Deploying a Sonus Cloud Link CCE

I recently was working on a Sonus v2 Cloud Connector Edition (CCE) working with the new hardware, testing the install, etc. when I ran into a deployment snag. In general, I find the there are a lot of post and blogs about when to use CCE and when you cannot, but few on how to properly deploy CCE let alone the Sonus version.

I decided to show a walk through on the process I used to deploy, why I used the names/options that I did, and the errors and gotchas I ran into.

To start, I am working with a Sonus SBC 1k Cloud Link with the CCE package installed. From a Sonus part number, that would be SBC-1K-SIP-E-CL. The Cloud Link version includes an imbedded Windows 2012 R2 Server with 32 GB of RAM, dual Xeon quad-core 1.7GHz (that’s 8 physical cores. 16 logical), and a 512GB SSD drive. All-in-all, not a bad server and very capable of running the “small” CCE build. That, along with the nicely integrated SBC makes this solution simple…as long as you know the answers to the questions.

Starting off the build of the ASM is not any different from other ASM buildouts – the only difference being the Task option on the Cloud Link version shows Office 365™ Cloud Connector Edition vs. Skype ™for Business Survivable Branch.

Blog Image 1.png
Blog Image 2.png

Selecting the Office 365™ Cloud Connector Edition brings you to the beginning process. The very first thing that needs to be done is getting the ASM an IP. This IP is the IP of the Hyper-V host. It is not meant to be domain joined, and the option is not present. If you really wanted to change the name of the server you could, but even that is not required as again – it is simply the host computer for the VMs.

It is critical that the Remote Desktop enable option is changed to Yes as there are tasks that must be completed from the host server. The server should also be able to be reached from within your network – whatever that means to you. DHCP is an option – I am old school and believe all servers should have a static IP but again, whatever works for you. For me this was my internal server VLAN, internal DNS, internal everything as I wanted to be able to easily manage the server.

Blog Image 3.png

After you have configured the IP and RDP, the next step is to create the certificate for the Skype Edge server. This is where you must be careful to enter the correct names. There are references to the deployment requirements on TechNet here Plan for Skype for Business Cloud Connector Edition although to me, Sonus solution hid the configuration too well making things unclear. Specifically, step four is where you configure the settings on the CCE including the site name for the CCE. This site name is also your edge pool name – a name which must be a CN or SAN.

In my case, I thought I would be witty and use BCLCCE.bricomplabs.com as the common name. The CSR request simply stated the edge server public FQDN and left it up to me to complete. The wizard also complained if SIP was not in the name so that had to be there too which was a bit confusing since the DNS name would never point there. In the end, the fields looked like the following:

Blog Image 4.png

CN=BCLCCE.bricomplabs.com
SAN=DATA-CENTER.bricomplabs.com,SIP.bricomplabs.com, BCLCCE.bricomplabs.com

In the SAN list make sure you have your SITE name (exiting or the name you plan to use), SIP, and optionally another name to which you would be tied to the service (although 100% unnecessary). Remember to configure all of the DNS records publicly to make sure things route.

Once the CSR has been created, have it issued by your favorite PUBLIC CA, and make sure your favorite public CA is a mainstream one – one whose roots are part of the base Windows 2012 R2 OS. In my case, I used DigiCert (http://www.digicert.com) – an awesome go-to CA who works flawlessly.

Step 3 is to import (paste) the resultant certificate. The cert should be in DER format and in the case of DigiCert simply select the option on their page to download copy/paste under Download Certificate. That will expose three text blocks, the one you want will be the top block for your certificate where you can simply copy and paste the result.

Blog Image 5.png
Blog Image 6.png

You are now ready to begin the configuration of your deployment and a critical junction. Incorrect information going forward means clicking Reinitialize on the ASM and starting over. 😊 Below is a summary of the deployment and the options selected.

Blog Image 7.png

In this list, there are some key components that we need to complete. It is also important to note that the defaults are there just because but more than likely mean nothing to your deployment. The first thing you need to identify is the CCE Site Name. Again, this will be the pool name of your edge and will need to be in your certificate.

The external network gateway is in relation to the second NIC of the Edge server – no different from the second NIC of a traditional Edge server. This NIC cannot be on the same VLAN as your internal networking but like a traditional Edge, NAT is supported. In my example the external is a 172.x.x.x/24 address, I am using public Level3 DNS, and because it is a private IP I am listing the Edge server External IP.

