Skype for Business Mobile Client Coming Soon

You may have recently seen an update to the Lync 2013 Windows Phone Mobile client where upon starting the app it informed you a new version was coming soon. A recent blog post explains the same – teasing us Windows Phone users but no date has been offered. Unfortunately at this time we only get to see the screenshots in the blog post and the notice in the app. However, it is nice to see that the Windows Phone is getting the application upgrade first with the others following.

Lync 2013 for Windows Phone


MS Download

Additional Notes: 
Lync Server 2013 build number is 5.0.8308.887

Lync 2013 Client build number is 15.0.4727.1001

Skype for Business Server 2015 build number is 6.0.9319.55

Lync Group Chat build number is 4.0.7577. 4409

Lync Group Chat Server build number 4.0.7577.4409

Lync Group Chat Admin build number 4.0.7577.4409

Lync Attendee build number is 4.0.7577.4461

Lync Attendant build number is 4.0.7577.4098

Lync Phone Editions build number is 4.0.7577.4463
Lync Phone Edition (Tanjay) build number is 4.0.7577.4463
Lync for Mac 2011 build number is 14.0.11

Lync 2013 for Windows Phone build number 5.9.1371.0

Lync 2013 for iPad build number 5.7.563

Lync 2013 for iPhone build number 5.7.563

Lync 2013 for Android build number
Lync 2013 for Android tablet build number
Lync Windows Store App build number is March 2014

Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

Microsoft has released CU June 2013 for Android Lync 2010

Yesterday Microsoft released an update for Android phones running Lync 2010. The update addresses bug fixes and stability which is always a good thing for Android devices!





Lync 2010 for Android



Google Play

Additional Notes:
Lync Server 2010 build number is 4.0.7577.216
Lync 2010 Client build number is 4.0.7577.4378
Lync Server 2013 build number is 5.0.8308.291
Lync 2013 Client build number is 15.0.4454.1506
Lync Group Chat build number is 4.0.7577.4102
Lync Group Chat Server build number 4.0.7577.4778
Lync Group Chat Admin build number 4.0.7577.4102
Lync Attendee build number is 4.0.7577.4356
Lync Attendant build number is 4.0.7577.4098
Lync Phone Editions build number is 4.0.7577.4387
Lync 2010 for iPhone build number 4.7
Lync 2010 for iPad build number 4.7
Lync 2010 for Android build number 4.0.6509.3001
Lync 2013 for Windows Phone build number is 5.0.8250.0
Lync 2013 for iPad build number is 5.0
Lync 2013 for iPhone build number is 5.0
Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

Your Smartphone – the New Lync Portable Phone

With the recent release of the various Lync 2013 mobile clients a new wave of Lync desktop and portable phones have come into play. Yes – desktop and the concept of a portable phone – all available for Lync 2013. How you ask? Quite simply.

With the new Lync 2013 mobile client allowing you to hold VoIP calls natively and its ability to interact with the system, you end up with two calling scenarios.

1)      You are on a call using your laptop/desktop/Aries phones. You realize you need to ‘leave’ your desk and you have the Lync 2013 mobile client installed on your smartphone. From the full Lync client, you park the call, enter the retrieval code into your mobile client (i.e. within the Lync dialer itself) and it retrieves the call. Very nice – you can move any Lync call from your desktop Lync client or Aries phone to your smartphone.

2)      You use the smartphone as your desk phone. Assuming you have wireless (and who doesn’t) sign-in to the Lync 2013 mobile client. All incoming calls will ring on your smartphone as well – just answer it.

The second option is how we replace a desktop phone with your smartphone. You could also use a Bluetooth headset paired with your smartphone making it a complete mobile package. There are a few things to consider however.

1)      The smartphone is VoIP – that means data. If you are using the smartphone on your cellular data network, you are using your data allotment. That may or may not be a problem, but here in the US most mobile phones have unlimited calling/phone minute plans but the data plans are restricted.

