I think this infographic really demonstrates what an amazing service they deliver…no wonder they get great feedback and customer loyalty…
Just a quick post showing how to change the certification pipeline to use SSL after initial install not choosing to secure the URL. This may be the case if you need to request a certificate after initial set up or are waiting on a third party certificate, or just change your mind! The steps to do this are outlined below:
1. Open IIS on the AD RMS server and edit the bindings, add a binding for HTTPS selecting the certificate to use making sure the name matches your cluster URL.
2. Remove the HTTP binding from the list and do an IIRESET.
3. Close and reopen the AD RMS console and ensure in the centre console both URL’s are using HTTPS.
4. If the SCP has already been published in Active Directory you will need to re-publish it so that clients discover the new HTTP’s certification pipeline.
Good Luck!
Ash
So, this week see’s the release of the Lync mobile client for a number of different phone OS’ kicking off with the client for Windows Mobile 7.
We were keen to get going with this and as such had prepared our Lync environment on Friday so we could get the clients installed and working first thing this morning – and good news, it all works like a charm.
I have been through MS’ mobility document and this blog aims to give you the information you need to get this working, it doesn’t however, detail any of the sizing calculations you will need to think about when enabling Lync mobility services.
To facilitate the Lync 2010 mobility client both internal and external DNS records are required.
The following table details the records required:
Table 1 – Lync A record DNS requirements – Internal
|
Lync Mobility A record DNS requirements – Internal |
|
|
FQDN |
IP Address/ Details |
|
LyncDiscoverInternal.internaldomain.com |
FE Server/ FE Pool/ Director Pool (VIP of HLB if used) |
Table 2 – Lync A record DNS requirements – External
|
Lync Mobility A record DNS requirements – External |
|
|
FQDN |
IP Address/ Details |
|
LyncDiscover.externaldomain.com |
external IP of Reverse Proxy |
Note: These records are required for each SIP domain you use.
The certificates bound to the internal Lync Server as well as the Reverse Proxy will need amending to accept connections on the names listed above. The following names need adding to the SAN field of the internal and external certificates.
Internal – Lyncdiscoverinternal.internaldomain.com
External – Lyncdiscover.externaldomain.com
Note: A wildcard certificate can be used on TMG (Reverse Proxy) in place of a SAN certificate
A pre-requisite to the installation of the Lync2010 Mobility pack is the installation of the Cumulative Update 4 (CU4) released in November 2011 which can be found here:
http://go.microsoft.com/fwlink/?LinkID=208564.
1.3.1 Set Mobility Service ports
Once the above update has been installed we need to set the firewall ports used by the mobility service for both the internal and external web services. The following commands detail how to complete this exercise.
Internal Web Services:
Set-CsWebServer –Identity “FESERVER01.internaldoamin.com” –McxSipPrimaryListeningPort 5086
External Web Services:
Set-CsWebServer –Identity “FESERVER01.internaldomain.com –McxSipExternalListeningPort 5087
To publish the changes:
Enable-CsTopology
Once the ports have been set and CU4 has been installed you can install the Lync Mobility pack, found here: http://www.microsoft.com/download/en/details.aspx?id=28356
To create a web publishing rule for the external Autodiscover URL on MS TMG use the following (taken directly from the MS guide)
|
1. Click Start, point to Programs, point to Microsoft Forefront TMG, and then click Forefront TMG Management. 2. In the left pane, expand ServerName, right-click Firewall Policy, point to New, and then click Web Site Publishing Rule. 3. On the Welcome to the New Web Publishing Rule page, type a display name for the new publishing rule (for example, LyncDiscoveryURL). 4. On the Select Rule Action page, select Allow. 5. On the Publishing Type page, select Publish a single Web site or load balancer. 6. On the Server Connection Security page, select Use SSL to connect to the published Web server or server farm. 7. On the Internal Publishing Details page, in Internal Site name, type the fully qualified domain name (FQDN) of your Director pool (for example, lyncdir01.contoso.local). If you are creating a rule for the external Web Services URL on the Front End pool, type the FQDN of the Front End pool (for example, lyncpool01.contoso.local). 8. On the Internal Publishing Details page, in Path (optional), type /* as the path of the folder to be published, and then select Forward the original host header. 