Thursday 19 July 2012

Lync Server 2013 PowerShell... Whats Next?

A lot of my free time over the last few days has been preparing Lync 2013 and finding out all the new and addon features that come with it. But as most things with Microsoft server products more things can be done via PowerShell then in the GUI. So I'm going to take some time to go through a lot of the new PowerShell commands, some might not be new commands but with additions to the command itself.

Lets start with Mobility. This was a huge leap for Lync 2010 back last December. One of the biggest concerns in my conversations was the push notification and cellular calling. Lync 2013 has raised the bar on these issues, which brings me to my first PowerShell command

PS C:\> Get-CsMobilityPolicy

This command is available in Lync 2010, but with limited function. it turns mobility on or off and enables outside voice via call work. Now with Lync 2013 we get some added functionality to the command



Now we get the options of enabling IP Audio/Video and the Require WIFI for Audio/Video.
It has been mentioned that now you can use your cellular carrier to make and receive audio/video calls with Lync 2013. Which is a huge step in the right direction.



Next command I would like to highlight is

PS C:\> Get-CsAccessEdgeConfiguration


We now have the ability to set federated partner contact limits, maximum contacts per partner, maximum accepted and rejected certificates and discovered partner reports in a time period.

PS C:\> Get-CsConferencingConfiguration

Not much has changed here, but I did notice you now have the ability to set the maximum upload file size


A new command/feature that is introduced into Lync 2013 is Federal Information Processing Standards (FIPS) configuration.

PS C:\>  Get-CsFIPSConfiguration



When configuring FIPS to RequireFIPSCompliantMedia Lync Server 2013 Preview will only allow media sessions with entities that use FIPS compliant algorithms for authentication and authorization. In order to use this function all Edge Servers must be upgraded to Lync Server 2013, as this is not supported by Lync Server 2010.

PS C:\> Get-CsMediaConfiguration


In this command we get a few extra goodies. We are now able to enable G722 Stereo Codec and enable H264 Codec. Also the ability to Enable Adaptive Bandwidth Estimation, Microsoft Lync Server will select the bandwidth rate at which to play a video stream. This selection will be based on such factors as the network congestion and the client's quality of the client's current network connection.

PS C:\> Get-CsMeetingConfiguration



The meeting configuration has also been modified but only in the look of the meeting url itself (meet.domain.com). Microsoft is now allowing us to make visual changes to the page. Adding a company logo, legal and help URLS to redirect our users to custom pages. Which is a request I personally asked our PAM and contacts as MS. I wasn’t the only one obviously, but a nice addition.

PS C:\> Get-CsTrunkConfiguration



For this command we get some new additions like, RTP Latching, Online Voice, Forward Call History, 3pcc Refer, Forward PAI and Fast Failover Timer.

RTP Latching: RTP latching is a technology that enables RTP/RTCP connectivity through a NAT (network address translator) device or firewall.

Online Voice: With online voice, users have an on-premises Lync Server account but have their voicemail hosted by Office 365.

Forward Call History: Indicates whether call history information will be forwarded through the trunk.

3pcc Refer: Indicates whether the 3pcc protocol can be used to allow transferred calls to bypass the hosted site. 3pcc is also known as "third party control," and occurs when a third-party is used to connect a pair of callers (for example, an operator placing a call from person A to person B). The REFER method is a standard SIP method which indicates that the recipient should contact a third-party by using information supplied by the sender.

Forward PAI: Indicates whether the P-Asserted-Identity (PAI) header will be forwarded along with the call. The PAI header provides a way to verify the identity of the caller.


PS C:\> Get-CsVoicePolicy



Also in the Voice Policy we get some additional functions like Call Forwarding Simultaneous Ring Usage, Voice Deployment Mode, Voicemail Escape Timer.

Call Forwarding Simultaneous Ring Usage:  Provides a way for administrators to manage call forwarding and simultaneous ringing. Allowed values are:

VoicePolicyUsage – The default voice policy usage is used to manage call forwarding and simultaneous ringing on all calls. This is the default value.
InternalOnly – Call forwarding and simultaneous ringing are limited to calls made from one Lync user to another.
CustomUsage. A custom PSTN usage will be used to manage call forwarding and simultaneous ringing. This usage must be specified using the CustomCallForwardingSimulRingUsages parameter.

Voice Deployment Mode: Options are, OnPrem, Online, OnlineBasic, OnlineHybrid

Voicemail Escape Timer: Here is another feature myself and other Lync Pro's have been hounding Microsoft about. When set to True, calls to an unanswered mobile device will be routed to the organization voicemail instead of the mobile device provider's voicemail.  Thank you Microsoft! This is a fantastic option for afterhours people.