2)      If you answer/transfer the call while you are using the corporate Wi-Fi, that call is tied to the IP and network of that Wi-Fi. Leaving the facility or range of Wi-Fi means the call would need to switch to cellular, IP would change, and call would drop. I would bet that something is done to address this by a third-party sometime soon – something like NetMotion offers on the desktop (if not a solution from NetMotion themselves).

3)      Unfortunately the Lync 2013 mobile client lacks the ability to transfer the call back to the call park service – something I suspect will come in time. So, once the call is answered or transferred to the smartphone that is where it lives.

For a desktop or mobile replacement within the office, the issues above are non-existent. Using the new client you have another means to answer your calls and remain portable (not to mention a single phone device). For those looking for a means to use the smartphone as a way to start in the office and then leave we have a workable yet restricted solution. The key would be to make sure your Wi-Fi is OFF prior to transferring the call. This way, when you leave the office you are already on the cellular data network (just make sure you have the cellular data MB available). The last option of course is to simply transfer the call over PSTN to your smartphone. The real cost there will depend on your cellular plan and remember, you are tying up two phone lines (and Lync resources) as the Lync server infrastructure is conferencing the outside call and your smartphone call.

Try it out – play with the new mobile client – make an audio and video call from it – it is simply amazing and it opens up all kinds of possibilities and scenarios.

Microsoft has released CU February 2013 for Lync Server 2013 Products

Yesterday Microsoft released CU February 2013 for Microsoft Lync Server 2013. The update is a significant one as it adds the necessary components for UCWA to work correctly with the newly announced Mobility clients (as well as any custom REST apps created).

The update process is a little more involved should you be utilizing the new database mirroring feature of Lync Server 2013 so make sure you follow the steps to a tee. In addition to the standard Updater additional resources were released including the Capacity Planner for 2013, the SDK for UCMA and Lync itself, and additional language support for Lync Basic and the VDI plugins.

Three tidbits of information.

1) The –Update switch is no longer needed as the command will detect if an updated is required and if not, will do nothing. If you include the –Update switch it will drop/read sprocs and reACL permissions regardless if an update is required (it of course will update it as well but why have an outage if it is not required).

2) It is reported that bootstrapper (or the Deployment Wizard Step 2) is required prior to invoking the Enable-CsTopology command although I personally have not seen any updates processed while performing this command. It does not hurt to run however so to be on the safe side just go ahead and run bootstrapper.

3) Reboots of the Front-End servers is required. Sometimes – not sure why – the Edge server must be rebooted even if not prompted (good idea to simply do this). And finally the Lync client must be restarted after the two patches are installed below.

The update process for an SE install of Lync Server 2013 is straightforward. After the update of the Lync bits have been applied simply run from the Lync SE 2013 Server’s Lync Server Management Shell (highly important or the system will not function correctly):

Install-CsDatabase –CofiguredDatabases –SqlServerFqdn yourlyncserver.domain

Followed from a command prompt on the Lync SE server and (if applicable) the Lync Edge server(s):

C:\Program Files\Microsoft Lync Server 2013\Deployment\bootstrapper.exe

And then finally back top Lync Server Management Shell:


If you have an Enterprise install of Lync Server 2013 the process is a little more involved (more moving pieces). To update an EE deployment without a database mirror start from a Front-End server running from Lync Server Management Shell:

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn SqlServerBE.domain –UseDefaultSqlPaths

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn ArchMonBE.domain  –UseDefaultSqlPaths

Install-CsDatabase -CentralManagementDatabase -SqlServerFqdnCMS.domain -SqlInstanceName DBInstanceName –UseDefaultSqlPaths

Followed from a command prompt on each FE server and (if applicable) the Lync Edge server(s):

C:\Program Files\Microsoft Lync Server 2013\Deployment\bootstrapper.exe

And then finally back top Lync Server Management Shell:


If you have an Enterprise install of Lync Server 2013 the process is a little more involved (more moving pieces). To update an EE deployment with a database mirror the process is more involved as you must drop the mirror, update the servers, and then re-create the mirror. This process will most likely be streamlined in upcoming Lync updates – something that we will continue to see often and with high value – but with such a short release cycle it is understandable why the process is what it is today.

