Category Archives: Server

Extending existing Kerberos authentication to a new Lync Server 2013 deployment

Leave a reply

Recently I was deploying Lync Server 2013 into an existing Lync Server 2010 environment that had Kerberos authentication configured for web services. Based on TechNet documentation, I was under the impression the new servers would take up the Kerberos account assignment automatically, but I was wrong.

We found that Lync 2013 failed to sign into the Lync Server 2013 pool. When we checked Fiddler, we were getting back an Unauthorised response from the Lync Server 2013 pool.

Synchronise the Kerberos Authentication Account to Lync Server 2013

After a deeper dig into TechNet (specifically the article Synchronize a Kerberos Authentication Account Password to IIS), I found that I needed to synchronise the existing Kerberos account from a Lync Server 2010 server to the new Lync Server 2013 Front End servers.

To do this, I ran this cmdlet to synchronise the Kerberos account from the 2010 pool to the 2013 server:

Set-CsKerberosAccountPassword -FromComputer 2010pool.contoso.com -ToComputer 2013fe1.contoso.com

I repeated this for each Lync Server 2013 Front End server just to cover all the bases.

Validation

Finally, I validated that the 2013 servers had the Kerberos account synchronised to them using the Test-CsKerberosAccountAssignment cmdlet from the TechNet article Test and Report Functional Readiness for Kerberos Authentication.

To do this, I ran the following cmdlet to generate a report that showed me that the 2013 servers had the account synchronised to them:

Test-CsKerberosAccountAssignment -Identity “site:UK” -Report “c:\logs\KerberosReport.htm” -Verbose

Once the report was generated, I opened it up to check that the new Lync Server 2013 Front End servers were listed and were marked as Successful.

When this process was completed, Lync 2013 successfully signed into the new Lync Server 2013 pool.

Lync 2013 Monitoring Reports Fail to Load with “Query execution failed for dataset” Error

1 Reply

I was deploying Lync Server 2013 Monitoring Reports last week in a 2x Standard Edition deployment (pool paired – my architecture of choice for organisations under 2000 users) with a single SQL 2012 backend server. I deployed the reports like normal, went to access the URL and got this:

report server 1

I was thinking “this doesn’t usually happen, I am perplexed. Monitoring reports are usually bulletproof!”.

The error read (for those that enter it into Google/Bing when this happens to them):

An error has occurred during report processing. (rsProcessingAborted)
Query execution failed for dataset ‘CDR_SyncTimeZone’. (rsErrorExecutingCommand)
The EXECUTE permission was denied on the object ‘RtcSyncTimeZoneInfo’, database ‘LcsCDR’, schema ‘dbo’. Continue reading

A Quick Guide to Server Draining in Lync Server 2010

2 Replies

Server draining was a new feature introduced in Lync Server 2010 that allows administrators to gracefully take a server offline for maintenance. What this means is that it ensures that existing client connections to/through the server are allowed to continue, but all new connections are refused. Once the server is completely “drained” of connections, the services are stopped and the administrator can then patch, restart or reconfigure the server without impacting users. Continue reading

Adding an A/V Conferencing Pool to an existing Lync Server 2010 Front End Pool

1 Reply

Imagine you’ve deployed your Lync Front End pool already, but now you’ve decided you want to add some extra dedicated MCU capacity by adding an A/V Conferencing Pool. Given that the A/V Conferencing Server role runs on each Front End server, how do we ensure this gets removed and that the pool starts using the new A/V Conferencing pool when users schedule new audio or video conferences?

This is a pretty straightforward process involving defining the pool in Topology Builder and then running Deployment Wizard on your new A/V Conferencing servers and existing Front End servers.

Defining the A/V Conferencing Pool in Topology Builder

Firstly, you need to define the new A/V Conferencing Pool in your Lync topology. Instructions are available here on TechNet on how to do this. Once you’ve defined the pool, you’ll need to republish the topology using the instructions here.

Installing the A/V Conferencing Servers

Next, you need to log onto each A/V Conferencing Server and go through the usual Lync Server deployment process of installing a replica of the CMS, adding the Lync Server components and assigning certificates. On completion, make sure you start all the Lync services so each server becomes active in the topology.

Updating your Front End servers

Now comes the part that isn’t clearly documented – making sure the MCU components get moved to the A/V Conferencing servers properly.

Firstly, log onto each Front End server and run the Deployment Wizard. Click on Install or Update Lync Server System.

Next, run Step 2: Setup or Remove Lync Server Components (commonly known as bootstrapper).

When the Setup Lync Server components dialog appears, click Next.

Once Bootstrapper starts running through its commands, you’ll see it run the step Removing OcsMcu.msi (AVMCU) which is it removing the A/V Conferencing Server role from the Front End server. This is because the new A/V Conferencing pool is defined in the Lync topology.

Once Setup is completed, click Finish.

We can see now that Step 2 is marked as complete and we can open the Services snap-in from the bottom to see evidence that AV MCU has been successfully removed.

Et voila! No more Lync Server Audio/Video Conferencing Server on your Front End server!

Conclusion

Hope this helps you understand this process a bit more and how to add this topology component to your Lync Server 2010 environment. I wouldn’t recommend doing this during business hours as it could take down active audio/video conferences on your Front End servers.

Lync Server 2010 will not be supported on SQL Server 2012

Leave a reply

News just in from the frontline regarding SQL Server 2012 and Lync Server 2010.

A blog post has been published by Damien Caro (an Microsoft IT Pro evangelist based in Paris) on his TechNet blog dispelling rumours and uncertainty around whether Lync Server 2010 will work with the newly RTM’d SQL Server 2012 (previously code named Denali).

Damien writes:

“There are some excellent reasons for willing to use SQL 2012 with Microsoft Lync like the support of the new availability model (Always On). However, Lync 2010 is using a feature called DMO (Distributed Management Objects) that was introduced in SQL 7.0 (a long time ago !).

SQL 2012 does not support this feature anymore as it is indicated in this article : http://msdn.microsoft.com/en-us/library/ms131540.aspx so SQL 2012 will not be a supported platform for Lync 2010 as it is now.”

You can read the full post over here on his blog and hear it from the horse’s mouth.

Lync databases can be deployed on instances from SQL Server 2005 SP3 up to SQL Server 2008 R2 today. This new information means you’ll need to seriously think carefully about your new SQL environments and new/existing deployments of Lync Server 2010.

Credit to fellow Modality consultant Tom Arbuthnot for finding this one.

Cumulative Update 5 (CU5) for Lync Server 2010 Released

1 Reply

CU5 for Lync Server 2010 has arrived! This update fixes the “no video in RCC” behaviour (whereby an RCC cannot make a video call at all), as verified by Jamie Stark here on twitter.

Here are the download links:

  • Updates for Server. You just need the LyncServerUpdateInstaller.exe to update each server. Download here and view the corresponding KB article explaining what’s fixed.
  • Update for Client (64-bit) download here.
  • Update for Client (32-bit) download here.
  • Update for Group Chat Client download here.

Happy patching!

RCC gets video

Update – Fri 02 Mar 8:30am GMT

I wanted to touch on this a bit more in light of Jamie Stark’s post on NextHop overnight. Some important caveats are raised and I want to highlight a few here:

“For RCC-enabled users to make peer-to-peer video calls and join video conference calls, they need a webcam and a headset, handset, or speakerphone for their workstation or laptop.”

“The update does not support the scenario known as Split AV, where audio is delivered through the desk phone and video comes through the Lync client. The Split AV scenario provides an inconsistent and oftentimes suboptimal end-user experience, because the audio and video use different network paths and frequently lose sync. This means when a user starts an audio call using a PBX phone, they cannot add video to that call. If a call is started using the Lync client as the audio endpoint, it can be escalated to include video.”

“The February 2012 update is all client-side with Lync 2010.”

So if you run RCC today, you’re getting video back. Happy days!

Support for Large Meetings (up to 1000!) on Microsoft Lync Server 2010

Leave a reply

A quick one to let you know that Microsoft have just released a document with advice on how to configure your Lync Server 2010 environment to support large meetings.

Previously the hard limit was always 250 participants per meeting. That was increased not too long ago to 1000, but there was no guidance regarding how you could plan or scale your environment for this, until now.

The catch is, you need a dedicated Front End pool for the meeting, and only one meeting can occur at a time. No users, no other services on it at all. I can see the reasoning behind this to achieve the best user experience but personally, I’d probably be sticking to the Live Meeting service if I needed to host meetings of this size.

When it comes to what can be presented in the meeting, we’re talking about most functionality. PowerPoint, application sharing, audio and video. No mention of application/desktop sharing though, so it sounds like that’d hit your resources hard in a huge conference like this.

The document also includes some interesting stats Microsoft found around how conferences are used on Lync. To find out more, download the document here from the Download Center.

Configuring Site Level Simple URLs in Lync Server 2010

21 Replies

Last month I deployed a new Lync 2010 environment with many regions/ pools globally coupled with multiple SIP domains of which we had to design a Meeting Join solution with simple URLs to accomodate the geographically dispersed nature. Let me set the scene.

The Problem

If we just had say, https://meet.contoso.com as our global meeting join URL (defined in the Lync Topology Builder) and pointed this to say, the EMEA Lync Front End pool, it would mean all users worldwide would be hitting that pool when they click the link in Outlook to join the meeting. Not ideal and not scalable.

The Solution

To ensure only EMEA users connect to the EMEA pool (and not the APAC users as well, for example), we need to create site level simple URLs to ensure users only connect to the pool in their region and that these URLs take precedence over the default global level simple URLs.

For this scenario, I selected Simple URL Naming Option 2 from the Planning for Simple URLs article on TechNet, which gives me a bit of flexibility and means my simple URLs for EMEA for this scenario look like this:

https://lyncemea.contoso.com/meet
 https://lyncemea.fabrikam.com/meet
 https://lyncemea.contoso.com/dialin

and my APAC URLs for example, would look like this:

https://lyncapac.contoso.com/meet
 https://lyncapac.fabrikam.com/meet
 https://lyncapac.contoso.com/dialin

and so on per global region. Note that you can only have one dialin simple URL per site – you can’t have a different dialin simple URL for each SIP domain.

For this article, I’ll only be covering the meet and dialin URLs, not the admin URL for LSCP access.

Creating a new Simple URL Configuration

First we need to create a new simple URL configuration that we will end up applying new simple URLs to.

  1. The first command we need to run is Get-CsSite. This cmdlet retrieves the list of Lync sites in the topology.
  2. After we’ve identified the site name (EMEA), we run the New-CsSimpleUrlConfiguration cmdlet against the site e.g.
    New-CsSimpleUrlConfiguration -Identity site:EMEA

Creating new Simple URLs

After we’ve created the new Simple URL configuration, we need to first create simple URL entries bound to a variable in our current PowerShell session and then simple URLs bound to a different variable.

Simple URL Entries

We run the following cmdlets to create a new simple URL entry for each URL required and then bind it to the variable specified at the start of the cmdlet.

$urlEntryContosoMeet = New-CsSimpleUrlEntry -url “https://lyncemea.contoso.com/meet

$urlEntryFabrikamMeet = New-CsSimpleUrlEntry -url “https://lyncemea.fabrikam.com/meet

$urlEntryAllDialIn = New-CsSimpleUrlEntry -url “https://lyncemea.contoso.com/dialin

Simple URLs

Next, we need to actually create the new simple URL in Lync, set which component (meet or dialin) it will apply to, which SIP domain it’s set for, which simple URL entry it will use and then (phew!) bind it to the variable we specify at the start of the cmdlet. Run each cmdlet per simple URL you need to create:

$simpleURLContosoMeet = New-CsSimpleUrl -Component meet -Domain contoso.com -ActiveUrl https://lyncemea.contoso.com/meet -simpleurl $urlEntryContosoMeet

$simpleURLFabrikamMeet = New-CsSimpleUrl -Component meet -Domain fabrikam.com –ActiveUrl https://lyncemea.fabrikam.com/meet -simpleurl $urlEntryFabrikamMeet

$simpleURLAllDialIn = New-CsSimpleUrl -Component dialin -Domain * -ActiveUrl https://lyncemea.contoso.com/dialin -simpleurl $urlEntryAllDialIn

Bringing it all together

So now we have a bunch of variables floating around in our current PowerShell session, we need to apply them to something. To make it real, we need to add the variables of all our simple URLs from the previous step to the new site level simple URL configuration we created earlier by running this cmdlet:

Set-CsSimpleUrlConfiguration -Identity “site:EMEA” -SimpleUrl @{Add=$simpleURLContosoMeet,$simpleURLFabrikamMeet,$simpleURLAllDialIn}

Once that’s applied successfully, we need to run Enable-CsComputer to apply the configuration to IIS on the Front End server/s in the pool.

To review the changes committed, run the cmdlet Get-CsSimpleUrlConfiguration to retrieve the Global Simple URL configuration and the new Site level Simple URL configuration, each with the individual URLs we created.

Last Words

Make sure you take note of the difference between a Simple URL entry and a Simple URL, as they are different things in Lync Server Management Shell that are brought together to create a configuration.

To reiterate, note that you can only have one dialin simple URL per site – you can’t have a different dialin simple URL for each SIP domain.

Hope this makes it (a bit) clear on how to setup site specific simple URLs in Lync. As Lync grows in maturity and market share, we will see larger, more widespread organisations adopting it which means you’ll need to know how to get this kind of configuration going. 🙂

Lync Server 2010 Group Chat now supported on SQL Server 2008 R2

Leave a reply

Just a quick one to spread the word that Lync Server 2010 Group Chat is now supported by Microsoft on SQL Server 2008 R2. Official word is on NextHop over here.

This is great news after the original announcement in April that SQL Server 2008 R2 was supported for all what I call “first class” Lync Server database requirements e.g. Front End pool, Archiving, Monitoring databases.

To extrapolate from this, here is what it means for everyone using or planning to use Lync Server 2010 Group Chat:

  • No longer are two different versions of SQL Server required to be deployed (e.g. 2008 and 2008 R2) in your environment to be in a Microsoft supported scenario.
  • Those organisations planning Lync Server deployments today that include Group Chat can design their deployments on a consistent SQL Server 2008 R2 platform and be safe in the fact that they will be supported by Microsoft in production.

Time to go plan your SQL consolidation projects. 🙂