The internal network is where the internal NICs on the servers will live. There are three switched networks on the servers – Internet, Corpnet, and Management. The Internet switch and NIC live on the Edge server while the Corpnet and Management live on all the other servers. The Management virtual switch is internal only – for server to server communication and the IP scheme is 192.168.213.0/24 with no default route. The Corpnet is the internal network where the Hyper-V host lives as well as all other internal servers (again, in my network the server VLAN).

Blog Image 8.png

The information you are entering for the Internal Network is used partially for the configuration – and partially still a mystery. The Gateway is obvious and is the gateway used for the Corpnet NICs however the Internal DNS is not used (the four servers all use the AD server as they should). The four IPs of the VMs themselves are also Corpnet IPs and in my case, were 10.x.x.10, 10.x.x.20., 10.x.x.30, and 10.x.x.40 – but as long as they are unique and valid, they can be whatever you want.

One you have configured and saved the CCE configuration move on to Step 5 – Prepare CCE. In this process the data that was previously entered is saved locally to the Hyper-V host (C:\UX\CCE\CcAppliance) and will be used by the next PowerShell commands.

Assuming no errors and all is ready, RDP to the Hyper-V host. If you have not already, set the Administrator password of the ASM via the web GUI of the Sonus at Settings | Application Solution Module | Change Admin Password. Drop the option down to User Configured, enter and confirm a unique strong password, and click OK. Using \Administrator and the Password you just created, RDP to the ASM address set in step 1 above.

One on the server, start a PowerShell command with elevated admin rights. From within the prompt, start the process by entering Register-CcAppliance. You will need to set admin passwords, recovery passwords, and enter your admin login for your O365 tenant. Assuming you have the correct rights the process will complete creating an appliance in the cloud which you can see using the Skype for Business Online PowerShell command Get-CsHybridPSTNAppliance.

The final stage of the process is the installation and configuration of the VMs. This entire process is completed with the simple command Install-CcAppliance. Using previous configuration entries saved off to the INI and the certificate (also saved off), the nest steps are hands free, it just takes time. This is where I ran into my errors due to the lack of pool name in the edge certificate. During the creation process the Edge sever is started and an error is thrown which appears to be a Cyphers issue:

Event ID 14397 – A configured certificate could not be loaded from the store.

Extended Error Code 0xC3FC7D95 (LC_E_VALIDATION_CERT_NO_KEYEXCHANGE)

Should you run Get-CsCertificate you will see your public certificate associated with AccessEdgeExternal, DataEdgeExternal, and AudioVideoAuthentication. An internal certificate will also be seen and associated with Internal. All of this appears to be valid and yet the service will not start. The key to finding that it was a pool name issue was manually assigning the certificate to the three external services again using

Set-CsCertificate -Type AccessEdgeExternal,DataEdgeExternal,AudioVideoAuthentication -Thumbprint xxxxxxxxxxxxxxxx -Force

Doing so revealed the error that data-center.bricomplabs.com was not a name on the certificate and that’s when the lightbulb appeared. The fix is to undo everything and start over (unfortunately) which includes Unregister-CsHybridPSTNAppliance, OPTIONALLY Remove-CsHybridPSTNSite, and Reinitialize the ASM in the Sonus GUI.

Once the CCE appliance is configured, make sure to run through the SBC configuration - otherwise there will not be anything to link the calls to. The CCE does not use TLS so an SBC certificate is not required, only basic integration configuration as described on the Sonus site (and identical to any other SBC config). https://support.sonus.net/display/UXDOC61/Configuring+the+SBC+Edge+for+a+Single+CCE

 

Update 2/24/2017

Internal DNS on the Internal NIC settings

As mentioned in the comments (thank you Jason) the DNS entry/mystery is solved as the internal DNS added during the CCE Setup page is added as a forwarder. Why not just use root hints - none from what I can see in v1 but future version may rely on knowing the DNS of internal servers.

Blog Image 9.png

SIP Domain Name on the Certificate

The addition of the SIP.DOMAIN.COM to the certificate - that mystery was resolved as well (thanks Carolyn). When a CCE user makes a call to the on-premises edge, a check is made against the edge for SIP.domain for the sip domain of the user making the call. This is how the CCE authenticates/permits this call from the CCE online user to the on-premises edge. If you don’t have SIP in the SAN name then the outbound call for the user will fail with the following error:

504  Server time-out

ms-diagnostics:  1017;reason="Cannot route From and To domains in this combination";cause="Possible server configuration issue";summary="The domain of the message that corresponds to remote peer (external) is not shared between local and remote deployments";external-domain="bricomplabs.com";external-type="domain-type-local";internal-domain="bricomplabs.com";internal-type="domain-type-local";source="sipfed2a.online.lync.com";OriginalPresenceState="0";CurrentPresenceState="0";MeInsideUser="No";ConversationInitiatedBy="0";SourceNetwork="0";RemotePartyCanDoIM="No"

Final Certificate Requirements

In the end I updated my certificate to only include the required DNS names and to lessen the confusion. The certificate in the end has the CN of the site as well as the site and sip as a SAN.