Rather than hash the requirements and steps for a mirrored process visit the Microsoft KB article and follow the steps found there (KB2809243). Although it currently does not state a requirement to run bootstrapper on the FE and Edge servers do yourself a favor and run the command to cover all bases (see above cmdlets).

The current update list (and of course all previous updates are included and assumed and thus not listed) is displayed below. It is important to note that the Lync client updates are 2-part and both are required. The table is quite large and as such has been placed into a link which may be found here - the current versions are listed below.


Lync Server 2010 build number is 4.0.7577.205
Lync Client build number is 4.0.7577.4356
Lync Server 2013 build number is 5.0.8308.291
Lync 2013 Client build number is 15.0.4454.1506
Lync Group Chat build number is 4.0.7577.4102
Lync Group Chat Server build number 4.0.7577.4071
Lync Group Chat Admin build number 4.0.7577.4102
Lync Attendee build number is 4.0.7577.4356
Lync Attendant build number is 4.0.7577.4098
Lync Phone Edition Polycom build number 4.0.7577.4372
Lync Phone Editions (other than Polycom) build number is 4.0.7577.4366 (4363 for CX700/8540)
Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

Lync Mobile iOS Certificate Errors

I ran into an issue (which I didn't with Android and WP7) where I was unable to login to the iPad and iPhone iOS Lync client. It turns out this error was two separate certificate errors. The first was immediately upon signing internal to the domain (because my Apple devices did not trust my internal CA). The second (internal or externally) was an issue with the intermediate certificate not being present on my KEMP Hardware Load Balancer.

Internal Root Certificate

The error I was seeing on my iPad was "Can't connect to the server. It might be unavailable. Also please check your network connection, sign-in address and server addresses". Again, the WP7 and Android devices were not experiencing this issue! (As a side, the Android devices did realize there was an untrusted certificate but I had the option of saying it was okay and move on. Eventually I simply emailed myself the root and intermediate certificates which installed with a simple click).


My Internal CA is comprised of a Root, Intermediate, and an Issuing CA yet the Apple devices only seem to care about the root. To add the certificate to the device, the Apple iPhone Configuration Tool is used. It is true that you could send yourself an email with the certificate, but I have found that the device does not fully trust that method. If you do not already have the Configuration Tool (it is not part of iTunes) download it from Apple here. There is a Mac version of the tool as well but I will show the Windows version.

Once the application is installed, launch the tool and navigate on the right to Configuration Profiles.


In the upper-right click New to create a Configuration Profile. The Configuration Profile can be used to set and configure all types of settings; however, I am only interested in adding a trusted root certificate to the device. Start by naming the profile. In my example, I have named it BriComp Root Certificate and set my unique identifier to com.bricomp.cert.profile. Complete the General settings by entering your company name and optionally a description.


Next, navigate down the list to the certificate icon labeled Credentials and click Configure.


After clicking Configure a list of certificates found on your local computer will be displayed. Assuming your computer trsuts your internal LAN certificates your root certificate will be shown here. Scroll to the correct certificate and click OK.


The certificate will be shown in the Credential window and all changes are immediate (i.e. there is no 'save' option). For small/single installs connect your device to your computer using the USB cable. The device will be displayed in the Configuration Tool under DEVICES. Select the device and then the Configuration Profile Tab.


You will notice there is an option to install the profile directly. Click Install to begin the process. On your device, a Install Profile window is shown where you must click Install followed by Install Now confirming the installation of the Root Certificate. If you have a passcode you will need to enter it and then click Done.


For mass installs, you can export the configuration profile using the tool and email it to all that need it.

External Certificate Error

Once I got past my internal certificate issue I was then receiving the error "Can't verify the certificate from the server. Please contact your support team".


This error was the same inside and outside my network but again, only on my Apple iOS devices. Puzzled for days I nearly gave up when I thought maybe...just maybe the Hardware Load Balancer needed the intermediate certificate loaded for DigiCert - the issuer of my web services external certificate. This is an easy process and if you followed my past blog on configuring the KEMP HLB for Lync this step may be required as well.

