So, this week see’s the release of the Lync mobile client for a number of different phone OS’ kicking off with the client for Windows Mobile 7.

We were keen to get going with this and as such had prepared our Lync environment on Friday so we could get the clients installed and working first thing this morning – and good news, it all works like a charm.

I have been through MS’ mobility document and this blog aims to give you the information you need to get this working, it doesn’t however, detail any of the sizing calculations you will need to think about when enabling Lync mobility services.

1.1 DNS

To facilitate the Lync 2010 mobility client both internal and external DNS records are required.

The following table details the records required:

 

Table 1 – Lync A record DNS requirements – Internal

Lync Mobility A record DNS requirements – Internal
FQDN	IP Address/ Details
LyncDiscoverInternal.internaldomain.com	FE Server/ FE Pool/ Director Pool (VIP of HLB if used)

 

Table 2 – Lync A record DNS requirements – External

Lync Mobility A record DNS requirements – External
FQDN	IP Address/ Details
LyncDiscover.externaldomain.com	external IP of Reverse Proxy

Note: These records are required for each SIP domain you use.

1.2 Certificates

The certificates bound to the internal Lync Server as well as the Reverse Proxy will need amending to accept connections on the names listed above. The following names need adding to the SAN field of the internal and external certificates.

 

Internal – Lyncdiscoverinternal.internaldomain.com

External – Lyncdiscover.externaldomain.com

Note: A wildcard certificate can be used on TMG (Reverse Proxy) in place of a SAN certificate

1.3 Lync Server Updates

A pre-requisite to the installation of the Lync2010 Mobility pack is the installation of the Cumulative Update 4 (CU4) released in November 2011 which can be found here:

http://go.microsoft.com/fwlink/?LinkID=208564.

1.3.1 Set Mobility Service ports

Once the above update has been installed we need to set the firewall ports used by the mobility service for both the internal and external web services. The following commands detail how to complete this exercise.

 

Internal Web Services:

Set-CsWebServer –Identity “FESERVER01.internaldoamin.com” –McxSipPrimaryListeningPort 5086

External Web Services:

Set-CsWebServer –Identity “FESERVER01.internaldomain.com –McxSipExternalListeningPort 5087

 

To publish the changes:

Enable-CsTopology

 

Once the ports have been set and CU4 has been installed you can install the Lync Mobility pack, found here: http://www.microsoft.com/download/en/details.aspx?id=28356

1.4 Configure Reverse Proxy

To create a web publishing rule for the external Autodiscover URL on MS TMG use the following (taken directly from the MS guide)

1. Click Start, point to Programs, point to Microsoft Forefront TMG, and then click Forefront TMG Management. 2. In the left pane, expand ServerName, right-click Firewall Policy, point to New, and then click Web Site Publishing Rule. 3. On the Welcome to the New Web Publishing Rule page, type a display name for the new publishing rule (for example, LyncDiscoveryURL). 4. On the Select Rule Action page, select Allow. 5. On the Publishing Type page, select Publish a single Web site or load balancer. 6. On the Server Connection Security page, select Use SSL to connect to the published Web server or server farm. 7. On the Internal Publishing Details page, in Internal Site name, type the fully qualified domain name (FQDN) of your Director pool (for example, lyncdir01.contoso.local). If you are creating a rule for the external Web Services URL on the Front End pool, type the FQDN of the Front End pool (for example, lyncpool01.contoso.local). 8. On the Internal Publishing Details page, in Path (optional), type /* as the path of the folder to be published, and then select Forward the original host header. 9. On the Public Name Details page, do the following: · Under Accept Requests for, select This domain name. · In Public Name, type lyncdiscover.<sipdomain> (the external Autodiscover Service URL. If you are creating a rule for the external Web Services URL on the Front End pool, type the FQDN for the external Web Services on your Front End pool (for example, lyncwebextpool01.contoso.com). · In Path, type /*. 10. On Select Web Listener page, in Web Listener, select your existing SSL Listener with the updated public certificate. 11. On the Authentication Delegation page, select No delegation, but client may authenticate directly. 12. On the User Set page, select All Users. 13. On the Completing the New Web Publishing Rule Wizard page, verify that the web publishing rule settings are correct, and then click Finish. 14. In the Forefront TMG list of web publishing rules, double-click the new rule you just added to open Properties. 15. On the To tab, do the following: · Select Forward the original host header instead of the actual one. · If your deployment has a Front End pool, select Requests appear to come from the original client. If your deployment has a single Front End Server or Standard Edition server, select Requests appear to come from the Forefront TMG computer. 16. On the Bridging tab, configure the following: · Select Web server. · Select Redirect requests to HTTP port, and type 8080 for the port number. · Select Redirect requests to SSL port, and type 4443 for the port number. 17. Click OK. 18. Click Apply in the details pane to save the changes and update the configuration. 19. Click Test Rule to verify that your new rule is set up correctly.