CN=DATA-CENTER.bricomplabs.com
SAN=DATA-CENTER.bricomplabs.com,SIP.bricomplabs.com

Microsoft has released July 2014 CU for Lync Phone Edition

We are now officially into the 3rd quarter of 2014 and thus into the third round of patching. I know we did not see patches for Lync Server 2013 in the 2nd quarter, but one can assume the trend will not hold and patches will be coming soon. As a teaser Microsoft has released the Lync Phone Edition (LPE) update for Q3, their links are found below. It is always recommended to remain up-to-date with LPE patches regardless of the fixes included.

In this iteration of LPE a Daylight Savings Time (DST) issue is resolved for Egypt and Morocco…nothing exciting but keeping the phones up-to-date ensures you will not run into any patching issues with the next release. You will also notice the CX700/LG-Nortel 8540 was not included in the update cycle – does it not require the DST fix or is this simply Microsoft stating ever so gently to move off the old phones?

*UPDATE*
As noted in the comments below, the CX700 has NOT been updated since April but it is now included in the matrix below.

Product

Version

KBs

Download

Lync Phone Edition (for Aastra 6721ip and Aastra 6725ip)

7577.4450

2973938

MS Download

Lync Phone Edition (for HP 4110 and HP 4120)

7577.4450

2973939

MS Download

Lync Phone Edition (for Polycom CX500, Polycom CX600, and Polycom CX3000)

7577.4450

2973941

MS Download

Lync Phone Edition (for Polycom CX700/LG-Nortel 8450)

7577.4444

2973942

MS Download

Additional Notes: 
Lync Server 2010 build number is 4.0.7577.230
Lync 2010 Client build number is 4.0.7577.4445
Lync Server 2013 build number is 5.0.8308.577
Lync 2013 Client build number is 15.0.4605.1003

Lync Group Chat build number is 4.0.7577. 4409
Lync Group Chat Server build number 4.0.7577.4409
Lync Group Chat Admin build number 4.0.7577.4409

Lync Attendee build number is 4.0.7577.4356
Lync Attendant build number is 4.0.7577.4098
Lync Phone Editions build number is 4.0.7577.4450
Lync Phone Edition (Tanjay) build number is 4.0.7577.4444

Lync 2010 for Windows Phone build number 4.3.8120.0
Lync 2010 for iPhone build number 4.7
Lync 2010 for iPad build number 4.7
Lync 2010 for Android build number 4.0.6509.3001

Lync 2013 for Windows Phone build number 5.4.1087.0
Lync 2013 for iPad build number 5.4
Lync 2013 for iPhone build number 5.4
Lync 2013 for Android build number 5.3.1100

Lync Basic 2013 build number is 15.0.4420.107
Lync VDI 2013 build number is 15.0.4420.1017

Microsoft has released CU January 2014 for Lync Server 2010/2013 & Lync Edition Phones

Microsoft has released updates for Lync Server 2013 and Lync Server 2010 on time for their quarterly release cadence. The updates are bug fixes to the product and not introducing new features (none of the 2013 databases are updated in this release). If this CU is being applied to RTM, then follow the instructions here to update or check your version level using Doug Deitterick’s blog post.

In addition to the server patches, the Debugging Tools and Resource Kit has been updated. Unfortunately the updates are actually full installs so you will need to uninstall any previous versions before the apps are “updated”. The good news is the Debugging Tools contain the correct updated TMX file from the January 2014 CU so there is no need to manually replace it with the locally installed copy.

Finally, Lync Edition phones have been update which include the entire line of Aastra, HP, and Polycom phones. Updating them is the same method it has been so no news there.

