Category Archives: Lync

Virtualization best practices for Lync


Lync is an instant communication application which provides many modalities to end users such as IM/Presence, A/V, Conferencing, Group/Persistent Chat, Enterprise Voice etc. To achieve all these functionalities, organizations need to deploy many roles on different-2 servers. Therefore, many roles require many servers and as number of servers will increase, cost will increase respectively. To provide better ROI with restraint TCO, Lync can be deployed as a Virtualized solution.

While virtualizing Lync, Performance and stability should be taken care. To achieve complete virtualized solution follow virtualization best practices for Lync.

Microsoft recommends below best practices for Lync virtualized solution.

Processor

  • You should disable hyperthreading on all hosts.
  • Do not use processor oversubscription; maintain a 1:1 ratio of virtual CPU to physical CPU.
  • Make sure your host servers support nested page tables (NPT) and extended page tables (EPT). [Intel use EPT terminology while AMD use NPT terminology]
  • Disable non-uniform memory access (NUMA) spanning on the hypervisor, as this can reduce guest performance.

Memory

  • Do not configure dynamic memory or memory overcommitment on host servers.

Network

  • Use Virtual Machine Queue (VMQ) to optimize synthetic NIC performance.
  • Use physical NIC segregation for host versus guest communications.
  • Single-root I/O virtualization (SR-IOV) is recommended. The specific configuration you should use depends on the host chipset and network adapter/driver. (SR-IOV is recommended but not mandatory, you can still use NIC teaming at host level.)

Storage

  • Use fixed or pass-through disks rather than dynamic disks. (I recommend, use fixed disks in VHDX format instead of pass-through.)
  • Use MPIO (Multipath I/O) for your storage Back End Server.

Hypervisor

  • Virtual machine portability or failover techniques such as live migration are not supported.
  • Hypervisors require an amount of overhead (typically 6 percent to 10 percent) above and beyond what the virtual guest requires. This overhead can involve both CPU and memory.
  • Windows Server 2008 SP2 is not supported as a guest operating system.

Apart from Lync server roles, you can also virtualize other components such as Load Balancer and Session Broader Controller.

Configure DHCP Server options for Lync Phones


Setting up entire Lync Infrastructure is fun for Lync Professionals but real fun always come at last moment when end users start enjoying Lync services from their end user devices. To setup Lync soft client is quite easy while configure Lync phone devices are tricky one.

Trick comes with automate process of Lync phone devices which start from getting an IP address from DHCP server and end with user specific configuration such as selecting Time zone. Most of the companies use DHCP server to provide IP address to the client machine, simply Lync Phone devices can get an IP address from same DHCP server but it needs more to complete the entire configuration.

First of all, we have to understand any Lync client can only login if time is synchronized between Lync Server and Client. To meet this requirement starts with DHCP option 42.

If you have time server in your existing environment, specify the same in DHCP configuration option 42.

Let’s take an example if you don’t have time server in your existing environment then you can configure domain controller (PDC) as a time server.

  1. Create a record as shown below.

  1. Create service record as shown below.

Once you are done with this, specify same server address in DHCP option 004 & 042 and domain name in option 119.



Rest all the options you can see below need to be configured. But 🙂 you’ll not get any option with specific vendor by default in your DHCP server.

To make it simple MS provide dhcputil.exe in Microsoft Lync Server 2013 Front End / Standard Edition Servers.

 

Just copy this dhcputil.exe file in DHCP server and run below command

DHCPUtil.exe -SipServer <Lync Server Pool FQDN > -WebServer <Lync Server Internal Web FQDN> -RunConfigScript

In my case, I have copied dhcputil.exe in c drive of dhcp server.

C:\> DHCPUtil.exe -SipServer se01.insidemstech.com -WebServer sewebint.insidemstech.com –RunConfigScript

Once you will run the above cmdlet, it will add & configure all the required option as shown below

If you want to verify your dhcp configuration, run DHCPUtil.exe –EmulateClient from client computer.