9. On the Public Name Details page, do the following: · Under Accept Requests for, select This domain name. · In Public Name, type lyncdiscover.<sipdomain> (the external Autodiscover Service URL. If you are creating a rule for the external Web Services URL on the Front End pool, type the FQDN for the external Web Services on your Front End pool (for example, lyncwebextpool01.contoso.com). · In Path, type /*. 10. On Select Web Listener page, in Web Listener, select your existing SSL Listener with the updated public certificate. 11. On the Authentication Delegation page, select No delegation, but client may authenticate directly. 12. On the User Set page, select All Users. 13. On the Completing the New Web Publishing Rule Wizard page, verify that the web publishing rule settings are correct, and then click Finish. 14. In the Forefront TMG list of web publishing rules, double-click the new rule you just added to open Properties. 15. On the To tab, do the following: · Select Forward the original host header instead of the actual one. · If your deployment has a Front End pool, select Requests appear to come from the original client. If your deployment has a single Front End Server or Standard Edition server, select Requests appear to come from the Forefront TMG computer. 16. On the Bridging tab, configure the following: · Select Web server. · Select Redirect requests to HTTP port, and type 8080 for the port number. · Select Redirect requests to SSL port, and type 4443 for the port number. 17. Click OK. 18. Click Apply in the details pane to save the changes and update the configuration. 19. Click Test Rule to verify that your new rule is set up correctly. |
1.5 Configure Push Notification
Microsoft phones and iPhones can make use of Push rather than Pull notification; push notifications enable events and messages to be delivered even when the device is inactive. Push notifications works via a cloud-based Lync Server and as such you need to create a federation relationship to facilitate the delivery of notifications etc.
To configure Push, run the following from the Lync Management Shell:
New-CsHostingProvider –Identity “LyncOnlineFederation” –Enabled $True –ProxyFqdn “sipfed.online.lync.com” –VerificationLevel UseSourceVerification
New-CsAllowedDomain –Identity “push.lync.com”
To enable Push, run the following from the Lync Management Shell:
Set-CsPushNotificationConfiguration –EnableApplePushNotificationService $True –EnableMicrosoftPushNotificationService $True
Set-CSAccessEdgeConfiguration -AllowFederatedUsers $True
Good luck and Merry Xmas
NeilC
risual is hiring
Risual is looking for New Business sales people and Account Managers. Candidates should have a proven sales track record; good solution sales experience and ideally have experience of helping customers to realise return on their investments in Microsoft Core Infrastructure and Business Productivity solutions
Risual is looking for talented and senior-level consultants with experience deploying Microsoft System Center solutions in enterprise environments. This position is 100% customer facing for project-based work – as such, candidates must possess a high degree of professionalism and exceptional interpersonal and skills in addition to technical aptitude with the products.
The System Centre consultant will be responsible for leading and deploying Microsoft System Center solutions (SCOM, SCCM, SCVMM, SCSM & SCDPM.) at customer environments, from medium-size businesses of approx. 1,000 users to enterprise organisations of 10-100,000 users. The consultant will also lead end user computing refresh projects using Windows 7 and SCCM Operating System Deployment.
To be successful the candidates will need demonstrable experience of completing technical delivery and consulting engagements across different business environments, sectors and sizes. In addition, the SharePoint Consultants should also have excellent and demonstrable experience Designing, Architecting, Implementing and Configuring Microsoft Sharepoint Products and Technologies including:
Experience with earlier releases of SharePoint and other related Microsoft Technologies such as Office is also highly valued.
Risual Software Support Services (RSS) provides the focal point for resolution of all technical issues for Risual customers with deployed production environments, based on Risual supported Microsoft technologies. The primary responsibility of this team is to provide excellence in support for all customers with a Risual support contract. The Support Engineer role is 100% Microsoft centric and relies on excellent technical skill, knowledge and understanding, including:
