[TABLE OF CONTENTS] YouTube

LYNC BASIC INFO

LYNCLESSONS LEARNED

PREPARING FOR AD EXCHANGE LYNC

CONFIGURING AD ON VSERV1

ADDING EXCHANGE UNIFIED MESSAGING ROLE VSERV2

INSTALL EXCHANGE FROM SCRATCH ON VSERV2 STAGE 1

INSTALL EXCHANGE FROM SCRATCH ON VSERV2 STAGE 2

INSTALL EXCHANGE FROM SCRATCH ON VSERV2 STAGE 3

INSTALL EXCHANGE FROM SCRATCH ON VSERV2 STAGE 4

INSTALL EXCHANGE FROM SCRATCH ON VSERV2 STAGE 5

INSTALL EXCHANGE FROM SCRATCH ON VSERV2 STAGE 6

CONFIGURING LYNC FRONT END ON VSERV3 STAGE 1

CONFIGURING LYNC FRONT END ON VSERV3 STAGE 2

CONFIGURING LYNC FRONT END ON VSERV3 STAGE 3

CONFIGURING LYNC FRONT END ON VSERV3 STAGE4

CONFIGURING LYNC FRONT END ON VSERV3 STAGE 5

CONFIGURING LYNC FRONT END ON VSERV3 STAGE 6

CONFIGURING LYNC FRONT END ON VSERV3 STAGE 6B

CONFIGURING LYNC FRONT END ON VSERV3 STAGE 7

CONFIGURING LYNC FRONT END ON VSERV3 STAGE 8

CONFIGURING LYNC FRONT END ON VSERV3 STAGE 9

CONFIGURING LYNC ACCESS EDGE ON VSERV4 STAGE 1

CONFIGURING LYNC ACCESS EDGE ON VSERV4 STAGE 2

CONFIGURING LYNC ACCESS EDGE ON VSERV4 STAGE 3

CONFIGURING LYNC ACCESS EDGE ON VSERV4 STAGE 3B

CONFIGURING LYNC ACCESS EDGE ON VSERV4 STAGE 4

CONFIGURING LYNC ACCESS EDGE ON VSERV4 STAGE 5

CONFIGURING LYNC ACCESS EDGE ON VSERV4 STAGE 6

CONFIGURING LYNC ACCESS EDGE ON VSERV4 STAGE 7

CONFIGURING LYNC MOBILE

LOCKING DOWN THE ENVIRONMENT

CUSTOM PROGRAMMING

 

[LYNC BASIC INFO] YouTube

·         In the most basic setup, which only supports users and phones locally connected to the server, Lync needs two servers an Active Directory server plus a Lync Front End Server

·         In order to support users and phones that aren't locally connected to the server (i.e. over the Internet), at least three servers are necessary: Active Directory, Front End Server and Access Edge Server

·         Two most common PSTN/Telephone connection options are SIP Trunks and IP Gateway devices.  These devices allow for Lync users to make and receive calls to regular phone numbers.

o   SIP trunks allow for PSTN access by configuring Lync to pass all inbound and outbound phone calls over the internet without any telephony equipment.  They usually take 7 to 14 days to be ordered/provisioned.  There are many vendors listed on the Microsoft website.

o   As an alternative to SIP trunks, IP Gateway devices allow for Lync calls to be connected through an on-premise piece of hardware.  They generally have a network cable port and a phone cable port on them.  The network cable leads to the Lync server network and the phone cable plugs in to an existing phone line

o   SIP trunks are the most flexible option because they don't have a limit on the number of ports available, which IP Gateway devices have.

·         Phone numbers are called DIDs

·         Lync doesn't have voicemail on its own.  Exchange Unified Messaging does, and the two are designed to work together.

·         Microsoft Exchange Subscriber Access is a voicemail feature that allows Exchange/Lync users to check their voicemail messages

·         Microsoft Exchange AutoAttendant is a feature that answers calls and allows callers to speak or type an extension that they would like to be connected to

·         As of November 2011, Office 365 with Lync Online doesn't offer Enterprise Voice capabilities

 

[LYNC LESSONS LEARNED] YouTube

·         In the Lync Topology Builder, use the internal FQDN referencing an internal IP for each server.  Don't use external IPs or external FQDN

·         Lync Front End can't coexist with Exchange or AD

·         Lync Edge can't coexist with Exchange or AD

·         Sharepoint 2010 and Exchange 2010 should not be installed on the same virtual guest server

·         SSL Notes

o   Godaddy SSL doesn't do trials or refunds but are low cost

o   Comodo SSL works but does organization validation, which is more time consuming

o   Comodo SSL does trials certs but not for UCC

o   Verisign does UCC refunds but the upfront charge is much higher than Comodo and Godaddy

·         Active Directory users that are in admin groups like "Domain Admins" cannot be added to Lync via the Control Panel and a cmdlet must be run (that cmdlet is in the video about adding users)