Product

Version

KBs

Download

Lync Server 2013

5.0.8308.577

2809243

MS Download

Lync Server 2013 Debugging Tools

5.0.8308.577

2905051

MS Download

Lync Server 2013 Resource Kit Tools

5.0.8308.577

2905053

MS Download

 

 

 

 

Lync Server 2010

4.0.7577.225

2493736

MS Download

Lync 2010 Client 32-bit

4.0.7577.4419

2912208

MS Download

Lync 2010 Client 64-bit

4.0.7577.4419

2912208

MS Download

 

 

 

 

Lync Phone Edition: Aastra 6721ip / 6725ip

4.0.7577.4420

2918033

MS Download

Lync Phone Edition: HP 4110 / 4120

4.0.7577.4420

2918035

MS Download

Lync Phone Edition: Polycom CX500 / CX600 / CX3000

4.0.7577.4420

2918038

MS Download

Lync Phone Edition: Polycom CX700 / LG-Nortel 8540

4.0.7577.4420

2918036

MS Download

Additional Notes:
Lync Server 2010 build number is 4.0.7577.225
Lync 2010 Client build number is 4.0.7577.4419
Lync Server 2013 build number is 5.0.8308.577
Lync 2013 Client build number is 15.0.4551.1007
Lync Group Chat build number is 4.0.7577. 4409
Lync Group Chat Server build number 4.0.7577. 4409
Lync Group Chat Admin build number 4.0.7577. 4409
Lync Attendee build number is 4.0.7577.4356
Lync Attendant build number is 4.0.7577.4098
Lync Phone Editions build number is 4.0.7577.4420
Lync 2010 for iPhone build number 4.7
Lync 2010 for iPad build number 4.7
Lync 2010 for Android build number 4.0.6509.3001
Lync 2013 for Windows Phone build number is 5.2.1072.0
Lync 2013 for iPad build number is 5.2
Lync 2013 for iPhone build number is 5.2
Lync 2013 for Android build number 5.1.0000
Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

Microsoft has released CU July 2013 for Lync Server 2013

Yesterday Microsoft released Cumulative Update (CU) July 2013 for Microsoft Lync Server 2013. The update is a typical Lync Server path file but has some additional steps and safety measures built-in. To start, the upgrade now supports a SQL mirror so there is no need to break and re-create the HA configuration. There are additional Lync Management Shell commands to be run in this process starting with Get-CsPoolUpgradeReadinessState. While the readiness check is a good idea for SE deployments, the importance is less as the pool is either functioning or not.

  1. Execute Get-CsPoolUpgradeReadinessState for a Lync PowerShell command. Assuming the returned value is Ready you are to begin the process. Listed in the returned information is the state of the front-end servers within the pool and their current upgrade domain readiness state. User data will be distributed among multiple front-end servers (up to 3) and making sure a server upgrade combination that takes down all three of a user’s pool is avoided is important. The easiest way to avoid this is to simply upgrade a single server at any one time and wait for the server to come back online and list a status of True.

  2. Upgrading a pool that has active users can be a challenge when a high uptime is desired. If you are faced with this dilemma, start with shutting down the front-end services of a desired pool member by using the Stop-CsWindowsService –Graceful cmdlet. Using the graceful switch the services stop only after current requests have been filled. It also prevents any further request from being queued so think of it as an option to shut down as soon as possible with as little disruption as possible. This doesn’t mean people logged into that pool sever will not be logged out and back into another pool member, it simply means if they are in an active conversation the server will not interrupt the communications.

  3. Once the services have been shut down gracefully (or if you have an outage window and simply want to perform the upgrade, launch the LyncServerUpdateInstaller.exe. This can be done at the command line as before or by simply launching the executable and running the GUI.

  4. The next step is the beloved backend database upgrade. The SE upgrade is the same as before with the running of the commandInstall-CsDatabase -ConfiguredDatabases -SqlServerFqdn SE.FQDN -Verbose. If you have an SE deployment with Persistent Chat collocatedyou must run the above command with the -ExcludeCollocatedStores parameter and perform the upgrade to the PChat databases after the initial install.

    1. To upgrade a collocated PChat database on an SE server the command you would need to run next would be Install-CsDatabase -DatabaseType PersistentChat -SqlServerFqdn PChatBE.fqdn -SqlInstanceName DBInstance -Verbose. Again, this is only required when you have an SE with PChat collocated.

  5. After all the application and user databases have been upgraded, the final step is updating the CMS database. This upgrade is ONLY required if you are updating your server from Lync Server 2013 RTM as the update has not changed since February 2013 Cumulative Updatebut it does not hurt to run it if you are not sure. To do this, run the command Install-CsDatabase -CentralManagementDatabase -SqlServerFqdn CMS.FQDN -SqlInstanceName DBInstanceName -Verbose.

