. There is no ability to view meeting content, video or do voice over IP. The main features is therefore

  • IM and presence
  • One Click join meetings
  • Call via work

For a detailed feature list see the TechNet article:

Planning for Lync Mobility

If you have a multi-homed Front End server the Mobility Service (Mcx) may sometimes fail

  • Reason: When calculating routing for a Mobility request the service makes a call to read DNS settings of the registered adapter. In some instances it is possible for the non-registered adapter to be returned.
  • This causes routing of the request to fail This is regardless subnet configuration on the second NIC
  • There should be a forthcoming Release Note or KB Article on this topic
  • UPDATE: This issue was fixed in the february 2012 mobility update:

If you use a Director it must be updated the same way as for a Front End

If you plan to support Lync Mobility and Push Notifications over a Wi-Fi you need to


This Lync Mobility guide requires that your Lync solution is deployed with Lync Edge server and Reverse Proxy. This guide will only talk about Lync Mobility specific configuration

Install CU4 (November release) or later in you Lync infrastructure:

IIS 7.5 is recommended because of some high load request limitations

If you use Hardware Load Balancer

  • You must ensure that cookie-based persistence on a per port basis for external ports 4443 and 8080 on the hardware load balancer is configured
  • For Lync Server 2010 it is important to use cookie-based persistence so that multiple connections from a single client are sent to one server to maintain session state
  • For details on how to configure, see Load Balancing Requirements.

Install the IIS feature Dynamic Content Compression (Web-Dyn-Compression) on all involved Front End servers

  • Server 2008: ServerManagerCMD.exe –Install Web-Dyn-Compression
  • Server 2008 R2: Import-Module ServerManager; Add-WindowsFeature Web-Dyn-Compression

Enabling Lync Mobility

Configure Lync Mobility Autodiscover CNAME DNS records

  • Internal:
    • Point it to your Front End pool FQDN CNAME
  • External:
    • Point it to your Reverse Proxy FQDN if using SSL or a new publishing rule and IP if you are using port 80
    • To find you reverse proxy FQDN use this PowerShell oneliner on your Front End server
      • Get-CsService -WebServer | ft ABHandlerExternalUri

Configure listening ports for the Mobility Service (Mcx)

  • Verify that your server version is correct by running PowerShell cmdlet: Get-CsServerVersion
    • Version should be 4.0.7577.0 or newer
  • In PowerShell run the following cmdlet for internal and external listening port
    • Set-CsWebServer –Identity <internal FE Pool FQDN> -McxSipPrimaryListeningPort 5086 -McxSipExternalListeningPort 5087
  • Publish the updates to the CMS database
    • Enable-CsTopology –verbose

Download and enable the Lync Mobility

  • Do not install, but download the McxStandalone.msi and place it in the following folder on all Front End servers and Directors
  • Run the Lync Server Deployment wizard, found under Administrative tools-> Lync Server
    • In the wizard click Install or update Lync Server System
    • Choose Step 2: Setup or Remove Lync Server components
    • This will reconfigure the Lync Services on the Front End with the new listening ports
  • Verify that the server is configured correct, open IIS and check for Autodiscover and Mcx Vdirs

Update certificates on Front End and Edge/TMG

  • Still in the Lync Server Deployment Wizard choose step 3: Request, Install or Assign Certificates
  • You need to request a new certificate with the new name, make sure you get all additional SAN entries from the old certificate
  • If you use the same certificate on all Front End services you can use this PS onliner to get a list of your certificates SAN’s
    • On FE: Get-CsCertificate -Type default | Select-Object -ExpandProperty AlternativeNames
  • If you use the same certificate on Edge and TMG you can run the below command to get all SAN’s
    • On Edge: Get-CsCertificate -Type DataEdgeExternal | Select-Object -ExpandProperty AlternativeNames
  • To reissue the certificates using PowerShell see Ari Protheroe’s blog post:

Configuring Push Notification

  • Push Notification is used by the Mobility Service to send notifications to Apple and Microsoft phones that has the Lync application running in the background to wake them up
  • To enable push notification run the following cmdlet:
    • Set-CsPushNotificationConfiguration -EnableApplePushNotificationService $True -EnableMicrosoftPushNotificationService $True
  • You need to enable federation with Office365 as a hosted provider if you have not already done so
    • New-CsHostingProvider -Identity “LyncOnline” -Enabled $True -ProxyFqdn “” -VerificationLevel UseSourceVerification
  • You then need to set up a hosting proivder between your organization and the Push Notification Service at Lync Online
    • New-CsAllowedDomain -Identity “”