 

1.5 Configure Push Notification

Microsoft phones and iPhones can make use of Push rather than Pull notification; push notifications enable events and messages to be delivered even when the device is inactive. Push notifications works via a cloud-based Lync Server and as such you need to create a federation relationship to facilitate the delivery of notifications etc.

 

To configure Push, run the following from the Lync Management Shell:

 

New-CsHostingProvider –Identity “LyncOnlineFederation” –Enabled $True –ProxyFqdn “sipfed.online.lync.com” –VerificationLevel UseSourceVerification

 

New-CsAllowedDomain –Identity “push.lync.com”

To enable Push, run the following from the Lync Management Shell:

Set-CsPushNotificationConfiguration –EnableApplePushNotificationService $True –EnableMicrosoftPushNotificationService $True

Set-CSAccessEdgeConfiguration -AllowFederatedUsers $True

 

Good luck and Merry Xmas

NeilC

“Connecting to remote server failed with the following error message: The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from the destination computer. The content type is absent or invalid. For more information, see the about_Remote_Troubleshooting Help topic.”

Have recently been on an engagement where we have had to perform an in place upgrade from Windows 2008 R2 Standard edition to Windows 2008 R2 Enterprise edition whilst Exchange 2010 was installed to facilitate the addition of a DAG.

All went well but the above error was received when we launched the Exchange MC. After a bit of head scratching I realised that the WinRM IIS component wasn’t selected anymore???? Added the feature and all started working again, magic.

Good luck

NeilC

This article was pointed out to me by a customer that has this exact issue whilst using FUS – Thanks Matthew

Thought it was definitely worth a re-blog here:

 

Communicator/Lync issues with “Fast User Switching” on Windows 7

During work on OCS 2007 R2 and Lync projects, I have come across some strange behaviour on Communicator and Lync, this behaviour has only been noticed with computers accessed by more than one person – Often “Common Area PC”

Problem/Issue:
When a user is logged on to a computer and has locked the computer and a new users logs into the same computer by using “Switch User” functionality, the new user are having problems using Communicator/Lync for any type of Audio calls.

If the user try to do a PSTN call there is a constant dial tone in the background and the call will eventually terminate.
If the user try to join a A/V Conference, there is no audio and the conference call will end.

Solution:
Microsoft has confirmed – in mail – that there is an issue with FUS (Fast User Switching) and Communicator/Lync.
They have also done some investigation on this, but the change has been consider to large for the current available clients.

Work Around:
Since this problem/issue mostly occurs at “Common Area PC”, often meeting room pc, there is possible to turn off FUS on those computers. This can be done in GPO.

Another workaround would be to create a trigger that trigger’s on “Computer Lock” and terminates the Communicator process. The same trigger will trigger’s on “Computer Unlock” and restart the Communicator process.
This is probably NOT the best approach, but it will “solve” the problem.

 

My customer is simply going to get all users to logoff rather than switch when hot-desking which is more manageable given their environment.

Thanks to Trond Egil Gjelsvik-Bakke for the original blog!

Good luck

NeilC

The following blog handily contains a link to all of Microsoft’s recently updated documentation around Lync2010.

http://www.leedesmond.com/weblog/?p=760

Good work!

NeilC

Pure-IP seem to be going from strength to strength. Not only did they get on MS’ Interoperability site a few weeks back but it looks as though NET (Network Equipment Technologies) are happy to sing their praises as well.

http://www.marketwatch.com/story/network-equipment-technologies-announces-support-for-pure-ips-business-sip-trunking-service-2011-09-06

Good luck

NeilC

Microsoft have released an update to some of the Lync server documentation.