PS C:\> Get-CsWebServicesConfiguration



MakeHtmlLyncWebAppPrimaryMeetingClient: When set to True, the Join Launcher will automatically start the Lync Web Access whenever a user joins an online meeting.

AutoLaunchLyncWebAccess: When set to True Lync Web App will automatically be used as the default Web popup for joining an online conference, provided that the prerequisites for using Lync Web Access (for example, Silverlight has been installed, and Internet Explorer is not blocking pop-up windows) have been met.

ShowAlternateJoinOptionsExpanded: When set to True then alternate options for joining an online conference (such as Office Communicator 2007 R2) will automatically be expanded and shown to users. When set to False (the default value) these options will be available, but the user will have to display the list of options for themselves.

UseWsFedPassiveAuth: When set to True, allows for passive authentication: authentication of users by using URL redirection or smart linking.

I would like to also mention the new line of XMPP commands now available.

CsXmppAllowedPartner and CsXmppGatewayConfiguration




ConnectionLimit: Total number of simultaneous connections allowed for all XMPP partners

DialbackPassphrase: Password used when connecting to an XMPP partner over a TCP dial back connection. With TCP dial back, the partner contacts the XMPP gateway and then hangs up. The XMPP gateway calls the partner back, and the communication session can then begin.

EnableLoggingAllMessageBodies: When set to True, Lync Server 2013 Preview will log the actual content of all instant messages. For privacy reasons, message content is typically deleted and only information about the communicating endpoints is included in the log files.

KeepAliveInterval: Maximum amount of time (in seconds) that can elapse before the partner must send a "keep alive" message. (A keep alive message simply verifies that the connection is still active.) If the time interval expires before a keep alive message is received, the connection will be closed

PartnerConnectionLimit: Total number of simultaneous connections allowed for a single XMPP partner.


Well thats it for now, alot of new additions found going through the PowerShell commands. Alot of exciting features for me like the Mobility and and Voicemail Excape Timer.

If there is anything I am missing let me know and I will be glad to add/modify.

Thanks for reading.. and happy Lyncing!

Tuesday 17 July 2012

Lync Server 2013 Preview Step-by-Step Guide Part 2

In part one which can be found here, I mentioned all the prerequisites for Lync Server 2013 Preview including Windows Identity Foundation. In Part 2 we will go through creating DNS Records, publishing the Topology and getting the client working with IM and the meet/dialin URLS published.

Before I continue with creating my new Topology, I need to configure my DNS!

My DNS will look like this

A Records
meet/dialin.myprotech.net - 192.168.100.21
lyncme.myprotech.net - 192.168.100.21
lyncme.protech.local - 192.168.100.21
lyncdiscoverinternal.myprotech.net - 192.168.100.21

SRV Record
_sipinternaltls._tcp.myprotech.net -> lyncme.protech.local
After selecting New Topology enter your Primary SIP Domain. This will be the domain used for all your Lync clients. I try and always use their email domain.


On the next screen is where you can add additional SIP domains, but since this is a lab environment I will be sticking with 1 SIP domain.
Enter your Site Name details

Next is to specify your site details. City, State/Provice and Country/Region Code.

And then click finish to Open the New Front End Wizard.
For my Front-End Pool I will only be creating a Standard Edition Pool. And need to enter my FQDN of that server.

On the next screen you will have the options of selecting the features of your front-end pool. In this guide I will be configuring Conferencing, Enterprise Voice.
***NOTE*** A new feature to Lync Server 2013 Preview and the ability to enable Exchange Server intergration into the Archiving feature.


I am going to Collocate my Mediation Server on the Standard Edition Pool


The next screen is asking to associate an Edge pool. For now I won’t be adding an Edge to this Topology. But in another guide I will be adding an Edge to configure external user access, Federation and Voicemail to Office 365. So for now I will leave this screen unchecked and continue.
For a Standard Edition we do not specify a SQL Server store, it is installed automatically which you will see later on in this guide. So we simply click Next.

The next window is asking us to define a new file share. On a Standard Edition the share can reside on the Standard Edition Server. On an Enterprise Edition Pool the Share cannot be on any of the front end servers.
So I create a new folder and share it out with the name "share" and give full access to the Everyone Group, as the Lync install will configure the correct permissions afterwards.


Next we will override the External Web Services Base URL as this is something that will be required for meet/dialin/lync mobility from the external network.


Next screen will allow you to select your web apps server. if you don’t know what a web app server is or how to deploy one I will be writing an article on it, but for the time you can read the details from Microsoft here.
Specify your web app server and click Finish.