Publishing externally

There is two possibilities when publishing Lync Mobility through a reverse proxy

  • Publish through port 80 using the same IP as your existing Lync publishing rule
    • Pros: you don’t have to update on your reverse proxy certificate with an extra SAN name
    • Cons: you need to open port 80->8080 on a new rule and it is not recommende to do this by Microsoft
    • Cons: I have experienced problems using port 80 event though all config was correct. Everything worked fine when adding a certificate. So I don’t recommend it.
    • Result: discovery information for you Lync mobile clients will get information about logon server unencrypted, the rest is encrypted the usual way
  • Publish through port 443 using the same IP as your existing Lync publishing rule
    • Pros: All traffic will be encrypted, you just need to add to public name on the publishing rule
    • Cons: You need to add an extra SAN name for on your reverse proxy certificate
    • Result: all traffic are encrypted
  • Take a look at Adam Jacobs blogpost at the bottom for how to create a new rule

Validating and Troubleshooting

I have written a blogpost on how to validate and troubleshoot Lync Mobile and Mobility here:

Monitoring the Mobility Performance

There are several places you can monitor Mobility, here from TechNet:


MVP Adam Jacob’s blog:
Ben Lee’s blog:
MVP Jeff Schertz’s blog:
Lync Server Mobility Troubleshooting Tips:
Microsoft Lync Server 2010 Mobility Guide:
Planning for Mobility:
Deploying Mobility:
Monitoring Mobility for Performance:

Want to work with Lync and Exchange and be a part of the best UC team in Norway?

Microsoft Lync and Microsoft Exchange consultants from Atea are in big demand these days and we need to add more skillful hands. In Norway Atea seeks consultants, architects and advisors that want to work with Lync and Exchange in the Oslo area, Drammen area and Bodø area

Why work with Lync and Exchange in Atea?

  • Atea strive to always deliver best practice deployments
  • There are about thirty active consultants with Lync and Exchange as their primary focus placed all over the country
  • Some of the consultants have worked with Microsoft UC as their primary focus since Live Communications Server 2005
  • We have an active internal community that share knowledge internally using SharePoint 2010 and strive to help each other as best we can
  • Atea encourage consultants to be active within the global Microsoft community through forums, blogging, presenting and user groups

Who should apply?

  • You want to deep dive and focus on becoming a valuable resource within Lync and Exchange
  • You are always looking for new challenges and want to work with a variety of deployments from simple to complex
  • You want to learn from some of the best Lync consultants in Norway
  • You aim for Certified Master within Lync or Exchange
  • You are familiar with PowerShell scripting

Where to apply?

Why is Atea the best UC team in Norway?

Lync AddressBook Process stops and starts every two minutes with Event ID 12330

At a customer site I got EventID 12330 LS Server stating that abserver worker process failed to initialize itself. A quick google search lead me to this forum article:

There MVP colleague Johan Veldhuis found a cause of this problem. The cause was that the SQL database being backed up when the Addressbook was being generated resulting in low responce time and therefore the process did not complete its update. The addressbook is being generated at 01.30 default every night, and if it can not update we will see this kind of behaviour


  • Use the Set-CsAddressBookConfiguration cmdlet to change the generation time
  • Set-CsAddressBookConfiguration -RunTimeOfDay 23:00
  • This will set the addressbook update to happen at 11 in the night to ensure no SQL backup overlap

Detailed error messages

Event ID 12330    LS Server

Failed starting a worker process.

Process: ‘C:\Program Files\Microsoft Lync Server 2010\Server\Core\ABServer.exe’  Exit Code: C3E8302D!_HRX! (The worker process failed to initialize itself in the maximum allowable time.!_HRM!).
Cause: This could happen due to low resource conditions or insufficient privileges.
Try restarting the server. If the problem persists contact Product Support Services.

Event ID 12331

Worker process exited prematurely.  The process will be automatically restarted.

Process: ‘C:\Program Files\Microsoft Lync Server 2010\Server\Core\ABServer.exe’  Exit Code: 0!_HRX! (The operation completed successfully.