In the KEMP LB web configuration page navigate to Certificates | Intermediate Certs.


In this section you have the option of managing the intermediate certificates on your Load Balancer. Click Add New to display the New dialog. Here you need to paste the public certificate DigiCertHighAssuranceCA-3.cer into the text box and provide a name. The certificate can be downloaded from DigiCert's website at Save the file to your local computer and open it with Notepad. The certificate will look like a text file that is created when you are requesting a new certificate for yourself. Copy and paste the entire content unaltered into the KEMP website and name the certificate DigiCertHA3.

Click Add to complete the installation of the Intermediate Certificate.  That's it - once the LB trusts the DigiCert Intermediate and your device trusts your internal CA your client will be able to login.

Apple iOS has Finally Joined the Mobile Party

The Apple iOS Lync 2010 Clients for iPhone and iPad (separate apps) are finally available from the App Store. I had difficulty finding the Application using search but I did find it browsing the newly released applications.

The significant difference between the iOS version and the other clients is the Calendar integration natively within the Lync app. It allows you to see upcoming Lync conferences and join them directly from the application. This is different from, let's say the Windows Phone 7, where you are required to click join now from the meeting invite itself.

Happy playing with the new clients!

Lync Mobility on WiFi with a KEMP LB

Like many I was excited to see the mobility client finally released for Lync 2010 but needed to figure out what communication was going where - can't fix what you do not understand.


When using mobility, internally or externally, all communication flows from the mobile device to the External Web Services of your pool. The concept is that there is a single point of communication regardless of your network allowing communication to seamlessly move network to network. In order to achieve this, the external services URLs must be reachable internally when a client access port 443.


That requirement was not as daunting as one might think when using a Hardware Load Balancer, in this case it was my KEMP. The key on the KEMP was to have two VIPs created, one for internal communication and one for external communication. The configuration looked something like this:

Internal Web Services VIP --> -->

External Web Services VIP --> -->

With this configuration, the port address translation happens on the HLB so the Reverse Proxy or Firewall can send the external traffic unchanged. Internally, the communication is always bound for HTTP/HTTPS and then changed depending on the destination IP.


Looking at communication from a phone via cellular and WiFi then looks like so:

Phone IP ( --> Ext AutoDiscover ( --> Ext Web Services URL ( --> HLB ( --> Lync Pool External Web Services (

Phone IP ( --> Internal AutoDiscover ( --> Int Web Services ( --> Ext Web Services URL/HLB ( --> Lync Pool External Web Services (

As you can see both methods end up going to the external web services which is managed by the KEMP HLB. The only difference is when on the internal WiFi it is able to resolve the internal pool which passes the Mobile URL information back which is the external web services URL. Because the external web services URL resolves internally to the VIP created for the external web services, it is redirected to port 4443.

That sets the data flow as we want, now the only thing left is the configuration of the KEMP HLB which requires the setup using cookies for persistence (again referencing Dave Howe's article here).


The KEMP configuration for Lync is fairly easy with the setting below. You will need your external certificate so that is can be loaded into the HLB (public and private key) as it will need to decrypt and re-encrypt the communication. An example configuration would be:

Basic Properties
Service Type: HTTP/HTTPS
L7 Transparency: Disabled
Real Server Check Parameters: Optional but recommended
Service Nickname: Lync Web Servers -4443
Persistence Options
Mode: Active Cookie
Timeout: 3 Days (the length of an inactive Push Session before it times out)
Cookie Name: MS-WSMAN
Scheduling Method: resource based (adaptive)
Idle Connection Timeout: 0
Use Address for SNAT: Unchecked

SSL Properties
SSL Acceleration: Enabled and Reencrypt checked
Certificates: Load the external web services certificate here
Rewrite rules: None
Client Certificates: No Client Certificates required

Advanced Properties
Content Switching: Disabled
HTTP Headre Modifications: None
Port Following: No Port Selected
Enable Caching: Unchecked
Enable Compression: Unchecked
Detect Malicious Requests: Unchecked
Add Header to Request:
Not Available Server:
Not Available Redirection Handling:
Default Gateway:


Assuming there are physical servers that the VIP is pointing to (again redirecting to port 4443 and 8080) communication should now flow. As key a reminder, make sure the external web services URL resolves internally to the external HLB VIP configured above and you are good.