  6. It is recommended that the Enable-CsTopology command is run after the upgrade to ensure mobility is active and functioning andbootstrapper is executed (found in a default install at%ProgramFiles%\Microsoft Lync Server 2013\Deployment\Bootstrapper.exe) on all SE, EE, and Director servers (basically anywhere the web components are installed).

  7. After the upgrade of a front-end server is complete, reboot the server (you could just start services, but I prefer a reboot) and before moving on to the next make sure the Get-CsPoolUpgradeReadiness cmdlet returns a Ready state before moving on.

Make sure all servers in the environment have been updated, including the PChat, Edge, custom application servers, etc. when performing this update and should you have a large Lync Server 2013 installation, expect the process to take some time. I expect additional updates for clients and devices will be coming shortly so check back for updates often.

Product

Version

KBs

Download

Lync Server 2013

5.0.8308.420

2809243

MS Download

Additional Notes:
Lync Server 2010 build number is 4.0.7577.216
Lync 2010 Client build number is 4.0.7577.4378
Lync Server 2013 build number is 5.0.8308.420
Lync 2013 Client build number is 15.0.4454.1506
Lync Group Chat build number is 4.0.7577.4102
Lync Group Chat Server build number 4.0.7577.4778
Lync Group Chat Admin build number 4.0.7577.4102
Lync Attendee build number is 4.0.7577.4356
Lync Attendant build number is 4.0.7577.4098
Lync Phone Editions build number is 4.0.7577.4387
Lync 2010 for iPhone build number 4.7
Lync 2010 for iPad build number 4.7
Lync 2010 for Android build number 4.0.6509.3001
Lync 2013 for Windows Phone build number is 5.0.8250.0
Lync 2013 for iPad build number is 5.0
Lync 2013 for iPhone build number is 5.0
Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

Brian R Ricks receives Microsoft Certified Trainer (MCT) certification

Working on certifications is something I have not done in years and yet it seems of late that is all that I have been doing. From MCSE to MCSM and now MCT I have been working on building a certification list that accurately defines my technical level and acumen. For years I have provided private training for companies in Microsoft Lync Server and Exchange Server and now I have a certification from Microsoft to back that training up.

Private training sessions with companies provides many extra value-ads when compared to a traditional training center. First, the training is provided at a location of your choice. Onsite training means less downtime for your employees, a major advantage.

Second, the training is often customized to meet the technical levels of the participants. Like any product training, there is an assumption of knowledge that the trainees must have and often that bar is set too low with basic product discussions happening the first few hours and sometimes days. That time may be better used with customized training bypassing the basics and moving into greater detail about the items the company is concerned about.

Third, the training is often at a discounted rate. Eliminating the cost of travel of multiple employees and only paying for the travel of the trainer helps to reduce those costs. Of course the actual cost per participant is a negotiated rate but usually less than a per/person cost of attending the training at a center. The students most likely know each other, have similar goals and issues they would like to better understand, and in the end the information presented is applicable and real-world.

If you are interested in receiving customized training based off of the Microsoft Official Curriculum for a course please contact BriComp Computers, LLC at Feedbackand you will be contacted directly.

Brian R Ricks receives Microsoft Certified Solutions Masters (MCSM) for Communications certification

Back in April of 2013 I took a journey with Microsoft when I decided to attend an MCSM rotation. The weeks in Redmond were definitely one of the most challenging times in my life but it has paid off. I am happy to announce that I have obtained the MCSM certification in Communications. What does this mean for me? Great question! t this point, I am not exactly sure how it will impact me but I do know that I have an even deeper level of understanding how Lync Server 2013 works and that makes me a better engineer.

Anyone that is interested in progressing their training or certification with Microsoft should definitely consider the MCSM track - there are many from AD to SQL to Lync Server. A link to the Microsoft MCSM website may be found here along with FAQs regarding the program.

Microsoft has released CU February 2013 for Lync Server 2013 Products

Yesterday Microsoft released CU February 2013 for Microsoft Lync Server 2013. The update is a significant one as it adds the necessary components for UCWA to work correctly with the newly announced Mobility clients (as well as any custom REST apps created).

The update process is a little more involved should you be utilizing the new database mirroring feature of Lync Server 2013 so make sure you follow the steps to a tee. In addition to the standard Updater additional resources were released including the Capacity Planner for 2013, the SDK for UCMA and Lync itself, and additional language support for Lync Basic and the VDI plugins.