You will now be taken out of the wizard and into your Topology. For Lync Pro's this is something you have noticed before but now with a twist. You can now see your existing Lync 2010 and 2013 Topology's. Also any shared Components like SQL stores and PSTN gateways.




Now we can go ahead and publish our Topology.




the next window will ask to select the Central Management Store, since this is a Standard Edition Deployment we will just click Next.


Confirm your Topology published successfully and click Finish

Now we can close the Topology Builder and re-open the Deployment Wizard so we can Install the Lync Server System. Once the Deployment Wizard is open, click "Install or Update Lync Server System"



Click "Run" on Step 1 "Install Local Configuration Store"
The next window we will leave the default "Retrieve directly from the Central Management store" and click Next



Let the wizard install the Lync Server Components. And click Finish after confirming the install was successful.


Next step is Request, Install Certificate Wizard. Click "Run".

As you can see from the screen shot above the Certificate Wizard looks a little different from Lync Server 2010 Certificate Wizard. Now we have an option/certificate for OAuthTokenIssuer. OAuth (Open Authorization) is protocol for server-to-server authentication and authorization. If you would like to know more about OAuth you can read it here. I'm just not going to go into to much detail in this post.

For simplicity sake I’m going to request my 3 certificates from my internal Certificate Authority. In real world you would purchase a 3rd party certificate for your web services external.




Enter in all your information, Company, City, Region etc... You will get to the SAN Names list which since I’m bundling all my certificates into 1 has my mobility (lyncdiscover), my dialin/meet urls etc...

Finish the request, click Next and Assign the certificate to Lync

Then request your OAuth Certificate, which is the same process. But notice it only uses the SIP domain for the Common Name (CN).



Once you have requested and assigned all your certificates you will be taken back to the Certificate Wizard. Notice the "Location Field. The Default Certificates say Local, the OAuth Certificate says Global. the OAuth certificate when it was published to Lync was also published to the CMS... I’ll go into the OAuth in another post.



Start your Services



And confirm all your services have started. Front-End Service will take the longest.




At this point I open Internet Explorer to launch the control panel. https://servername/cscp



First look at the control panel looks very similar to Lync Server 2010 Control Panel. First I noticed the Persistent Chat menu on the left. But none configured..... yet!
I always check my topology to confirm started services and replication. Noticed right away we have a version column. I would assume at this point this will also show Lync Server 2010 for those servers.... an obvious assumption.



So let’s create a user and get them signed into Lync!

Adding a user just like in Lync 2010 is straight forward. But again with some added function. You know have the ability to sign additional policies to your users. These policies being Mobility and Persistent Chat.



So now I have my user, let’s fire up Lync Server 2013 Client that was installed with Office 2013 ProPlus. If you would like to download the ProPlus version of Office 2013 Preview that comes with the new Lync client, you can get started here.



And there we have it, logged into Lync 2013 Client on Lync Server 2013 Preview. And below is the dial in and meet url screen shots.




The process is much similar to Lync Server 2010 with some add-ons. Prerequisites of PowerShell 3.0 and .NET 4.5 for Server 2008 R2 SP1 installations. the Topology builder got a nice upgrade, being able to see both 2010 and 2013 topology's from the same window is excellent. OAuth for server-to-server authentication, which will be something I talk about in the upcoming weeks/months. The Control Panel also has some new features like, creating Mobility and Push policies, XMPP Federated Partner feature and Persistent Chat.

One addon I would like to mention is the Conferencing Meeting Configuration. Now you can configure your logo, header and footer of your meet.domain page from the control panel.




Thank you for reading, I hope this was informative on both the configuration and new features of Lync and Lync Server 2013 Preview. Next I will be diving into specifics of Lync 2013 Preview features.




Monday 16 July 2012

Lync Server 2013 Preview Step-by-Step Guide Part 1

As promised here is Part 1 of my Lync Server 2013 Preview guide.

Part 2 can be found here

I will be posting a lot of screen shots of the installation. Remember Microsoft
didn’t reimagine Lync 2013 from 2010 like they did with OCS, so a lot of the
process will be the same. When I get to new/improved features I will highlight
them throughout the guide. I will be implementing the Mobility and Chat features.