Mobility for Lync

Native Microsoft Mobility for Lync 2010 Is Here!

The mobility features of Lync have been sorely missed since Lync 2010 was release last November but Microsoft has made HUGE strides in their recent release. There are a few pre-requisites which we will cover as well as some gotchas to look out for. As of today the Windows Phone client (Mango required) is available in the Marketplace but the Apple iOS and Android clients have yet to appear. There should also be a Nokia client but I do not have a method to test so unfortunately I have nothing to report there.

Server Requirements

Before mobility can be configured the current Lync environment requires CU4 to already be installed. If this has not been done, first things first. There are also a few configuration requirements that must be met which while it didn't matter without mobility, now it does. Those include:

  • The Front-end pool internal web FQDN must be different from the external (even if you are using split-DNS)
  • HLBs may need to be updated changing their persistence to cookie-based and certificates installed to support SNAT
  • IIS Dynamic Content Compression is needed on the Directors and Front-End servers in order to install the mobility BITS

Once that is complete there is a mobility download that must be grabbed and server-based PowerShell commands that are run on a Front-End Server in the environment. The configuration includes updating DNS, requesting and installing new certificates, configuring ports etc. so let's begin.

Mobility Configuration


The first task completed when configuring mobility is running two PowerShell commands to configure the ports mobility will use inside and outside. Setting the ports will also 'inform; the bootstrapper process that mobility should be installed and configured. To set your ports simply launch Lync Server Management Shell (LSMS) and type:

Set-CsWebServer –Identity –McxSipPrimaryListeningPort 5086
Set-CsWebServer –Identity –McxSipExternalListeningPort 5087

You can see the internal listening port has been set at 5086 with the external ports set to 5087. The enable command sets the changes into the topology and the Lync environment is now aware that mobility should be there. The above two Set-CsWebServer commands with the MCX values will only work if CU4 is installed.


If the IID Dynamic Content Compression was not already added (listed as a pre-requisite above) now is the time to complete the process as without it setup will fail. If your base operating system for your Lync Front-End/Director server is Windows Server 2008, use the following command:

[from a command prompt] ServerManagerCMD.exe –Install Web-Dyn-Compression

If the base operating system for your Lync Front-End/Director server is Windows Server 2008 R2, use the following command:

[from PowerShell] Import-Module ServerManager; Add-WindowsFeature Web-Server, Web-Dyn-Compression


New DNS names have been established for the AutoDiscover process (think Exchange AutoDiscover). The new feature removes the need for you to configure the explicit server settings on the mobile clients (very nice). There are up to three different records that must be created, two of which are on the inside DNS. Two of the three records are CNAME DNS records while the third (required if split-DNS) is an 'A" record.

Internal DNS create CNAME record lyncdiscoverinternal and point it to the internal web services 'A' record
External DNS create CNSME record lyncdiscover and point it to the external web services 'A' record
Internal DNS (if using split-DNS) create 'A' record for your external web services name and configure it to the external IP


The installation of the BITS is completed by downloading the new MSI, placing it in the expected folders, and running bootstrapper.

To begin, download the MSI at Microsoft's download center here. Save the MSI locally to each Front-End and Director server in the path C:\ProgramData\Microsoft\Lync Server\Deployment\cache\4.0.7577.0\setup. This is the location of the cached Lync 2010 installers. Once the MSI is in the correct path, launch LSMS and run C:\Program Files\Microsoft Lync Server 2010\Deployment\Bootstrapper.exe (NOTE: the path C:\Program Files\Microsoft Lync Server 2010\ may be different in your deployment based off of where Lync was installed)

Bootstrapper will detect the configuration/setting of the mobility ports and install the mobility BITS on the required servers.