·         The Lync Control Panel won't work locally because of IPV6 if you limit the IP so specify "Use all configured IP addresses" (that setting is specified in the install video)

·         Requirements

o   4 Windows Licenses minimum (can be Windows Enterprise leveraging 4 virtual)

§  Active Directory (AD) machine

§  Exchange Server machine

§  Lync Front End

§  Lync Access Edge

o   Internal DNS Server (can be on the AD machine)

o   External DNS Server (can be on the AD machine if exposed to the Internet or hosted elsewhere)

·         UCC certificate of Lync needs to have a common name of the federation SIP url in order for AOL federation to work

·         To IM with AOL, use the screenname + @aol.com (even for AIM users).  If an AIM user has a customer address like firstname.lastname@something.com they are reached in Lync via firstname.lastname(something.com)@aol.com

·         At least 4 static IPs is necessary (Exchange, Lync Web, Lync SIP, Lync Intelepeer)

·         Local certification authority is necessary.

·         There is a Lync test website that checks all your settings at http://www.testocsconnectivity.com/

o   The SRV record _sipinternaltls._tcp seems to cause the auto discovery to fail

·         You can use NSLOOKUP via a command line to test SRV records

o   nslookup -q=srv _sip._tls.macroconnect.co

·         Reverse Proxy role can't be on Edge server because of IP and port conflicts.  Reverse Proxy role can be skipped by creating router/firewall rules that direct Internet users to the front end server

·         The Eventvwr in Windows is the best place to problem solve Lync.  Go to Applications and Services Logs -> Lync Server

·         The Lync Client log is at %USERPROFILE%\Tracing\Communicator-uccapi-0.uccapilog

·         The Lync Phone Edition log gets sent to C:\Lync\1-WebServices-1\DeviceUpdateLogs\Client\CELog

·         If you have trouble logging in to the Lync Client, close Lync and delete everything under %LOCALAPPDATA%\Microsoft\Office\15.0\Lync and %APPDATA%\Microsoft\Office\15.0\Lync (Lync 2013 Client) or %LOCALAPPDATA%\Microsoft\Communicator\ (Lync 2010 Client - Windows 7+) or %USERPROFILE%\Local Settings\Application Data\Microsoft\Communicator\ (Lync 2010 Client - Windows XP)

·         Lync Location information can be auto populated via set-cslislocation information.  HOWEVER, it only works with people that are located on the same LAN/WAN as a Lync server

·         Powershell can be used to restart all Lync services via

o   Get-Service | Where-Object { $_.DisplayName -match "^Lync Server*" } | Restart-Service

·         Vista machines have trouble connecting using the Lync Client without a Local Policy change : Local Security Policy -> Local Policies -> Security Options -> Network Security: Minimum....RPC) clients -> Require 128

·         Polycom CX500 is not easy to configure for external user access.  The CX600 and CX700 are both very easy to configure for external access.

 

[PREPARING FOR AD, EXCHANGE, LYNC] YouTube

·         Create d:\download

·         Download or acquire media for Windows Server 2008 R2 Enterprise with SP1

·         Download or acquire media for Exchange Server 2010 with SP1

·         Download or acquire media for Lync Server 2010

·         Download of acquire media for Lync 2010

·         Configure Hyper-V

o   Virtual Hard Disks : D:\Hyper-V\Virtual Hard Disks

o   Virtual Machines : D:\Hyper-V\

o   Virtual Network with one card dedicated to host server and one card dedicated to all the virtual servers with "Allow management operating system..." unchecked

o   Automatic Start Action : Startup delay of 60, 600, 660, 720

o   Automatic Stop Action : Set shutdown

·         Install Windows 4 times for AD (VSERV1 2GB), Exchange (VSERV2 4GB), Lync Front End (VSERV3 4GB), Lync Edge (VSERV4 4GB)

o   IP 10.0.1.201, 202, 203, 204

o   Windows Updates (including Framework 4.0)

o   UAC Off

o   Firewall Off

o   Internet Explorer ESC Off

o   Set clock

o   Set name of server in Windows

·         Take a Hyper-V snapshot (if you want to be able to roll back)

·         Sign up for Intelepeer SIP trunk (takes up to 14 days)

o   Order at least 5 DIDs: Exchange AutoAttendant (6504256807), Exchange Subscriber Access(6504256808), Lync Conference Calling (6504256809), Lync Hunt Group (6504256810), shared number for all users (6504256811) or a DID for each user

o   Ask them to drop +1 from the phone number on the trunk

o   Ask them to enable NAT'ing

o   Use the Cloud Central portal to create the request.  Keep the default Trunk values except the following:

§  Make/Model: Lync 2010

§  Production Signaling IP: 173.162.52.172

§  Order Notes: I am using Lync 2010.  I have a Sonicwall TZ100 running with 1 to 1 NATs.  To make media work properly, please enable NAT'ing on your end.  My internal IP is 10.0.1.203.  I would like 5 test DIDs.  Lastly, I would like the +1 to be dropped from inbound calls so that my Lync Dialing Plan can handle normalization.

