PIN Authentication Login Fails on the Devices, NTP

PIN Authentication works using the Test-CsPhoneBootstrap cmdlet but fails on Lync devices

Recently I decided to 'play' with my Lync devices by moving them to a dedicated voice VLAN on my network. After doing so, I noticed I was unable to use PIN authentication. I found this extremely odd especially since I had just told a fellow colleague how simple the PIN process was. From the Lync 2010 servers the Test-CsPhoneBootstrap cmdlet was passing with a code of Success making me even more perplexed. Digging a bit deeper into the issue, I noticed that the phones authenticating using a PIN as well as my CX700 phones were taking a significant amount of time at boot while they were acquiring their time.

Comparing my two VLANs nothing stood out until I remembered I did not allow the new VLAN Internet access (why should the phones need to go out to the Internet after all?). Well, as it turns out, they were getting their time service from time.windows.com come even though my Windows domain controllers were configured as NTP servers and their SRV records existed in DNS.

The solution was quite simple and all devices benifited from a faster boot time. Within DHCP there is a standard option, 042 NTP Servers, which I configured with my domain controllers as the defined values. As soon as I added this option, the phones received their time nearly instantly and PIN authentication worked as expected.

0 comments - Posted by Brian Ricks at 1:30 AM - Categories: Microsoft | 2010 | phone | Lync Server | Aastra | Polycom | NTP

Dedicated Voice VLAN for Lync Devices

There are multiple reasons to deploy a dedicated VLAN for your Lync devices - IP constraint, data partitioning, QoS, just because (my personal case). I decided it was a brilliant idea to move my phones to their own VLAN but wanted to make sure my PCs behind the various devices (Polycom CX600/CX700 and Aastra 6725ip) remained on the current VLAN.

In OCS, this was accomplished exclusively via DHCP options. The process was poorly documented for whatever reason by Microsoft (and nearly non-existent in OCS 2007 R2) although multiple bloggers came to the rescue and had (for the most part) the answers. In Lync Server 2010 in addition to the DHCP OPTION 43 'option' LLDP-MEP was introduced as a method to define the multiple VLANs. Unfortunately my older networking equipment did not support LLDP-MEP so I was pushed back into the DHCP realm (thank you Microsoft for retaining the option!).

Luckily the configuration of the second VLAN is exactly the same as it was in OCS although the process is manual. Why Microsoft didn't create a script like they did to create the 'other' PIN required DHCP options is beyond me. Below I have written a batch file to create the required functionality to make sure typos are eliminated. Like the Microsoft DHCP PIN script, the options are added at the Server Options level; if this is not what you want/need, go ahead and add the Option (010 VoiceVLAN) directly to the desired scopes and remove it from the Server Options.

Note: if the DHCP MMC is running when you execute this script, you will not see the changes made. To refresh, exit the MMC and re-launch.

Now to break down what we are doing in the script. When executed from an elevated prompt (ex. VoiceVLAN.bat 30) the script uses netsch to create a Vendor Class named CPEOCPhone with a value of CPE-OCPHONE. It then creates an option 10 definition called VoiceVLAN and assigns it (in this case) a value of 30. Simply replace 30 with the desired Voice VLAN number (displayed in HEX in the MMC). Manually this would be accomplished using the following steps.

Right-click on IPv4 and select Define Vendor Classes...

Select Add to define a New Class. The Display name is whatever you want it to be; the script sets it to CPEOCPhone with a Description of VLAN tagging for the Microsoft Phone Devices. The only part that MUST be entered exactly is the ID value. This is set most easily in ASCII by simply placing the cursor under the word ASCII and clicking. Enter CPE-OCPHONE (yes, case sensitive) and watch the Binary equivalent automatically appear.

Click OK to save the new Vendor Class and Close to complete the creation process.

Next the Predefined Options must be created (in this case, Option 10). Once again, right-click IPv4 in the DHCP MMC but this time select Set Predefined Options...

Change the Option class... to the newly created class (CPEOCPhone) where you will find no Options created. Click Add... to create the new option. In the Name, enter VoiceVLAN. Change the Data type to Word. In the Code, enter the number 10. Enter Phone VLAN in the Description and click OK.

The Predefined Options and Values will now display option 010 VoiceVLAN with no default Value. Click OK to close the configuration dialog. You must now add the option to one or more scopes. Select a scope and select Configure Options...

Select the Advanced tab and from the Vendor class drop-down select CPEOCPhone. A single option should be listed, 010 VoiceVLAN. Select the option and under Data entry enter your VLAN (ex. 30).