Assuming push notifications are desired on the iOS and Windows Phone platforms, enter the following after the installation is complete (from LSMS):

Set-CsPushNotificationConfiguration -EnableApplePushNotificationService $true -EnableMicrosoftPushNotificationService $true
New-CsHostingProvider –Identity "LyncOnline" –Enabled $True –ProxyFqdn "" –VerificationLevel UseSourceVerification
New-CsAllowedDomain –Identity ""


Because there are new names internally and externally new SANs are required on both the internal and external certificates. The simplest way to request a new certificate is using the Lync Deployment application on a Front-End server (one per pool). The server has the ability to create both the internal and external certificates using the GUI. If you are in a multi-server pool I recommend having three separate certificates on the pool - one unique to each Front-End and the other two used on each Front-End (same certificate).

If you already have the Server Default certificate unique to the Front-End server (it will have the pool name, server name, and most likely 'sip'), then the next step is running the wizard again and ONLY selecting Web Services Internal. Running the wizard will include all known names for all supported SIP domains - this includes the internal web services FQDN as the CN and meet, dialin, lyncdiscoverinternal, and your lyncadmin name as SANs. If you use an external certificate provider, that certificate request can be sent off for processing.

Next launch the certificate wizard again this time making sure only Web Services External is selected, offline certificate is selected, and mark as exportable is checked. The results for the external certificate request will be a certificate with the external web services FQDN as the CN and meet, dialin, and lyncdiscover as SANs. Once the certificate has been processed externally you have two options. If you are using a Reverse Proxy where the certificate is required or a HLB, export the certificate from the server and import into the appropriate location. Assuming you are using an internal CA, you would then have the option to re-request an internal certificate for the external web services role. If you are NAT'ing directly to a single server (no HLB but a single point of failure) then you may leave the certificate as is.


Once the configuration is complete, reboot the various servers and validate that there are no unexpected errors in the Lync logs in the Event Viewer. Once the servers are back online, assuming all is well launch LSMS and run the following command (replacing your two test users with appropriate names and accounts):

Test-CsMcxP2PIM -TargetFqdn -SenderSipAddress -SenderCredential "domain\user1" -ReceiverSipAddress -ReceiverCredential "domain\user2"

The result of the test should look like:

TargetUri  :
TargetFqdn :
Result     : Success
Latency    : 00:00:00
Error      :
Diagnosis  :


Lync Mobility Installation Guide from Microsoft
Lync Server 2010 Mobility Service MSI Download
Dave Howe's HLB Config Guide for Lync 2010

Mobile Outlook Update for Windows Mobile 6.1

With the recent release of Windows Mobile 6.5 and the newly improved Mobile Outlook most of us WM6.1 users are saying - what about us? Well the story is not as bleak as many might imagine. While the OS in the Windows Mobile devices is carrier 'owned' the applications are not. Luckily, Microsoft has decided to release the Outlook portion of WM6.5 as free upgrade for WM6.1 users. This is great news for me - I don't know about everyone else, but I am not interested in most of the WM6.5 features I simply want the new Outlook.

My current back-end environment is Microsoft Exchange 2010, Outlook 2010 and using the latest Mobile Outlook enhances my experience keeping the look and feel similar across clients. The upgrade was easy although it did force a re-sync of my Exchange data to my phone which took a bit of time even over the EvDO Rev A network.

More information about the upgrade and the features can be found here and it is a CAB file so you can use your WM device to navigate directly to it (my preference).


New Inbox View in Outlook Mobile


Single conversation thread Previous OCS RFC. There are four emails that make up the thread and all can be seen in a single view (reducing clutter and speeding up your day)!


The folders you select to sync are shown in your folder list. You can still expand your entire folder list by selecting All Folders.


New Single-click Voice Mail Integration or Exchange 2010 UM users. The play button eliminates the need to launch Windows Mobile player leaving you in your Inbox where you should be. The green phone button allows a single-click call back to the sender.


With Exchange 2010 and Mobile Outlook 6.5 text messages to your phone have the option of being integrated. This mean a text message received to your phone is synced with Outlook where you have the option of replying to the text directly (assuming you have the optional TXT provider in Outlook 2007 or you are using Outlook 2010 / Outlook Web Access 2010).