Three tidbits of information.

1) The –Update switch is no longer needed as the command will detect if an updated is required and if not, will do nothing. If you include the –Update switch it will drop/read sprocs and reACL permissions regardless if an update is required (it of course will update it as well but why have an outage if it is not required).

2) It is reported that bootstrapper (or the Deployment Wizard Step 2) is required prior to invoking the Enable-CsTopology command although I personally have not seen any updates processed while performing this command. It does not hurt to run however so to be on the safe side just go ahead and run bootstrapper.

3) Reboots of the Front-End servers is required. Sometimes – not sure why – the Edge server must be rebooted even if not prompted (good idea to simply do this). And finally the Lync client must be restarted after the two patches are installed below.

The update process for an SE install of Lync Server 2013 is straightforward. After the update of the Lync bits have been applied simply run from the Lync SE 2013 Server’s Lync Server Management Shell (highly important or the system will not function correctly):

Install-CsDatabase –CofiguredDatabases –SqlServerFqdn yourlyncserver.domain

Followed from a command prompt on the Lync SE server and (if applicable) the Lync Edge server(s):

C:\Program Files\Microsoft Lync Server 2013\Deployment\bootstrapper.exe

And then finally back top Lync Server Management Shell:

Enable-CsTopology

If you have an Enterprise install of Lync Server 2013 the process is a little more involved (more moving pieces). To update an EE deployment without a database mirror start from a Front-End server running from Lync Server Management Shell:

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn SqlServerBE.domain –UseDefaultSqlPaths

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn ArchMonBE.domain  –UseDefaultSqlPaths

Install-CsDatabase -CentralManagementDatabase -SqlServerFqdnCMS.domain -SqlInstanceName DBInstanceName –UseDefaultSqlPaths

Followed from a command prompt on each FE server and (if applicable) the Lync Edge server(s):

C:\Program Files\Microsoft Lync Server 2013\Deployment\bootstrapper.exe

And then finally back top Lync Server Management Shell:

Enable-CsTopology

If you have an Enterprise install of Lync Server 2013 the process is a little more involved (more moving pieces). To update an EE deployment with a database mirror the process is more involved as you must drop the mirror, update the servers, and then re-create the mirror. This process will most likely be streamlined in upcoming Lync updates – something that we will continue to see often and with high value – but with such a short release cycle it is understandable why the process is what it is today.

Rather than hash the requirements and steps for a mirrored process visit the Microsoft KB article and follow the steps found there (KB2809243). Although it currently does not state a requirement to run bootstrapper on the FE and Edge servers do yourself a favor and run the command to cover all bases (see above cmdlets).

The current update list (and of course all previous updates are included and assumed and thus not listed) is displayed below. It is important to note that the Lync client updates are 2-part and both are required. The table is quite large and as such has been placed into a link which may be found here - the current versions are listed below.

 

Lync Server 2010 build number is 4.0.7577.205
Lync Client build number is 4.0.7577.4356
Lync Server 2013 build number is 5.0.8308.291
Lync 2013 Client build number is 15.0.4454.1506
Lync Group Chat build number is 4.0.7577.4102
Lync Group Chat Server build number 4.0.7577.4071
Lync Group Chat Admin build number 4.0.7577.4102
Lync Attendee build number is 4.0.7577.4356
Lync Attendant build number is 4.0.7577.4098
Lync Phone Edition Polycom build number 4.0.7577.4372
Lync Phone Editions (other than Polycom) build number is 4.0.7577.4366 (4363 for CX700/8540)
Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

Automating Lync 2010 Backups

The backup procedure for Microsoft Lync Server 2010 can be a little daunting as the process is extremely manual. When working with clients I typically deploy a scheduled task on a front-end server to help automate where possible. Backups of SQL (either with a SQL aware backup program or locally to disk) and of the Lync Share are still required as well but at least this covers the rest of the items.