For full details have a look at the following URL:

http://blogs.technet.com/b/nexthop/archive/2011/09/20/lync-server-2010-documentation-update-september-2011.aspx

Good luck

NeilC

Looks like the Lync for MAC client should be going RTM pretty soon:

http://blogs.technet.com/b/uc/archive/2011/09/08/lync-for-mac-2011-released-to-manufacturing.aspx

http://www.microsoft.com/mac/enterprise/lync

NeilC

Pure-IP is now on MS’ interoperability list for the provision of SIP Trunks.

I have allot of time for this company, they are great to deal with, offer flexible services and have a great bunch of people at the end of the phone who will go to all lengths to help.

http://technet.microsoft.com/en-us/lync/gg131938#tab=4

http://www.pure-ip.com/

Good luck

NeilC

Some new updates recently released:

 

Lync2010 Server OCSMCU.msp – http://support.microsoft.com/kb/2600747

Lync2010 Server MediationServer.msp – http://support.microsoft.com/kb/2589545

Lync2010 Server.msp – http://support.microsoft.com/kb/2592289

Lync2010 Server OCSCore.msp – http://support.microsoft.com/kb/2592288

Regards

Neil

There was a requirement for us to create a document recently which listed some general Lync2010 pre-requisites.

Thought it would be quite useful to others and so have pretty much copied it into this blog.

enjoy….

1.  Introduction

This document aims to detail all the pre-requisites and minimum server hardware specifications for the installation of Lync2010 into your environment.

 

The items detailed are based on the minimum requirements to facilitate the supported operation of Lync2010, it should be noted that more specific requirements for your own estate would be driven out as part of a typical design engagement.

2.  Server hardware requirements

The following details the minimum requirements for the relevant Lync2010 roles; these have been split into Virtual and Physical recommendations accordingly.

Table 1 – Hardware configuration – Front-End Server, Edge, Director

Physical Front-End Server, Edge Server
Hardware Item	Specification
Base Server CPU	64-bit dual processor, eight-core, 2.0GHz or higher (min)
Total RAM	16GB (Min) (4GB for Director)
Disk configuration	2 x 72GB disks for O/S

Table 2 – Hardware configuration – Back-End Server, Archive & Monitoring     

Back-End Server, Archiving & Monitoring Server
Hardware Item	Specification
Base Server	64-bit dual processor, quad-core, 2.0GHz or higher (min)
Total RAM	32GB (Min) (16GB for Archive & Monitoring)
Disk configuration	2 x 72GB disks for O/S + Disks as per SQL guidelines

Table 3 – Virtual Server configuration – Director

Virtual Director
Hardware Item	Specification
Virtual Server CPU allocation	Quad-core
Dedicated RAM	4GB (Min)

Table 4 – Virtual Server configuration – Front-End, Edge, Archive & Monitoring Server

Virtual Archiving & Monitoring Server
Hardware Item	Specification
Virtual Server CPU allocation	Quad-core
Dedicated RAM	16GB (Min)

 

Example (minimal) disk configuration for the Back-End Server role is as follows:

Table 5 – Back-End server disk configuration example

Back-End Server disk configuration
Disk Number	Role	Drive Letter	Size
0	OS	C	72GB
1	SQL Logs	D	146GB
2	SQL Data	E	300GB

Note: If configured the CD / DVD drive will be assigned the Z: drive letter.

Note: All virtual servers must run Windows 2008 R2 Operating System

 

3.  Active Directory configuration

Lync2010 requires that the Active Directory Domain Services (AD DS) be extended with classes and attributes specific to the product. As per previous versions of the product these extensions require the operator to function as a member of the Schema Admin, Enterprise Admin, and Domain Admin groups dependent upon which of the extensions is being performed.

The AD DS extensions must be run from either Windows 2008 SP2 or Windows 2008 R2 and they must operate as 64-bit – this is because the tools to extend the schema are 64-bit only.

A comprehensive list of all schema class and attribute additions can be found on the following website:

 

http://technet.microsoft.com/en-us/library/gg398379.aspx 

 

4.  Lync2010 Configuration

Lync2010 should be installed and then immediately updated with all the latest KB’s available from Microsoft. Risual highly recommend the installation and running of the Lync2010 Best Practise Analyser (BPA) after installation, all pertinent updates will be identified by this tool.

Microsoft Update Resource Centre for Lync2010:

http://technet.microsoft.com/en-us/lync/gg131945

There are a number of pre-requisites which are required dependant on the role being installed. The following are the requirements to simply run the Lync installation wizard:

·         .net framework 3.5.1

·         Visual C++ 2008

·         OCSCore components

·         If a Front-end is being installed there are also the following additional requirements:

·         Active Directory Admin Tools

·         Message queuing Services – Directory integration

·         IIS 

5.  Hardware Load Balancer requirements

Hardware Load Balancers are required to provide the balancing and affinity of HTTP/ HTTPS traffic to both Enterprise Edition Front-End servers, Director pools and Edge pools.