As I mentioned in my last post Lync Server 2013 Preview will run only on Server
2008 R2 SP1 or Server 2012. For this guide I will be using Server 2012.
Before we begin, some Lync Server prerequisites are needed just like in Lync Server 2010. Open PowerShell and type,

For Server 2012:
PS C:\> Import-Module ServerManager
PS C:\> Add-WindowsFeature Web-Server, Web-Static-Content, Web-Default-Doc, Web-Scripting-Tools, Web-Windows-Auth, Web-Asp-Net, Web-Log-Libraries, Web-Http-Tracing, Web-Stat-Compression, Web-Default-Doc, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Errors, Web-Http-Logging, Web-Net-Ext, Web-Client-Auth, Web-Filtering, Web-Mgmt-Console, Web-Asp-Net45, Web-Net-Ext45, Web-Dyn-Compression, Web-Mgmt-Console, Desktop-Experience

For Server 2008 R2 SP1:
PS C:\> Import-Module ServerManager
PS C:\> Add-WindowsFeature Web-Server, Web-Static-Content, Web-Default-Doc, Web-Scripting-Tools, Web-Windows-Auth, Web-Asp-Net, Web-Log-Libraries, Web-Http-Tracing, Web-Stat-Compression, Web-Default-Doc, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Errors, Web-Http-Logging, Web-Net-Ext, Web-Client-Auth, Web-Filtering, Web-Mgmt-Console, Web-Dyn-Compression, Web-Mgmt-Console, Desktop-Experience


Also make note of the Software Requirements article posted here including Windows Identity Foundation.
for Server 2008 R2 SP1 you can download it from here. for Server 2012 you can PowerShell the install by running
PS C:\> Add-WindowsFeature Windows-Identity-Foundation

For Server 2008 R2 SP1, Microsoft .NET Framework 4.5 RC needs to be installed. You can download it from here. And PowerShell 3.0 can be downloaded from here.

Download and extract the Lync 2013 Preview bits from here and Launch setup.exe you will be
prompted to install Microsoft Visual C++ 11 Beta Redistributable. If your
installing Lync Server 2013 Preview on Server 2008 R2 SP1 you will also need to
install .NET 4.5 which comes in the Preview download.


Once .NET 4.5 and Visual C++ 11 is installed, you will be prompted to install
the Lync Core Components. Also PowerShell 3.0 and Windows Installer 4.5 are
required on Server 2008 R2 SP1.




Continue on to the Deployment Wizard we are all so custom to seeing from Lync Server 2010.

at this point I always like to install the Lync Administrative tools, as they need to be installed anyways and its a 3 second installation.


Then I will be preparing Active Directory into my new test environment. This environment has no existing Lync Server topology.



Run the "Prepare Schema"


After Success, confirm Active Directory Replication. Open ADSI Edit -> Action menu, click Connect to. In the Connection Settings dialog box select Schema. Under the schema container, search for CN=ms-RTC-SIP-SchemaVersion. For Lync Server 2010 the rangeUpper was 1100 but Lync Server 2013 Preview is 1150. And the rangeLower attribute is 3, with Lync 2010 it was 14.


Continue on to "Prepare Current Forrest"


To confirm Forest Replication open Active Directory Users and Computers (on a domain controller), click the Users container and look for CsAdministrators. If the group is present replication was successful.

Next prepare the Current Domain, click next to confirm replication run the Lync Server 2013 Preview Management PowerShell and type
Get-CsAdDomain -Domain domainname.local - GlobalSettingsDomainController dc.domainname.local. and confirm LC_DOMAIN_SETTINGS_STATE_READY output.



Before continuing with the installation, I needed to add my user to the CsAdministrators group and log off and back on for the new added group permissions to take effect.

After logging back in as the same user you added to the CsAdministrators group re-launch the Deployment Wizard, and "Prepare first Standard Edition Server" (As in this guide I will only be deploying a Standard Edition environment). Click next and wait for the Bootstrap and SQL Installation.



*NOTE The setup creates the firewall rule exception for the SQL Browser.
Once that has completed successfully now its time to open our Topology Builder. This is where the differences between Lync 2010 and 2013 will start to show. Creating a New Topology.



I want to take a minute away from this guide to show one of the first "update" additions to Lync 2013 Preview, the Topology Builder.

When upgrading from OCS to Lync 2010 you would need to select to migrate from a OCS 2007/R2 Deployment. Now with the new Lync 2013 Preview Topology Builder, it shows both topologies any existing Lync 2010 and the new Lync 2013. I would find this most helpful migrating people from Lync 2010 to 2013. To be able to compare your 2 environments from one easy to read screen. Below is a showing of our corporate topology hence why I cut the fqdn names out. :)


When Lync 2013 goes GA and I have the chance to do a migration I will post an article with this more in detail.

This is Part 1 of my Lync Server 2013 Preview Guide. Part 2 we will build the Topology, Publish and get Lync 2013 Preview ready with IM and meet/dialin URL configured.