The script is simple but two part – it starts in the command prompt and then calls out PowerShell modules and a PowerShell script to wrap things up. Some manual purging of previous backups is done first and then the current backups are performed (where necessary). The example uses the following variables:

  • Scripts are located in D:\Scripts

  • Backups are dumped to D:\Backups

  • Create Subfolders under Backups - Config, DBIMPEXP, LIS, RGS

  • Lync 2010 Resource Kit is local and installed to D:\Program Files\Microsoft Lync Server 2010\ResKit

LYNC_BACKUP.CMD

del D:\Backups\Config\config.xml
del D:\Backups\LIS\lis.xml
del D:\Backups\RGS\rgs.zip

"C:\Program Files\Common Files\Microsoft Lync Server 2010\Support\DBImpExp.exe" /hrxmlfile:D:\Backups\DBIMPEXP\Backup.xml /sqlserver:YOUR_SQL_SERVER_FQDN_and_INSTANCE

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "cd $env:UserProfile; Import-Module 'C:\Program Files\Common Files\Microsoft Lync Server 2010\Modules\Lync\Lync.psd1'; Import-Module 'D:\Program Files\Microsoft Lync Server 2010\ResKit\RgsImportExport.ps1'; D:\Scripts\lync_backup.ps1

Exit

LYNC_BACKUP.PS1

Export-CsConfiguration -FileName D:\Backups\Config\config.xml;
Export-CsLisConfiguration -FileName D:\Backups\LIS\lis.xml;
Export-CsRgsConfiguration ApplicationServer:YOUR_POOL_SERVER_FQDN –FileName D:\Backups\RGS\rgs.zip;
exit

To automate the tasks create a Scheduled Task on a Lync Front-End server and schedule the task with a service account that has full NTFS permissions to the D:\Backups folder (and subfolders/files), is a member of the RTCUniversalServerAdmins group, and has Log on as a batch job rights.

Create Scheduled Task

  1. Launch from the Administrative Tools Task Scheduler

  2. Click the Task Scheduler Library and right-click to Create a Basic TaskName the task – Lync Backups (as an example)

  3. Create a schedule – this needs to mimic your local backup jobs so that the daily/weekly/etc. backups gather the backups you create (in the example we used Daily at midnight

  4. Select to Start a program and select the CMD file created above

  5. Finish the task creation and then double-click the task to edit it further

  6. Modify the Security

  7. Set to run whether user is logged in or not

  8. Set the user execution task to the Lync Service account created above

  9. Save the task entering the password when prompted and you are done

Testing of the task may be completed by right-clicking on the task and selecting Run. Don’t forget to backup the D:\Backups directory as well as the SQL databases and Lync share to gather all Lync info.

Additional References

http://technet.microsoft.com/en-us/library/hh202170

Mobility for Lync

Native Microsoft Mobility for Lync 2010 Is Here!

The mobility features of Lync have been sorely missed since Lync 2010 was release last November but Microsoft has made HUGE strides in their recent release. There are a few pre-requisites which we will cover as well as some gotchas to look out for. As of today the Windows Phone client (Mango required) is available in the Marketplace but the Apple iOS and Android clients have yet to appear. There should also be a Nokia client but I do not have a method to test so unfortunately I have nothing to report there.

Server Requirements

Before mobility can be configured the current Lync environment requires CU4 to already be installed. If this has not been done, first things first. There are also a few configuration requirements that must be met which while it didn't matter without mobility, now it does. Those include:

  • The Front-end pool internal web FQDN must be different from the external (even if you are using split-DNS)
  • HLBs may need to be updated changing their persistence to cookie-based and certificates installed to support SNAT
  • IIS Dynamic Content Compression is needed on the Directors and Front-End servers in order to install the mobility BITS

Once that is complete there is a mobility download that must be grabbed and server-based PowerShell commands that are run on a Front-End Server in the environment. The configuration includes updating DNS, requesting and installing new certificates, configuring ports etc. so let's begin.

Mobility Configuration

CONFIGURING MOBILITY PORTS

The first task completed when configuring mobility is running two PowerShell commands to configure the ports mobility will use inside and outside. Setting the ports will also 'inform; the bootstrapper process that mobility should be installed and configured. To set your ports simply launch Lync Server Management Shell (LSMS) and type:

Set-CsWebServer –Identity lspoolname.domain.com –McxSipPrimaryListeningPort 5086
Set-CsWebServer –Identity lspoolname.domain.com –McxSipExternalListeningPort 5087
Enable-CsTopology

You can see the internal listening port has been set at 5086 with the external ports set to 5087. The enable command sets the changes into the topology and the Lync environment is now aware that mobility should be there. The above two Set-CsWebServer commands with the MCX values will only work if CU4 is installed.