 

A single device can be used to balance these pools so long as it can have legs in the different security boundaries (i.e. DMZ for Edge and Production for FE).

 

Microsoft offers an interoperability page which details all of the HLB devices on the market which are supported for use with Lync201, see link below:

 

http://technet.microsoft.com/en-us/lync/gg269419

 

Note: a HLB is only required for Enterprise edition FE’s and Edge/ Director pools. Standard edition Lync2010 and single Edge/ Directors do not require a HLB.

 

6.  DNS Requirements

Lync2010 has a number of requirements, both internal and external, for the creation and usage of DNS records.

 

Internal DNS records are required to allow the automatic sign-in of Lync clients and Lync phones as well as providing other key functionality such as DNS Load-Balancing.

 

External DNS records are required for provisioning external access to clients, federation with other companies/ PIC (MSN, Yahoo, AOL) and online meetings etc.

 

7.  Certificate requirements

Lync2010 operates on TLS and therefore requires certificates to complete the signing process; this means that there are certificate requirements both internally and externally (if you are planning on Edge).

 

Internal certificates can be facilitated by an internal Certificate Authority so long as the root and issuing certificate servers has been published to Active Directory allowing all servers to trust the chain. Microsoft CA with an active Web Server template is a typical requirement to fill this role. It is also possible to use an external CA to provide certificates for use internally but this is not typically a seen as a cost-effective solution.

 

External certificates are required to facilitate external user login, federation and online meetings. The certificates used for external services need to come from a trusted external source (i.e. VeriSign) so that external parties automatically trust the certificate chain. Again, it is possible to use an internal CA for this process but for everyone outside of your organisation that you want to federate or support online meetings with you would need to get them to install a copy of your issuing and root CA’s.

 

Self-signed certificates are not suitable for use with Lync2010.

 

8.  DHCP requirements

If you plan to deploy Lync phones in your organisation then there may be a requirement for some specific DHCP requirements. You will need to operate DHCP on a 64-bit server to facilitate the usage of the DHCP record creation tool that comes with Lync2010. The records created by this tool are in binary format and so although they can be entered manually if needs be, it’s much simpler to let the tool input them for you.

 

The phones that require these DHCP records are:

 

Currently the models that require this authentication process are: Astra 6721 and 6725, and Polycom CX500, CX600 and CX3000.

 

9.  SQL Requirements

SQL is required both for the back-end database and also for storing the Archive and Monitoring details. SQL 2008/ R2 are supported and standard edition can be used so long as you don’t require any more than two nodes in the SQL cluster.

SQL reporting is also a requirement if you plan to install the Lync monitoring server.

 

10.      Enterprise Voice requirements

Depending on your phone system or requirements a connection to and from your existing PBX can be facilitated either by Direct SIP, if supported, or via a gateway device which essentially does the conversion and routing from PSTN to SIP. Specifics around your particular requirements would have to be driven as part of the design process as there are no real PBX generics.

 

Details of supported PBX’s for Direct SIP as well as supported gateway providers can be found on Microsoft’s interoperability page:

 

http://technet.microsoft.com/en-us/lync/gg131938

 

11.      Supportability requirements

The following should be considered when looking to deploy Lync2010 to your organisation.

1.     Windows XP SP3 is the minimum requirement for Lync client installation – anything older will have to use the OCS 2007 R2 client (MOC)

2.     The Active Directory Domain and Forest functional level is required to be a minimum of Windows 2003 Native mode

3.     A Reverse Proxy server is required to publish access to web services when an Edge Server is deployed

4.     When deploying a pool of Edge servers a HLB is the preferred solution. When using a HLB for an Edge pool NAT’ing of internet IP’s is not supported, they must be routable. Also, in terms of external IP requirements, 3 external IP’s are required for the HLB and a further 3 per Edge server in the pool (2x Edge servers with 1x HLB = 9 routable internet addresses)

5.     All Lync2010 virtual servers require Windows 2008 R2

6.     HLB required for Enterprise edition FE and pools of Edge/ Directors only

 

 

Hope this helps

NeilC