Click OK to add the Option to the selected DHCP scope and repeat as necessary.

IMPORTANT: After changing the VLAN options for the phones, a hard reset is required as the devices cache their VLAN information to avoid the query process each time. For the CX700 (Tanjay) this is accomplished by using a small object to push the reset button on the back of the phone. For the newer Lync phones (Polycom CX600/CX500 and Aastra 6725ip/6721ip) you must hold down the * and # keys while powering on the phone until prompted to reset the device (this takes a few minutes). After the phone reboots, the new DHCP options will be passed to the phone. The switch port the phone is attached to must already have both VLANs associated to it with the PVID (primary VLAN) set to the computer VLAN, not to the voice VLAN. Of course, normal routing and switching configuration must be completed as well (as defined by the switch/router vendor).

VoiceVLAN.bat

netsh dhcp server add class CPEOCPhone "VLAN tagging for the Microsoft Phone Devices" "CPE-OCPHONE" 1

netsh dhcp server add optiondef 10 VoiceVLAN Word 0 Vendor=CPEOCPhone comment="Phone VLAN"
netsh dhcp server set optionvalue 10 Word vendor=CPEOCPhone "%1"

1 comments - Posted by Brian Ricks at 1:00 AM - Categories: 2010 | Microsoft | phone | Polycom | VLAN | Aastra | DHCP | Lync Server

New Article Published on TechNet - Configuring IntelePeer with Lync Server 2010

Busy blog day! :)

Today on TechNet, Dr. Rez, another article was published written by myself around configuring IntelePeer SIP trunks with Lync Server 2010. The article is very similar to the OCS articles written last year but of course focuses on Lync Server.

Lync Server 2010 does a great job of connecting Internet SIP trunks directly especially if a Cisco ASA is involved (the 5505 is an amazing appliance). Check out the article from either my home web site or directly on TechNet here.

0 comments - Posted by Brian Ricks at 2:12 PM - Categories: 2010 | SIP Trunk | IntelePeer | Lync Server

Lync Server 2010 April 2011 Update

Microsoft has released the server update for Lync Server 2010 following their previous client CU2 updates a few weeks back. The server updates have once again been combined into a nifty update package LyncServerUpdateInstaller.exe which figures out what needs to be installed and in what order on each server. It can also be run to verify what patches have been installed. Of course individual updates still exist as well if you prefer to patch in that manner (but why?) and they can all be found here.

0 comments - Posted by Brian Ricks at 8:45 AM - Categories: 2010 | patch | Lync Server

SQL Server 2008 R2 now supported with Lync 2010

Microsoft has completed their testing of SQL Server 2008 R2 and Lync Server 2010 and has found the database to be compatible. This is great news for companies that have an existing SQl 2008 R2 environment and have had to in the past setup a new SQL server/cluster just for Lync Server. The official blog from Microsoft may be found here.

0 comments - Posted by Brian Ricks at 8:03 AM - Categories: 2010 | Microsoft | Lync Server | SQL 2008 R2

Web Scheduler for Lync

Lync 2010 Web Scheduler Resource Kit Tool

Microsoft released April 15th the conference Web Scheduler for Lync 2010. The web application is nearly feature identical to the OCS 2007 R2. Using a web browser, non-reoccurring meetings may be created, managed, and email invites sent all from the web client. This creates an additional level of functionality for non-Windows Outlook clients, but provides no added value for users running Outlook on Windows as the current add-in for Outlook already configures and schedules meetings.

The setup and configuration is super-simple with a single MSI that installs the virtual websites under the Internal and External sites on your Lync server running web services. The documentation included is simple to follow and includes the necessary steps for configuring outbound email as well. user authorization is required on the site unless you allow email relay from the particular server IPs.

Download the resource kit utility here.

0 comments - Posted by Brian Ricks at 9:13 AM - Categories: 2010 | Lync Server | Web Scheduler | Resource Kit

Microsoft Re-Re-Releases Rollup 3 for Exchange 2010 SP1

Today Microsoft released version 3 of the Exchange 2010 SP1 Rollup 3. Previously the rollup had been pulled due to compatibility issues with Blackberry. Now, the Exchange team has RU3 for Exchange 2010 back in circulation and can be found here.

The full Microsoft product team announcement may be found here for those interested. :)

0 comments - Posted by Brian Ricks at 12:39 PM - Categories: 2010 | Microsoft | Exchange | RU3