IIS CONFIGURATION

If the IID Dynamic Content Compression was not already added (listed as a pre-requisite above) now is the time to complete the process as without it setup will fail. If your base operating system for your Lync Front-End/Director server is Windows Server 2008, use the following command:

[from a command prompt] ServerManagerCMD.exe –Install Web-Dyn-Compression

If the base operating system for your Lync Front-End/Director server is Windows Server 2008 R2, use the following command:

[from PowerShell] Import-Module ServerManager; Add-WindowsFeature Web-Server, Web-Dyn-Compression

DNS CONFIGURATION

New DNS names have been established for the AutoDiscover process (think Exchange AutoDiscover). The new feature removes the need for you to configure the explicit server settings on the mobile clients (very nice). There are up to three different records that must be created, two of which are on the inside DNS. Two of the three records are CNAME DNS records while the third (required if split-DNS) is an 'A" record.

Internal DNS create CNAME record lyncdiscoverinternal and point it to the internal web services 'A' record
External DNS create CNSME record lyncdiscover and point it to the external web services 'A' record
Internal DNS (if using split-DNS) create 'A' record for your external web services name and configure it to the external IP

INSTALLATION OF THE MOBILITY BITS

The installation of the BITS is completed by downloading the new MSI, placing it in the expected folders, and running bootstrapper.

To begin, download the MSI at Microsoft's download center here. Save the MSI locally to each Front-End and Director server in the path C:\ProgramData\Microsoft\Lync Server\Deployment\cache\4.0.7577.0\setup. This is the location of the cached Lync 2010 installers. Once the MSI is in the correct path, launch LSMS and run C:\Program Files\Microsoft Lync Server 2010\Deployment\Bootstrapper.exe (NOTE: the path C:\Program Files\Microsoft Lync Server 2010\ may be different in your deployment based off of where Lync was installed)

Bootstrapper will detect the configuration/setting of the mobility ports and install the mobility BITS on the required servers.

Assuming push notifications are desired on the iOS and Windows Phone platforms, enter the following after the installation is complete (from LSMS):

Set-CsPushNotificationConfiguration -EnableApplePushNotificationService $true -EnableMicrosoftPushNotificationService $true
New-CsHostingProvider –Identity "LyncOnline" –Enabled $True –ProxyFqdn "sipfed.online.lync.com" –VerificationLevel UseSourceVerification
New-CsAllowedDomain –Identity "push.lync.com"

CERTIFICATES

Because there are new names internally and externally new SANs are required on both the internal and external certificates. The simplest way to request a new certificate is using the Lync Deployment application on a Front-End server (one per pool). The server has the ability to create both the internal and external certificates using the GUI. If you are in a multi-server pool I recommend having three separate certificates on the pool - one unique to each Front-End and the other two used on each Front-End (same certificate).

If you already have the Server Default certificate unique to the Front-End server (it will have the pool name, server name, and most likely 'sip'), then the next step is running the wizard again and ONLY selecting Web Services Internal. Running the wizard will include all known names for all supported SIP domains - this includes the internal web services FQDN as the CN and meet, dialin, lyncdiscoverinternal, and your lyncadmin name as SANs. If you use an external certificate provider, that certificate request can be sent off for processing.

Next launch the certificate wizard again this time making sure only Web Services External is selected, offline certificate is selected, and mark as exportable is checked. The results for the external certificate request will be a certificate with the external web services FQDN as the CN and meet, dialin, and lyncdiscover as SANs. Once the certificate has been processed externally you have two options. If you are using a Reverse Proxy where the certificate is required or a HLB, export the certificate from the server and import into the appropriate location. Assuming you are using an internal CA, you would then have the option to re-request an internal certificate for the external web services role. If you are NAT'ing directly to a single server (no HLB but a single point of failure) then you may leave the certificate as is.

RESTART POOL/DIRECTOR SERVERS AND TEST

Once the configuration is complete, reboot the various servers and validate that there are no unexpected errors in the Lync logs in the Event Viewer. Once the servers are back online, assuming all is well launch LSMS and run the following command (replacing your two test users with appropriate names and accounts):

Test-CsMcxP2PIM -TargetFqdn lspoolname.domain.com -SenderSipAddress sip:user1@domain.com -SenderCredential "domain\user1" -ReceiverSipAddress sip:user2@domain.com -ReceiverCredential "domain\user2"

The result of the test should look like:

TargetUri  : https://internalwebservicesname.domain.com:443/mcx
TargetFqdn : lspoolname.domain.com
Result     : Success
Latency    : 00:00:00
Error      :
Diagnosis  :

FURTHER READINGS

Lync Mobility Installation Guide from Microsoft
Lync Server 2010 Mobility Service MSI Download
Dave Howe's HLB Config Guide for Lync 2010