Microsoft has released July 2014 CU for Lync Phone Edition

We are now officially into the 3rd quarter of 2014 and thus into the third round of patching. I know we did not see patches for Lync Server 2013 in the 2nd quarter, but one can assume the trend will not hold and patches will be coming soon. As a teaser Microsoft has released the Lync Phone Edition (LPE) update for Q3, their links are found below. It is always recommended to remain up-to-date with LPE patches regardless of the fixes included.

In this iteration of LPE a Daylight Savings Time (DST) issue is resolved for Egypt and Morocco…nothing exciting but keeping the phones up-to-date ensures you will not run into any patching issues with the next release. You will also notice the CX700/LG-Nortel 8540 was not included in the update cycle – does it not require the DST fix or is this simply Microsoft stating ever so gently to move off the old phones?

*UPDATE*
As noted in the comments below, the CX700 has NOT been updated since April but it is now included in the matrix below.

Product

Version

KBs

Download

Lync Phone Edition (for Aastra 6721ip and Aastra 6725ip)

7577.4450

2973938

MS Download

Lync Phone Edition (for HP 4110 and HP 4120)

7577.4450

2973939

MS Download

Lync Phone Edition (for Polycom CX500, Polycom CX600, and Polycom CX3000)

7577.4450

2973941

MS Download

Lync Phone Edition (for Polycom CX700/LG-Nortel 8450)

7577.4444

2973942

MS Download

Additional Notes: 
Lync Server 2010 build number is 4.0.7577.230
Lync 2010 Client build number is 4.0.7577.4445
Lync Server 2013 build number is 5.0.8308.577
Lync 2013 Client build number is 15.0.4605.1003

Lync Group Chat build number is 4.0.7577. 4409
Lync Group Chat Server build number 4.0.7577.4409
Lync Group Chat Admin build number 4.0.7577.4409

Lync Attendee build number is 4.0.7577.4356
Lync Attendant build number is 4.0.7577.4098
Lync Phone Editions build number is 4.0.7577.4450
Lync Phone Edition (Tanjay) build number is 4.0.7577.4444

Lync 2010 for Windows Phone build number 4.3.8120.0
Lync 2010 for iPhone build number 4.7
Lync 2010 for iPad build number 4.7
Lync 2010 for Android build number 4.0.6509.3001

Lync 2013 for Windows Phone build number 5.4.1087.0
Lync 2013 for iPad build number 5.4
Lync 2013 for iPhone build number 5.4
Lync 2013 for Android build number 5.3.1100

Lync Basic 2013 build number is 15.0.4420.107
Lync VDI 2013 build number is 15.0.4420.1017

Microsoft has released CU April 2014 for Lync Edition Phones

New Lync Phone Edition (LPE) firmware has been released for all phones. Keeping the phones up-to-date with current firmware is imperative – too often I run into Lync certificate updates where the phones do not have a current root certificate for newly issued public certs and everything comes to a screeching halt. As a side, my basic work around for this is to setup an SE server with an internally accessible CA (read http is in the CRL and AIA), update it to the latest firmware, and then use on the phone on production. A pain, yes, but sometimes needed even if you are diligent as it is not uncommon to receive new phones with old firmware.

Product

Version

KBs

Download

Lync Phone Edition (for Aastra 6721ip and Aastra 6725ip)

4.0.7577.4444

2954032

MS Download

Lync Phone Edition (for HP 4110 and HP 4120)

4.0.7577.4444

2954033

MS Download

Lync Phone Edition (for Polycom CX500, Polycom CX600, and Polycom CX3000)

4.0.7577.4444

2954034

MS Download

Lync Phone Edition for Polycom CX700 and LG-Nortel IP Phone 8540

4.0.7577.4444

2954035

MS Download

Additional Notes: 
Lync Server 2010 build number is 4.0.7577.230
Lync 2010 Client build number is 4.0.7577.4445
Lync Server 2013 build number is 5.0.8308.577
Lync 2013 Client build number is 15.0.4605.1003

Lync Group Chat build number is 4.0.7577. 4409
Lync Group Chat Server build number 4.0.7577.4409
Lync Group Chat Admin build number 4.0.7577.4409

Lync Attendee build number is 4.0.7577.4356
Lync Attendant build number is 4.0.7577.4098
Lync Phone Editions build number is 4.0.7577.4444

Lync 2010 for Windows Phone build number 4.3.8120.0
Lync 2010 for iPhone build number 4.7
Lync 2010 for iPad build number 4.7
Lync 2010 for Android build number 4.0.6509.3001

Lync 2013 for Windows Phone build number 5.4.1087.0
Lync 2013 for iPad build number 5.4
Lync 2013 for iPhone build number 5.4
Lync 2013 for Android build number 5.3.1100

Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

Hiding your Caller-ID in Lync 2013

An unintended feature for some...