Deep Dive Class – Understanding, Administering and Troubleshooting Lync Server 2010

Together with Tommy Clarke I am developing a Deep Dive Class for those who wish to understand, administer and be able to do initial troubleshooting within a Lync Server environment. The course is aimed and made for administrators and will feature enterprise voice labs and troubleshooting hands on

Course overview

  • Day 1 – Understand the Lync infrastructure
  • Day 2 – Administration in Lync Control Panel and PowerShell. Enterprise Voice labs
  • Day 3 – Troubleshooting deep dive day 1: Understand the SIP protocol, ICE, STUN and TURN. Hands-on labs
  • Day 4 – Troubleshooting deep dive day 2: Troubleshooting the Lync infrastructure with hands-on labs

The first run will be held at Glasspaper in Oslo and starts september 19th. Second run starts november 28th. Visit Glasspaper to sign up:

See this cool teaser Tommy made for his Swedish version of the course

Gartner Magic Quadrant for Unified Communications 2011

August 11 2011 Gartner released the yearly Magic Quadrant for 2011 for the Unified Communications Segment. Here is a short summary of the report

The trend within Unified Communications (UC)

  • The Enterprise UC market has matured significantly since the previous report
  • The vendors now have
    – Seamless interoperability within the suite
    – The administration is more centralized
    – The deployment is even more easy than before
  • Gartner recommends to mix vendors for best-of-breed functionality
  • Single vendor still achieves acceptable functionality

The Magic Quadrant for Unified Communications 2011

Analysis: What has happened since last year?
Compare with last years post:

  1. Microsoft is still in the lead having the vision and being able to execute on it
    • Releasing Lync has strengthened their telephony offering
    • Office 365 with Lync Online have given them an edge in the UCaaS segment
    • The Skype acquisition will improve the Lync family offering even more
  2. Cisco is closer than ever
    • Got a more integrated approach with their UC 8.x release
    • Successfully integrated Tandberg with existing telepresence solution
  3. Avaya has the same position as last year
    • Improved on existing functionality
    • Added the Flare gesture oriented user interface
  4. Alcatel-Lucent have jumped from challenger to the leader quadrant
    • Advanced their portfolio and have to prove that they can deliver
  5. Siemens Enterprise Communications has taken a minor step from visionary to a visionary leader
    • Advanced their portfolio and have to prove that they can deliver

My take on this

As a Microsoft Unified Communications Architect it is good to see that the vendor of my primary focus is the market leader. I agree that Lync was a big step regarding voice and that Lync Online will be a good extension of Lync on-premise. Working in Atea we focus on vendor interoperability. Having even more vendors in the leader quadrant makes it equally more difficult for our customers to find the best solution.

Gartner says:“Using multiple vendors to offer users best-of-breed functionality in all UC areas, will also allow migration of existing investments”

This statement is very true and will demand an even broader vendor focus from the partners implementing UC. I am happy that Atea have this broad scope of competency and can design and deploy best-of-breed functionality based on Microsoft, Cisco and Avaya combined with third-party solutions.

Here is what Gartner says about Microsoft

Lync 2010 offers a full suite of UC functionality. Although the real-time functions in Lync — including voice, telephony, video and related conferencing — are not as mature as other functions (such as IM/P and Web conferencing, email and UM), they have improved significantly over the previous version, which was known as Office Communications Server 2007 R2. Microsoft has developed a strong
set of technology and service partners that offer a growing ecosystem.

Microsoft offers a visionary approach for addressing enterprise communication and collaboration requirements. Enterprises looking into UC should consider the Microsoft solution and, at a minimum, understand the vision and how solutions of this type might change their business processes. Enterprises considering deploying Lync telephony and video should understand its limitations and infrastructure requirements.

  • Microsoft has had an impressive and growing list of Lync and Exchange UM deployments, from small (fewer than 300) to midsize to very large (more than 10,000) enterprises, in both centralized and distributed configurations. Although a few of the deployments report that they have completely eliminated their PBXs, most current deployments use Lync for some employees, while other employees and functions remain on the PBX. Microsoft’s pending Skype acquisition offer, along with the Lync Online and the Office 365 cloud service offerings, suggest that Lync will mature as a comprehensive and hybrid UC product.
  • Companies report that, once deployed, Lync functions can be integrated into business processes and applications, providing new, different and effective ways to perform tasks. In some cases, these new functions are achieved by deploying Lync enhancements from a growing list of ecosystem partners.
  • Microsoft has better positioned Lync to compete in telephony markets by adding several partner telephone handsets, by bundling of basic Lync functions in the Core client access license (CAL) and by offering a specific Lync Voice CAL.
  • Enterprise planners should understand that Lync’s telephony and video functionality is new and has seen fewer deployments than traditional PBX vendors. As a result, in many cases, a phased or trial deployment approach may be an effective way to ensure that the system and the underlying network provide the needed functionality, quality and performance.
  • Most enterprises that integrate Lync with existing PBXs have done so via direct SIP trunking. Gartner research indicates that there are few reports of successful deployments based on a tight client-side or server-side integration. The difficulty is likely to result from the newness of the solution and the competitiveness of the UC market.
  • Although the bundling associated with Lync 2010 is positive for addressing basic users, Microsoft needs to support more integrations with front-office capabilities, such as contact center and switchboard functionality, to develop this product as an overall replacement for legacy communications infrastructures.