If it doesn’t give any errors. It means you are done.

Now you can set pin for your Lync users and get logged in through Lync Phone Edition devices.

I hope it helped 🙂

 

How does Lync Federation work?


Lync federation also known as external connectivity which allows a lync user to connect with users in other organization as well as public IM domains and XMPP. Lync support two kinds of federation open and close. When an organization allow open federation that means the organization has enabled automatic discovery while closed means the organization has disabled automatic discovery and added specific domain to allow federation.

Lync federation can be configured from Lync Control Panel as well as from Lync Management Shell.

It is time to know “how does lync federation work?” Let’s take an example of two organizations contoso.com and fabrikam.com. Both organizations have open federation.

Below is the step by step procedure:

  1. UserA (sipuri:usera@contoso.com) is looking for UserB (sipuri:userb@fabrikam.com)
  2. First of all it will check the access edge configuration for federated domain.
  3. As UserA request for sipuri: userb@fabrikam.com and in my case both domain is configured for open federation, the request will go to Access Edge Server and Access Edge Server will do lookup for domain name fabrikam.com.
  4. If fabrikam.com domain exists then it will look for the SRV record _sipfederationtls._tcp.fabrikam.com.
  5. Once it will get the destination address of fabrikam.com access edge server then it will try to establish the SIP/MTLS:5061 connection.
  6. Once Fabrikam.com will receive the request from contoso.com, fabrikam.com will check the access edge configuration to verify allow/block federated domains.
  7. Once the connection will be establish between both Lync Front End Pools / Lync Standard Edition Servers via Access Edge Server, UserA and UserB will talk to each other.

 

Note:

  1. All the required ports should be open in both ends.
  2. SRV record entry should exist in External Certificate.
  3. Federated domain should be allowed in both ends.
  4. XMPP doesn’t use SIP/MTLS:5061. It use XMPP/TCP:5269 to connect access edge server from public network and XMPP/MTLS:23456 to connect Front End Pool.

IIS ARR on Windows 8.1 for Lync 2013


Reverse Proxy is a key part of the infrastructure topology which help users to access application from the internet. As Microsoft has no futuristic road-map for TMG/UAG and other products which provide same kind of functionality may expensive and costly. Therefore, Microsoft came up with inexpensive reverse proxy solution which works on IIS 7 onwards. It is very simple to configure and can be configured on Windows server operating system as well as on client operating system.

Let’s start step by step procedure to configure Internet Information Service Application Request Routing (IIS ARR) on window 8.1. The basic requirements to configure IIS ARR is 2 NIC’s and IIS 7 & above.

(Note: If you are using IIS ARR behind the internal firewall then don’t forget to add the route for inbound traffic and don’t specify any gateway in your internal NIC.)

The system should not be part of the domain. One network will connect to your internal network and another network will connect to the internet.

 

 

Install windows 8.1 Enterprise.

 

Add DNS Suffix.

 

Configure both NIC’s. In my setup “Edge” will talk to internal network and “External” will talk to Internet. Don’t configure gateway and dns in internal NIC.

 

Install IIS with default features.

 

There are two ways two install IIS ARR components.

  1. Automatic (If you have internet connection on your IIS ARR, you can use this option.)
  2. Manual (if you don’t have internet connectivity.)

For automatic installation just download “Windows Platform Installer” and run wpilauncher.exe.

 

Type ARR in search menu and enter, you will get Application Request Routing 3.0 and click on add and then click on install.

 

You will get the list of dependency including AAR 3.0. Click on I accept to install.

 

If you don’t have internet connection on your IIS ARR server, you can follow the same steps till now on any machine where you have internet connection and can download all dependencies by clicking on “Direct Download Link”.

Now, you can install everything manually including IIS features which are not installed by default by cross checking in the above window.

 

 

 

 

 

 

 

 

 

 

 

Once you have done with installation, please assign certificate to IIS which should have following SAN’s.

  1. Lyncdiscover.doamin.com
  2. Dailin.domain.com
  3. Meet.domain.com
  4. LyncExternalWebSerivice.domain.com (FQDN of external Lync Web Services)
  5. WACExt.domain.com (FQDN of external WAC services) – only if you are publishing WAC url.

     

Open IIS Manager and cross verify assigned certificate.

 

Right click on Server Farms and create new server farm.

 

Define server farm name and click on next.

 

Define IP address of you FE Pool or FQDN* of your FE Pool.

(Note: If you use FQDN then you should make entry in host file.)

 

Make server entry and change the port in advance settings as below.

 

Now, you can see your server farm.

 

Follow the same steps and add all your require server farms.

 

Now go to you websites and click on bindings.

 

Do the necessary bindings with port 443 for https.

 

 

 

Now, you have to go to in each farm and change configuration under Caching, Proxy and Routing rules.

 

Uncheck “Enable disk cache”

 

Click on apply.

 

Now, change time-out (seconds) to 180-200.

 

Click on apply.

 

Uncheck “Enable SSL offloading” in Routing Rules.

 

Click on apply.

 

Now, It is time to configure URL Rewrite settings.

 

You have to keep only _SSL URL path.

 

Click on each and add the condition (HTTP_HOST)

 

 

 

 

 

Follow the same steps for all server farms.

Now, we are done with the configuration.

Step by Step Lync 2013 Edge Server


Lync server consists of multiple roles and Edge server role is one of them. Lync server 2013 Edge server role take care of external connectivity of Lync users. It provides connectivity to Remote, PIC, Mobile, Federated and Anonymous users. Edge server deployment provides external access to different communication modalities IM & Presence, Web Conferencing and Audio/Video Conferencing.

Edge server deployment is not as simple as other Lync server roles and requires attentive preparation before jump into the installation. Let’s start the preparation for deploying standalone Edge server role.

IP Address Planning:

I am using 192.168.x.x/16 IP addressing for Internal Network, 172.25.x.x/16 IP addressing for Perimeter Network and 10.x.x.x/8 IP addressing for External Network. IP address on internal firewall is 172.25.33.100 which will act as a gateway for communication between perimeter network and internal network, IP address on External firewall is 10.1.1.100.

As internal NIC of Edge server is behind internal firewall and don’t have gateway in internal network address. So, we will have to route traffic from 172.25.33.10 to internal network via 172.25.33.100.

Follow below steps to add route.

Open command prompt with administrative rights on Edge Server.

Run “ipconfig /all” and note down the physical address and Ethernet adapter description of internal NIC.

 

Now run route print and note the Interface List ID of the internal NIC.

 

Now add the persistent route for internal traffic.

 

Open Lync Server Topology Builder on Lync Front-End / Standard Edition Server.

Right click on Edge Pool and select New Edge Pool.

 

Click on Next.

 

Write Edge Server FQDN.

 

Select appropriate features as per your requirements.

 

Select IP versions and NAT option according to your requirement.

 

Specify external FQDN and associated port numbers. (Note: If you have selected “Use a Single FQDN and IP address” then you will have to use different port numbers for all three FQDNs).

 

Specify the IP address for Edge server internal NIC.

 

Now specify the external IP address for all services.

 

Please specify the Public IP address which will be NAT to the A/V edge service. (In my case, the deployment has been done in LAB and don’t have public IP address. That’s why I am taking a different IP address.)

 

Define the next hop server. Next hop server will be your Lync pool if you don’t have director otherwise next hop will be your director pool.

 

Select pool and click on finish.

 

Now publish your topology.

 

 

 

Open Lync management shell with administrative privilege on Lync FE server and export the configuration.

 

Login to the Edge Server with administrative privilege and run Microsoft Lync Server 2013 setup and follow the steps.

 

 

 

 

After installing Lync 2013 core components, open Lync server 2013 deployment wizard.

 

Click on “Install or Update Lync Server System”.

 

Run “Install Local Configuration Store”

 

Browse Edge configuration file which you had exported in Lync FE server.

 

Click on Next.

 

 

 

Cross verify the installation through log file.

 

Now, Run “Setup or Remove Lync Server Components”.

 

 

 

 

 

Now, it’s time to request and assign certificates.

 

Follow the steps to request the Edge Internal Certificate.

 

 

 

 

 

 

Fill the appropriate information.

 

 

 

 

 

 

 

Now, request External Edge certificate.

 

 

 

 

 

 

 

 

(Note: If you want to use same public certificate for Reverse proxy also, add additional SAN’s for reverse proxy: lyncdiscover.domain.com, lyncwebservicesexternalname.domain.com, dailin.domain.com, meet.domain.com)

 

 

 

 

Once you have generated certificate request, can send these request to your certification authority to generate the certificates for you. As we are doing this setup in our lab, so we will use our internal AD CA.

Once you have generated the certificates open mmc and add certificates (Local Computer) via add/remove snap-in to import the generated certificates.

 

Import root CA onto Trusted Root Certification Authority.

 

Import generated certificates into Personal store.

 

 

 

 

 

Follow same step to import Edge Public cert also.

 

Now, It’s time to assign certificate to Edge services.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Once certification assignment is done, open Lync control panel in Lync FE server and go to Federation and External access.

 

Change External access policy as shown below.

 

Change Access Edge configuration policy as shown below.

 

Now everything has been done, it’s time to perform last step. Add Front End Pool / FE server entry into Edge server host file.

 

Finally, your external Lync clients will be able to login and you can use Edge services for external connectivity.

But, still you cannot use those services which require Reverse proxy. Therefore, configure your reverse proxy also to get all the things worked seamlessly.

Lync Server 2013 Management Shell in not working on Windows Server 2012 R2


If you are installing Lync Server 2013 on Windows Server 2012 R2, you may face a problem with Lync Server Management Shell. Lync Server Management Shell will get stuck without any user prompt.

Close Lync Server Management Shell.

There is a trick to get out from this problem which you need to apply for each profile that will use Lync Server Management Shell and on every system from where you have to access Lync Server Management Shell.

Please follow below steps to solve this problem:

To get the Lync Server Management Shell target path, you can access “Lync Server Management Shell” shortcut from C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync Server 2013 or you can locate directly from Start menu also.

 

Right Click on “Lync Server Management Shell” shortcut and go to the properties. Copy the target path (for example in my server the path is: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -command “cd $env:UserProfile; Import-Module ‘C:\Program Files\Common Files\Microsoft Lync Server 2013\Modules\Lync\Lync.psd1’).

 

Open Windows PowerShell (Run as Administrator) and paste the same in user prompt [C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -command “cd $env:UserProfile; Import-Module ‘C:\Program Files\Common Files\Microsoft Lync Server 2013\Modules\Lync\Lync.psd1’]and add inverted comma(“) in last.

Complete Path: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -command “cd $env:UserProfile; Import-Module ‘C:\Program Files\Common Files\Microsoft Lync Server 2013\Modules\Lync\Lync.psd1’

You will get Lync user prompt in windows PowerShell, to cross verify you can run Lync Server Management Shell Cmdlets such as: Get-CsServerVersion.

Now open Lync Server Management Shell, hopefully you will get user prompt.

Office Web Apps Server & Lync 2013


Office Web Apps Server is required server role for Lync 2013 deployments. You can have too many questions in your mind regarding OWS for Lync 2013 such as what, why, how, where, when etc. To make it simple, I am creating flow which can help you to know more about Office Web Apps Server.

What is Office Web App Server? Office Web Apps Server is a new Office server product that delivers browser-based versions of Word, PowerPoint, Excel, and OneNote. A single Office Web Apps Server farm can support users who access Office files through SharePoint 2013, Lync Server 2013, Exchange Server 2013, shared folders, and websites. (Microsoft definition)

History? Don’t be confused between Office Web Apps in 2010 which was tightly integrated with SharePoint 2010 and Office Web App Server which is an independent office server product build by MS to support SharePoint, Exchange and Lync in advance fashion to provide rich experience to end users. Now, you can have a question in your mind about Windows Live Office Web Apps which is free for Windows Live and small-business users. Yes, you are absolutely correct but if you need these functionality on-premises, deploy Office Web Apps server.

Why do we need OWS in Lync 2013 deployment? Basically, Lync Server 2013 use OWS to handle PowerPoint presentations and improve the overall experience for presenters and attendees both. It provides rich presentation experience with high resolution and all new set of features which are available in PowerPoint such as transitions, animations and embedded videos etc. Lync 2013 supports standard DHTML with Java script which enable users to view presentation in mobile devices which doesn’t support Silverlight. Authorized/Privileged users can also scroll PowerPoint presentation as per their own wish without disturbing presenter.

How does it make difference? Lync server 2010 users (Lync Clients) were used to use PowerPoint viewer (which is based on PowerPoint 97-2003 and doesn’t support new features and other OS platforms except windows) and Lync web app users were used to customize DHTML with Silverlight which also doesn’t support all new features. Many mobile devices don’t support Silverlight which can’t be a part of PowerPoint broadcasts. To mitigate all these issues MS came up with Office Web Apps server which support all the features and provide rich experience to end users.

When should we deploy OWS? To make the things simpler you should deploy OWS before Installing Lync Server. You can also continue without deploying OWS server and use futuristic/planned FQDN of OWS in Lync topology builder. If you have existing OWS, you can use same for the Lync also.

Where should we deploy OWS? You should deploy OWS in your corporate network where you will deploy Lync Front End Servers.

How should we deploy OWS? OWS supports Windows Server 2008 R2 with SP1 and Windows Server 2012.

Prerequisite for Windows Server 2008 R2 with SP1:

  1. .NET Framework 4.5
  2. Windows PowerShell 3.0
  3. Platform update for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB2670838)
  4. Install Windows Features:

Import-Module ServerManager

Add-WindowsFeature Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-App-Dev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,Web-Security,Web-Windows-Auth,Web-Filtering,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Console,Ink-Handwriting,IH-Ink-Support

  1. Restart the server

Prerequisite for Windows Server 2012:

  1. Install Windows Features:

Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,InkandHandwritingServices,NET-Framework-Features,NET-Framework-Core –Source “D:\sources\sxs\”        (Note: Here D: indicates path of Windows Server 2012 Media)

  1. Restart the server

Install Office Web Apps Server. Click here to download

Install the Office Web Apps Server update KB2810007

Install Language Pack to support multiple languages. Click here to download

Configure Office Web Apps Server farm

Configure certificates, url etc.

Add more servers in OWS farm

Configure load balancing.

High Availability Options in OWS? You can deploy stand-alone Office Web Apps Server farm which supports all the features but doesn’t provide High Availability. If you need HA for OWS farm, deploy more than one OWS server and configure load balancing. Office Web Apps Server only supports Windows Network Load Balancing or Hardware Load Balancing.

Autodiscovery and Lync 2013


Autodiscover is an integrated part of Lync 2013 which was first introduced in Lync 2010 CU4. Basically, autodiscover was launched for Lync 2010 mobile client and then continued for all Lync 2013 clients. Lync 2013 Windows store app only connects through autodiscover service and does not rely on SRV & other A records.

Lync 2010 mobile clients had connectivity issues from internal network because most of the organizations use private CA for internal services and mobile client does not rely on that. To mitigate this problem, there were work around such as use public certificate for internal network also but this is not very easy because of different DNS names internally and externally or another way was redirect mobile clients to external DNS so that they can connect using public certificate.

You need to create lyncdisoverinternal.domain.com in internal DNS and lyncdiscover.domain.com in external DNS to get the Lync clients connected mainly Lync mobile clients and Lync 2013 Windows store app.

Once Lync 2013 windows clients try to login. The following process mechanism starts to connect to the Lync Server:

 

While Lync 2013 windows store app try only lyncdiscoverinternal.domain.com and lyncdiscover.domain.com to log in.

In other ways, we can say Lync 2013 mobile connectivity has been hoodwinked. Lync 2013 mobile clients are hard coded to look for a unique parameter which looks for external services to connect regardless of client network location. Lync 2013 mobile clients use Ucwa parameter for internal and external connectivity while Lync 2010 mobile clients use MCX web service parameter for the same.

Collocated or Stand-alone Mediation Server


Most of the time, Lync Enterprise voice deployments need debate for collocated or stand-alone mediation server. Collocation of Mediation Server can reduce the TCO and data center footprints. Can Mediation server collocation be a wise option? To choose a wise option out of collocated or stand-alone mediation server depends on the following:

  1. Number of users enabled for UC-PSTN calls
  2. Number of UC-PSTN calls per user per hour
  3. Number of UC-PSTN calls at the time of peak load
  4. Connected gateway / SBC and mediation server
  5. Percentage of calls that support media bypass
  6. Branch sites configuration for UC-PSTN deployment

If I have missed any point here, please leave your comment so that I can add the same.

Any call which initiate from any Lync endpoint has two components signaling and media. For UC-PSTN calls, signaling always goes through Mediation server if stand-alone or Standard Edition / Front End server collocated with mediation server role.

No Media Bypass:

Media Bypass:


If your gateways, SBC or IP-PBX support media bypass, you can use collocated mediation server. But if you are planning for an option which do not support media bypass, I will advise you not to use collocated mediation server as collocated meditation server will increase load on front end servers which can cause of poor performance.

If you still want to use collocated meditation server, you can increase number of front end servers which can help you to distribute the load among front end servers.

A Stand-alone Mediation server deployment also depends on Branch sites which are connected to central site. If your branch sites don’t have dedicated PSTN connectivity then you should go with stand-alone mediation server pool. Again this topic requires more debate. As we know Lync 2013 use M:N trunk, in simple way it means if you have mediation server deployed in branch site and that can support media bypass you can still go with collocated option.

You can use Lync Planning tool to try all options and choose best out of that which provide you better ROI and best performance.

Lync 2013 Enterprise Edition Users and Servers Model


Lync designing & planning is intricate part and right decision can help organization to get better ROI. This article may help Solution Architects, Consultants and System Administrator to choose best Lync server/pool model. Number of Lync servers in a pool, collocated or distributed model of Lync roles typically depends on No. of Lync users, their activities and different geo locations.

Lync 2013 Server Pools Number of Servers Supported No. of End users Remarks
Lync 2013 Front End pool (Collocated with A/V conferencing, Mediation Server, A/M server) 12 80,000 Max. Conferences size is limited to 250 users, Media Bypass is required to support all users with condition of 60 % users are enable for EV and only 40% calls are UC-PSTN calls.
Lync 2013 Front End Pool (A/V only) 2 Large conferences b/w 250 – 1000 users
Lync 2013 Mediation Pool 12 80,000 100% users are enabled for EV and 80% calls are UC-PSTN calls. 12 servers are required if Media by pass in not enable/supported for deployed EV connectivity. No. of servers will reduce based on Media bypass configuration according to the %.
Lync 2013 Persistent Chat 8 (4 active & 4 Passive) 80,000 1, 50,000 users can be enabled for pChat and 80,000 users can use concurrent. Only pChat pool can be stretched b/w sites to achieve DR. For more details check Lync 2013 HA
Lync 2013 Edge Server 4 – 8 80,000 Depends on how many users will access Lync services simultaneously, 3-4 servers for 30-40% & 7-8 servers for 100%
Lync Director (optional) 3 – 8 80,000 Depends on remote users, 3 servers for 30% remote users and 8 servers for 100% remote users.
SQL Server 2* 80,000 *2 for each backend databases

 

Important: Above data has provided for physical servers, minor change can happen if you use virtualization as per MS guidelines. It does not take any accountability of DR plan/scenarios. If you are planning for DR also, please account overhead of DR users if available.