There may be times (and it may be all the time) where you do not want you caller-id (CID) to be presented when making an outbound call. If you have moved to Lync 2013 or plan to move to Lync 2013 this featute may be available for you. The mayambiguity comes from your unknown - what SBC are you using and how is it configured. As of today, the IntelePeer SBC that is being used can make this happen...

To start, the Lync 2013 Server product introduced many new features including the ability to include P-Asserted-Identity history in the SIP signaling. This additional features is intended to allow the originator's ID to be masked with a new identity allowing forwarded calls to be 'authenticated' by the originating number but display to the receiving party as the forwarded user. This concept may be defined as follows (and may be found in RFC3325):

"Lync User" <sip:lyncuser@domain.com>
"Outside Caller" <sip:+14805551212@domain.com>
"My Cell" <sip:+16025551212@domain.com>

Outside caller calls Lync User who has call forwarding enabled on their phone. Ideally when the call is forwarded to the Lync user's cellular device it displays the caller ID of the Outside Caller, not the Lync User. This worked just fine in the past with SIP Trunk Providers and SBCs that supported Lync Server. However, if you have ever worked with a non-certified SIP trunk provider the call was typically denied as it appeared to be a call from the Outside Caller using the company’s SIP trunk (and that is not allowed). Using the P-Assert-Identity history these carriers would be able to recognize that the call was actually originating from the Lync User but the CID was simply being masked with the Outside Caller’s CID.

So how does this help us in hiding our CID you ask? Well, again, this depends on the SBC and how it interprets RFC3325. Currently IntelePeer and their SBCs interpret the RFC to mean mask ALL CID information. So, if this feature is enabled on the trunk, all CID is blocked and the recipient receives an incoming call that is shown as PRIVATE. This feature may or may not remain in effect but as of today it works. For your own SBCs, it may be an option to configure this as well.

Configuring Lync 2013 to block PRIVATE numbers is a simple task if you want it to be global. If you do not want it to be global, but perhaps for some users, additional voice policies, PSTN usages, and routes would need to be defined to create a one-off setup. To enable the option globally from the Lync Control Panel navigate to Voice Routing | Trunk Configuration.

 

What you display here will be different based off your configuration but the ideas and concepts are the same. If you only have a single trunk, the configuration may be in the Global Policy. If you have multiple trunks as shown then you would want to modify the policy(s) that apply to your trunk.

To modify the policies select it from the list and double-click (or select Edit | Show details…). Once in the policy you will see many new options; the one we are concerned with is Enable forward P-Assert-Identity data. Select the box to enable to feature and click OK to close the dialog.

 

You will need to commit the changes (Commit | Commit All) and then have a little patience. Once committed, the changes must be replicated to the Mediation Servers which may take a minute or two. If you want to see this change within the Event Viewer, search for Event ID 25091 which will look something like this:

Information       10/3/2012 5:32:27 AM    LS Mediation Server       25091   (1030)

Trunk configuration has changed
Trunk: 1-la01.intelepeer.com;trunk=1-la01.intelepeer.com
ByPass Enabled: False
Forward PAI Enabled: True
Forward Call History Enabled: True
Refer Supported: False
3pcc Refer Supported: False
SRTP Mode: NotSupported
Online Voice Enabled: False
RTP Latching Enabled: False

Once that Event Log has been logged, you may make an outbound call and check the results. If all the stars have aligned in your configuration, the recipient of the call will see the CID of the incoming call as PRIVATE and will probably not answer.

For further validation that the feature is enabled you may capture and inspect Lync Server Logs (IncomingAndOutgoingCall scenario). After you have captured the logs, open then in a text reader (such as notepad) and search for Privacy:id (not ms-privacy:id as that is always there). If you want to use Snooper to view the logs unfortunately this particular option is filtered and not shown so be aware – use a text viewer. Assuming the Privacy:id option is listed in the call setup things are configured as expected. If not, either the caller did not use the route you modified or the configuration has not replicated (Event ID 25091).

PIN Authentication Login Fails on the Devices, NTP

PIN Authentication works using the Test-CsPhoneBootstrap cmdlet but fails on Lync devices

Recently I decided to 'play' with my Lync devices by moving them to a dedicated voice VLAN on my network. After doing so, I noticed I was unable to use PIN authentication. I found this extremely odd especially since I had just told a fellow colleague how simple the PIN process was. From the Lync 2010 servers the Test-CsPhoneBootstrap cmdlet was passing with a code of Success making me even more perplexed. Digging a bit deeper into the issue, I noticed that the phones authenticating using a PIN as well as my CX700 phones were taking a significant amount of time at boot while they were acquiring their time.