Read the full report here:
Also read a good review here:
Magic Quadrant for Unified Communications: UC integration improves:

How to Check if you are running Lync Server Evaluation or Licensed Version

At a customer site I was not sure if the PoC Lync environment was running Evaluation Version of the Lync Front End server or the Volume Licensed Version. They where looking to migrate from PoC to production so I had to make sure that the services didn’t stop in the middle of production.

Found a simple cmdlet to verify this: Get-CsServerVersion

  1. When run it will attempt to
  2. Read the registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Real-Time Communications\{A593FD00-64F1-4288-A6F4-E699ED9DCA35}\Type
  3. Based on that registry value, the cmdlet will then report back the version number of the software and the Lync Server licensing information the local computer and report back one of the following:
    • That the Lync Server volume license key has been installed on the computer, meaning that no updating is necessary.
    • That the Lync Server evaluation license key has been installed, meaning that the computer must be updated.
    • That no volume license key is required on the computer. Updating from the evaluation version to the licensed version is only required on Front End Servers, Directors, and Edge Servers.

What if Evaluation Version is installed and you have to upgrade to Licensed Version?

  1. Log on to the computer as a local administrator
  2. Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell
  3. In the Lync Server Management Shell, type the following command and then press ENTER:
    • msiexec.exe /fvomus server.msi EVALTOFULL=1 /qb
    • Note that you might need to specify the full path to the file server.msi. This file can be found in the Setup folder of the Lync Server Volume media installation files.
  4. After Setup finishes running, type the following from the command prompt and then press ENTER:
    • Enable-CsComputer
    • Repeat this procedure on any other Front End Server, Director, or Edge Server running an evaluation copy of Lync Server
    • This procedure should also be performed on any Branch Office Servers that were deployed by using the Lync Server media installation files

Using Get-CsServerVersion will also show you

  1. What Version Number you are running
  2. What patches has been installed
  3. For tips on determining if the latest CU has been installed see

TechNet: Updating From the Evaluation Version of Microsoft Lync Server 2010
TechNet: Get-CsServerVersion

Script to reset user policies in Lync on migrated OCS users

A while back I was migrating a pilot OCS 2007 R2 solution to a Lync production solution. After moving the users I found that they had inherited their policies regarding external access and voice from OCS. In this case I was utilizing global policies in Lync and removing the need for granting specific policies to the users.

To change this I created a simple little script to reset these policies. The script is used at your own risk.

Download it here:

The Script Does the Following

  • Gets all users that have an external policy set to other than $null
  • For each user all policies are set to $null
  • Writes the users who are changed, can be exported to csv if wanted
  • Also checks if any users failed and prints their names

If you can’t change settings on some users it is probably because of permission issues on the user object in AD. To check if that is the case do the following:

  • Open Active Directory Users and Computers (dsa.msc) from the Lync Front End server or any other server with ADDS
  • Go to View and select Advanced Features

  • Now find the user with the permission issues and select Properties
  • Select the security pane and click on Advanced
  • Make sure that “include inheritable permissions from this object’s parents” are checked

  • If not check it and OK out of there
  • Wait for AD replication and try again

This is an old Exchange AvtiveSync and OWA issue where users could not access these features. The affected users where probably a member of the below groups or have been at some point.

Found a good description of what can make this occur at:

The reason this happens is because Active Directory uses something called the AdminSDHolder to define what permissions the default protected security groups receive. Whilst you can change the inherited permissions, a process called SDPROP will run, by default every 60 minutes on the domain controller that holds the PDCe role. It will check the ACL of the protected groups and reset their inherited permissions and the users within the groups, with what has been defined by the AdminSDHolder object.

Microsoft’s recommendation and best practice is that if you are a domain administrator that you have 2 accounts. One for your everyday user which is restricted in the same way that every other user is and a second for your administration role.

The built in groups that are affected with Windows 2008 are:
Account Operators
Backup Operators
Domain Admins
Domain Controllers
Enterprise Admins
Print Operators
Read-only Domain Controllers
Schema Admins
Server Operators

The built in users that are affected with Windows 2008 are: