Tag Archives: Lync Server 2013

#skype4b: Director Server role


There are myths around the director server role in Lync Server 2013 and Skype for Business Server 2015. Let me give you the facts:

What, When, Why, Where and How?

Many IT professionals, even consultants and architects who work on Microsoft Unified Communication area may have all these questions in their mind.

What: Director is an optional server role in Lync Server 2013 and Skype for Business Server 2015. Director authenticates user requests, but doesn’t home any user accounts.

When: Director may require in following conditions:

  • If you deploy, multiple Front End pools at a central site.
  • If you want to increase security against denial of service attacks.

Why: Director protects Front End pools from denial of service attacks, avoid unnecessary traffic by pre-authenticating inbound requests, and redirecting users to their home pool.

Where: Director can be deployed in corporate network where you deploy Front End servers and can never be collocated with any other role.

How: You need to use the same process which you use to add mediation server or any other additional server role in Lync/Skype for Business site.

As I mentioned in the beginning, director is an optional server role and deployment of director totally depends on the business need and discretion.

Definitely, it increases the level of security and simplify the authentication process for external users who comes through Edge server, Director does the pre-authentication for them and passes these request to internal servers. By doing this, it saves Front End pool server from the authentication overhead and also help isolate internal Front End pools from malicious traffic such as denial-of-service attacks.

It serves as an internal next hop server to which an Edge Server routes inbound SIP traffic intended for internal servers. If the network is flooded with invalid external traffic in such an attack, this traffic ends at the Director.

If you deploy multiple Front End pools at a central site, by adding a Director to that site you can streamline authentication requests and improve performance. In this scenario, all requests go first to the Director, which then routes them to the correct Front End pool.

Now, I think you can pick the best option and design your Skype for Business solution based on the specific requirements.

Advertisements

How does Office Web Apps / Office Online server integration work with Lync/SfB Server?


Office Online Server (OOS) is a latest version or new release of Office Web Apps Server. It plays an inimitable role for Microsoft UCC (Exchange, Lync/SfB, SharePoint) applications. In this blogpost, I’ll cover the integration workflow between Lync/SfB and OOS.

OOS provides enriched PowerPoint presentation view to Lync/SfB end-users.

When a user uploads PowerPoint file into the meeting, the file is sent to the OOS server without any conversion.

OOS performs encryption and saves the file to Lync/SfB content file share.

When you configure OOS in Lync/SfB at the time of topology configuration, you define base URL. When a user presents a file, the url is taken for customization with unique identifier, file ID and meeting ID etc as well as with additional security using session lifetime token and send it to all the clients.

Whenever an end user connects to this meeting and try to access broadcast URL, OOS send the instruction to the Lync/SfB FE server to get the file details.

FE server fetch the file details based on the file ID from Lync/SfB share folder and uploads to the OOS.

Finally, OOS sends the http response with current page to the participants.

Totally confuse L

Let’s try to understand this process through illustration:

Courtesy: MVA

When a user setups a conference and upload the presentation file, it first connects to the conference server and then share the file. As shown above in the image it works as follows:

  1. The Presenter/Sharer uploads the file to the Front End.
  2. The Front End save the shared file to the Skype for Business file share folder.
  3. The sharer user starts the file presentation though the Front End server.
  4. The Front End user send the broadcasting URL with a defined file ID and authentication token to all the participants.
  5. Participants send the HTTP instruction to get the broadcast URL though the Office Online server / Office Web Apps server.
  6. The Office Online server / Office Web Apps server send the instruction to the Front End server to get the file with the defined file ID.
  7. Front End server takes the file of that file ID from the Skype for Business file share folder.
  8. Front End server uploads the file to the Office Online server / Office Web Apps server.
  9. Office Online server / Office Web Apps server sends the
    HTTP response with current page to the participants.

Windows Fabric and Server Placement – Part I


Windows Fabric plays a key role for Front End pool services availability in Lync Server 2013 and Skype for Business Server 2015. In Lync Server 2010 this responsibility was managed by Cluster Manager. Lync Server 2013 / Skype for Business 2015 Front End Pool services availability totally depend on windows Fabric and Fault & Upgrade domains provisioned by the Topology Builder.

Lync Server 2013 and Skype for Business Server 2015 use brick model which is based on Windows Fabric and use lazy writes to update Back End Server databases. Windows Fabric is a distributed system platform for building scalable applications. It is used for both on premise and cloud scenarios. Windows fabric starts independently without any specific external configuration store. It has self-healing and decentralized features which provides self-monitoring and automatically adjustment (load balancing) without any single point of failure. Windows Fabric Hosts service (FabricHostSvc) is installed as part of “Setup and Remove Lync Server components. Windows fabric also elect primary, secondary and backup secondary (tertiary) replica, maintain replication between primary and secondary replicas. You can find config file on each server located at “C:\ProgramData\Windows fabric\<ServerFQDN>\Fabric\ClusterMainfest.current.xml”.

Below are the core services which use Windows Fabric:

  • Routing Services
  • Lync Storage Services
  • MCU Factory Services
  • Conferencing Data Services

Windows Fabric is nothing but works like Windows Server Cluster. Similar to Cluster, Windows Server works on Majority where every Front End Server serves as voters. To get the majority for Front End pool, it always calculate N/2 + 1 for even FE nodes & N+1/2 for Odd FE nodes.

There are two major concepts which rely on fault and upgrade domain. Fault domain basically correlates underlying hardware and widely considered at the time of virtualization where organizations or administrators place more than one similar server role on same host. While Upgrade domains correlates logical set of nodes for planning upgrades.

Part II covers quorum loss modes, server placement, SQL server requirement for majority and best practices.

Lync Server reporting url error


Lync monitoring reports deployment is a key part of the management & administration of Lync server. Sometimes, it is simple to configure and use but some time you can face some problems. You can get this common error “An error occurred during report processing.” While accessing report url.

Sometimes this error can occur because of database stored procedure. If reporting url was working fine earlier you can follow below steps only for LcSCDR & QoEMetrics databases.

  • Open SQL Server studio manager.
  • Go to the LcSCDR / QoEMetrics
  • Go to the Programmability

  • Go to the Stored Procedures under Programmability
  • Select and right click on dbo.RtcGenerateSummaryTables
  • Click on New Stored Procedure

  • You will see the result with return value 0.

 

Now, another case comes in picture while you are deploying new reporting servers. This issue can be faced in both the cases while monitoring services are deployed on SQL Mirror or SQL Cluster. To resolve this issue, open reporting services url and go the CDRDB & QMSDB under report content and modify the connections string.

  • You can find “data source=(local)\instancename;intial catalog=QoEMetrics
  • Change (local) with real sql server name and apply the changes.

Follow the same steps for LcSCDR also via updating CDRDB and enjoy J

 

Remove Lync Server Standard Edition from existing Lync infrastructure


Business critical applications such as Exchange and Lync are very tightly integrated with Active Directory. Many preparation steps are required to introduce these application or even when you’re migrating to the newer version. Most of the times professionals see, few changes like installation or removal are required frequently for small branch site deployments. Let’s start with removal process of Lync server Standard Edition deployment from existing Lync infrastructure. There are few pre-requisites for uninstallation of Lync server required which should be performed before uninstallation process.

Below is the step by step process for Lync Standard Edition Server uninstallation:

1. Move/Disable/Remove all Lync users from existing Lync Standard Edition Server.

2. Delete/Move Conference directories.

Open Lync Management Shell

Run Get-CsConferenceDirectory and note down the Identity which are associated with Lync SE pool.

To remove run Remove-CsConferenceDirectory –Identity <Identity Number>

3. Remove other components which are associated

  • Delete all Contact objects enabled for Lync Server Enterprise Voice features by using Lync Server Management Shell.
    • If the Lync Server 2010 response groups have been migrated to a Lync Server 2013 deployment, do not remove the contact objects of the migrated response groups. If response groups have been migrated, skip the document “Remove Response Group Service Workflow Contact Objects” that is listed in the “Documentation” column. For more information, see http://technet.microsoft.com/en-us/library/jj204854.aspx.
  • Remove Enterprise Voice routes by using Lync Server Control Panel.
  • Remove all Call Park orbits by using Lync Server Control Panel.
  • Remove all tables for Enterprise Voice unassigned phone numbers.
  • Back up the Location Information service database.
  • Back up the custom music on hold file.
  • Delete Enterprise Voice routes.
  • Reassign the public switched telephone network (PSTN) gateway.

 

4. Cross verify, Lync Standard Edition server which you are going to uninstall is empty.

5. Open Lync Topology builder and delete the server from topology.

6. Delete the Lync site if there is no Lync server or other components are not associated with existing deployment.

7. Publish the topology.

8. Open Lync server 2013 deployment wizard and run “Install or Update Lync Server System”

9. Run “Setup or Remove Lync Server Components”.

10. Once components are uninstalled successfully then remove associated certificates.

11. Cross verify the uninstallation.

12. Open SQL server studio manager and remove all the databases from all three instances RTC, RTCLOCAL & LYNCLOCAL.

13. Uninstall SQL Server Express Edition from control panel.

14. Uninstall Lync Server components and other pre-requisites.

 

I hope you have enjoyed the uninstallation process. Please feel free to write you views or any observation which you find at the time of uninstallation process.

 

Lync Server 2013 – Location Based Routing


Location Based Routing is an impressive feature of Lync Server 2013 which distinct Lync Server 2013 from other UC solutions. LBR allows full fledge Lync 2013 Enterprise Voice deployment for those enterprises who are doing business in regulated countries such as India, UAE, Egypt etc. Lync enterprise voice deployment with LBR requires well-versed planning and designing as your one wrong step can disturb entire voice setup. Now, questions come to every Lync professional if LBR requires planning & designing; it means LBR is not enabled by default or in other ways, LBR configuration part comes later.

Question: If LBR is not enable by default and needs additional configuration, which methodology Lync Server uses by default?

Answer: LCR

Many Exchange professional who are reading this blog, can assume LCR means Local Continuous Replication which was introduced in Exchange Server 2007.

By default Lync server uses Least Cost Routing methodology. Least cost routing can reduce the call rates by minimizing toll charges and maximizing WAN uses, which can benefit to the enterprises but in another ways it is a revenue loss for PSTN service providers.

LBR Benefits:

  • Comply with regulations that restricts IP-to-PSTN routing in pre-defined cases.
  • Routes PSTN calls based on caller’s location to prevent toll bypass.
  • Scoped to specific locations, gateways, and users based on Network configuration.
  • Route call to the gateway closest to the calling party which increase QoS & QoE.
  • Minimize use of WAN which result in better QoS & QoE.

LBR Capabilities:

  • Route outgoing calls to a PSTN gateway local to the caller’s location.
  • Prevent incoming calls if the Lync client is not in the PSTN gateway’s location.
  • Route outgoing calls through international PSTN gateways when there is no local gateway.
  • Ensures that conferences do not have a mix of users from different locations and PSTN dial-out.

Outbound routing:

Trunk-to-trunk routing:

Inbound routing:


There are many test cases involve in LBR implementation which need to be tested. Implementation steps and test cases is explained in the next part of this article.

Courtesy: Lync Conference 2014.

Step by Step Lync 2013 Edge Server


Lync server consists of multiple roles and Edge server role is one of them. Lync server 2013 Edge server role take care of external connectivity of Lync users. It provides connectivity to Remote, PIC, Mobile, Federated and Anonymous users. Edge server deployment provides external access to different communication modalities IM & Presence, Web Conferencing and Audio/Video Conferencing.

Edge server deployment is not as simple as other Lync server roles and requires attentive preparation before jump into the installation. Let’s start the preparation for deploying standalone Edge server role.

IP Address Planning:

I am using 192.168.x.x/16 IP addressing for Internal Network, 172.25.x.x/16 IP addressing for Perimeter Network and 10.x.x.x/8 IP addressing for External Network. IP address on internal firewall is 172.25.33.100 which will act as a gateway for communication between perimeter network and internal network, IP address on External firewall is 10.1.1.100.

As internal NIC of Edge server is behind internal firewall and don’t have gateway in internal network address. So, we will have to route traffic from 172.25.33.10 to internal network via 172.25.33.100.

Follow below steps to add route.

Open command prompt with administrative rights on Edge Server.

Run “ipconfig /all” and note down the physical address and Ethernet adapter description of internal NIC.

 

Now run route print and note the Interface List ID of the internal NIC.

 

Now add the persistent route for internal traffic.

 

Open Lync Server Topology Builder on Lync Front-End / Standard Edition Server.

Right click on Edge Pool and select New Edge Pool.

 

Click on Next.

 

Write Edge Server FQDN.

 

Select appropriate features as per your requirements.

 

Select IP versions and NAT option according to your requirement.

 

Specify external FQDN and associated port numbers. (Note: If you have selected “Use a Single FQDN and IP address” then you will have to use different port numbers for all three FQDNs).

 

Specify the IP address for Edge server internal NIC.

 

Now specify the external IP address for all services.

 

Please specify the Public IP address which will be NAT to the A/V edge service. (In my case, the deployment has been done in LAB and don’t have public IP address. That’s why I am taking a different IP address.)

 

Define the next hop server. Next hop server will be your Lync pool if you don’t have director otherwise next hop will be your director pool.

 

Select pool and click on finish.

 

Now publish your topology.

 

 

 

Open Lync management shell with administrative privilege on Lync FE server and export the configuration.

 

Login to the Edge Server with administrative privilege and run Microsoft Lync Server 2013 setup and follow the steps.

 

 

 

 

After installing Lync 2013 core components, open Lync server 2013 deployment wizard.

 

Click on “Install or Update Lync Server System”.

 

Run “Install Local Configuration Store”

 

Browse Edge configuration file which you had exported in Lync FE server.

 

Click on Next.

 

 

 

Cross verify the installation through log file.

 

Now, Run “Setup or Remove Lync Server Components”.

 

 

 

 

 

Now, it’s time to request and assign certificates.

 

Follow the steps to request the Edge Internal Certificate.

 

 

 

 

 

 

Fill the appropriate information.

 

 

 

 

 

 

 

Now, request External Edge certificate.

 

 

 

 

 

 

 

 

(Note: If you want to use same public certificate for Reverse proxy also, add additional SAN’s for reverse proxy: lyncdiscover.domain.com, lyncwebservicesexternalname.domain.com, dailin.domain.com, meet.domain.com)

 

 

 

 

Once you have generated certificate request, can send these request to your certification authority to generate the certificates for you. As we are doing this setup in our lab, so we will use our internal AD CA.

Once you have generated the certificates open mmc and add certificates (Local Computer) via add/remove snap-in to import the generated certificates.

 

Import root CA onto Trusted Root Certification Authority.

 

Import generated certificates into Personal store.

 

 

 

 

 

Follow same step to import Edge Public cert also.

 

Now, It’s time to assign certificate to Edge services.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Once certification assignment is done, open Lync control panel in Lync FE server and go to Federation and External access.

 

Change External access policy as shown below.

 

Change Access Edge configuration policy as shown below.

 

Now everything has been done, it’s time to perform last step. Add Front End Pool / FE server entry into Edge server host file.

 

Finally, your external Lync clients will be able to login and you can use Edge services for external connectivity.

But, still you cannot use those services which require Reverse proxy. Therefore, configure your reverse proxy also to get all the things worked seamlessly.