Comparing my two VLANs nothing stood out until I remembered I did not allow the new VLAN Internet access (why should the phones need to go out to the Internet after all?). Well, as it turns out, they were getting their time service from time.windows.com come even though my Windows domain controllers were configured as NTP servers and their SRV records existed in DNS.

The solution was quite simple and all devices benifited from a faster boot time. Within DHCP there is a standard option, 042 NTP Servers, which I configured with mydomain controllers as the defined values. As soon as I added this option, the phones received their time nearly instantly and PIN authentication worked as expected.

Dedicated Voice VLAN for Lync Devices

There are multiple reasons to deploy a dedicated VLAN for your Lync devices - IP constraint, data partitioning, QoS, just because (my personal case). I decided it was a brilliant idea to move my phones to their own VLAN but wanted to make sure my PCs behind the various devices (Polycom CX600/CX700 and Aastra 6725ip) remained on the current VLAN.

In OCS, this was accomplished exclusively via DHCP options. The process was poorly documented for whatever reason by Microsoft (and nearly non-existent in OCS 2007 R2) although multiple bloggers came to the rescue and had (for the most part) the answers. In Lync Server 2010 in addition to the DHCP OPTION 43 'option' LLDP-MEP was introduced as a method to define the multiple VLANs. Unfortunately my older networking equipment did not support LLDP-MEP so I was pushed back into the DHCP realm (thank you Microsoft for retaining the option!).

Luckily the configuration of the second VLAN is exactly the same as it was in OCS although the process is manual. Why Microsoft didn't create a script like they did to create the 'other' PIN required DHCP options is beyond me. Below I have written a batch file to create the required functionality to make sure typos are eliminated. Like the Microsoft DHCP PIN script, the options are added at the Server Options level; if this is not what you want/need, go ahead and add the Option (010 VoiceVLAN) directly to the desired scopes and remove it from the Server Options.

Note: if the DHCP MMC is running when you execute this script, you will not see the changes made. To refresh, exit the MMC and re-launch.

Now to break down what we are doing in the script. When executed from an elevated prompt (ex. VoiceVLAN.bat 30) the script uses netsch to create a Vendor Class named CPEOCPhone with a value of CPE-OCPHONE. It then creates an option 10 definition called VoiceVLAN and assigns it (in this case) a value of 30. Simply replace 30 with the desired Voice VLAN number (displayed in HEX in the MMC). Manually this would be accomplished using the following steps.

Right-click on IPv4 and select Define Vendor Classes...

 

Select Add to define a New Class. The Display name is whatever you want it to be; the script sets it to CPEOCPhone with a Description of VLAN tagging for the Microsoft Phone Devices. The only part that MUST be entered exactly is the ID value. This is set most easily in ASCII by simply placing the cursor under the word ASCII and clicking. Enter CPE-OCPHONE (yes, case sensitive) and watch the Binary equivalent automatically appear.

 

Click OK to save the new Vendor Class and Close to complete the creation process.

Next the Predefined Options must be created (in this case, Option 10). Once again, right-click IPv4 in the DHCP MMC but this time select Set Predefined Options...

Change the Option class... to the newly created class (CPEOCPhone) where you will find no Options created. Click Add... to create the new option. In the Name, enter VoiceVLAN. Change the Data type to Word. In the Code, enter the number 10. Enter Phone VLAN in the Description and click OK.

 

The Predefined Options and Values will now display option 010 VoiceVLAN with no default Value. Click OK to close the configuration dialog. You must now add the option to one or more scopes. Select a scope and select Configure Options...

 

Select the Advanced tab and from the Vendor class drop-down select CPEOCPhone. A single option should be listed, 010 VoiceVLAN. Select the option and under Data entry enter your VLAN (ex. 30).

 

Click OK to add the Option to the selected DHCP scope and repeat as necessary.

IMPORTANT: After changing the VLAN options for the phones, a hard reset is required as the devices cache their VLAN information to avoid the query process each time. For the CX700 (Tanjay) this is accomplished by using a small object to push the reset button on the back of the phone. For the newer Lync phones (Polycom CX600/CX500 and Aastra 6725ip/6721ip) you must hold down the * and # keys while powering on the phone until prompted to reset the device (this takes a few minutes). After the phone reboots, the new DHCP options will be passed to the phone. The switch port the phone is attached to must already have both VLANs associated to it with the PVID (primary VLAN) set to the computer VLAN, not to the voice VLAN. Of course, normal routing and switching configuration must be completed as well (as defined by the switch/router vendor).

VoiceVLAN.bat

netsh dhcp server add class CPEOCPhone "VLAN tagging for the Microsoft Phone Devices" "CPE-OCPHONE" 1

netsh dhcp server add optiondef 10 VoiceVLAN Word 0 Vendor=CPEOCPhone comment="Phone VLAN"
netsh dhcp server set optionvalue 10 Word vendor=CPEOCPhone "%1"