·         UCC certificate for Exchange (mail.macroconnect.co, autodiscover.macroconnect.co, etc)

·         UCC certificate of Lync (access.macroconnect.co, lync.macroconnect.co, webservice.macroconnect.co, sip.macroconnect.co, lyncdiscover.macroconnect.co)

 

[CONFIGURING AD ON VSERV1] YouTube

·         Server Manager -> Roles -> Add Role -> Active Directory Domain Services

·         DCPROMO

o   Create a new domain forest

o   macroconnect.local

o   Functional level = 2008 R2

o   DNS Server

·         Server Manager -> Roles -> Add Role -> Active Directory Certificate Services

o   Certification Authority + Web Enrollment

o   Enterprise

o   Root

o   New Private key

o   Defaults for the rest of the options

 

[ADDING EXCHANGE UNIFIED MESSAGING ROLE TO VSERV2]

·         Powershell from http://technet.microsoft.com/en-us/library/bb691354.aspx

o   Import-Module ServerManager

o   Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Desktop-Experience -Restart

o   Set-Service NetTcpPortSharing -StartupType Automatic

·         Filter Pack 2010

o   http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17062

·         Unified Communications Managed API 2.0

o   http://www.microsoft.com/download/en/details.aspx?id=4705

·         Microsoft Speech Platform - Server Runtime (Version 10.1)

o   http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24974

·         Exchange Updates

·         Add/Remove programs to modify Exchange to have the UM role

·         Exchange Updates

·         Buy 2 UCC certificates credits (one for Exchange and one for Lync)

·         SSL

o   EMC -> Server Configuration -> New Exchange Certificate

§  ExchangePrivate

§  UM -> Public certificate

§  Set VSERV2.MACROCONNECT.LOCAL as the common name

§  http://vserv1/certsrv -> Request certificate, Advanced, Submit a certificate request, Web server,

§  IE9 blocks the CER download so let it open (instead of save) and then "copy to file"

§  Assign UM to the new cert (which will usually fail)

§  EMC -> Server Configuration -> Unified Messaging -> Properties -> UM Settings -> TLS

§  Restart Microsoft Exchange Unified Messaging

§  Assign UM to the new cert

·         SSL

o   EMC -> Server Configuration -> New Exchange Certificate

§  ExchangePublic

§  OWA -> Check Internet and Intranet

§  Exchange ActiveSync -> defaults

§  Webservices -> mail.macroconnect.co

§  Webservices second area -> autodiscover.macroconnect.local,autodiscover.macroconnect.co

o   Intermediate via mmc

o   Complete Pending in EMC

o   Assign IIS to the new cert

 

[INSTALL EXCHANGE FROM SCRATCH ON VSERV2 - STAGE 1] YouTube

·         DNS to 10.0.1.201

·         Join domain

o   Server Manager -> Change System Properties : MACROCONNECT.LOCAL

·         Powershell from http://technet.microsoft.com/en-us/library/bb691354.aspx

o   Import-Module ServerManager

o   Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Desktop-Experience -Restart

o   Set-Service NetTcpPortSharing -StartupType Automatic

·         Filter Pack 2010

o   http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17062

·         Unified Communications Managed API 2.0

o   http://www.microsoft.com/download/en/details.aspx?id=4705

·         Microsoft Speech Platform - Server Runtime (Version 10.1)

o   http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24974

·         KB downloads (not necessary if Windows 2008 R2 SP1)

o   979099

§  http://support.microsoft.com/kb/979099

o   979744

o   http://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=27109

o   983440

o   https://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=29092

o   977020

o   http://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=27977

 

[INSTALL EXCHANGE FROM SCRATCH ON VSERV2 - STAGE 2] YouTube

·         Enable Microsoft Updates

·         Run Microsoft Updates to get any Exchange prereq updates

·         Exchange

o   Custom Install including checking Automatically Install roles and Features

o   Mailbox, Client Access, Hub, UM

o   Client Access mail.macroconnect.co

·         Run Microsoft Updates to get any Exchange updates

·         Reboot

 

[INSTALL EXCHANGE FROM SCRATCH ON VSERV2 - STAGE 3] YouTube

·         Buy 2 UCC certificates credits (one for Exchange and one for Lync)

·         SSL

o   EMC -> Server Configuration -> New Exchange Certificate

§  ExchangePrivate

§  UM -> Public certificate

§  Set VSERV2.MACROCONNECT.LOCAL as the common name

§  http://vserv1/certsrv -> Request certificate, Advanced, Submit a certificate request, Web server,

§  IE9 blocks the CER download so let it open (instead of save) and then "copy to file"

§  Assign UM to the new cert (which will usually fail)

§  EMC -> Server Configuration -> Unified Messaging -> Properties -> UM Settings -> TLS

§  Restart Microsoft Exchange Unified Messaging

§  Assign UM to the new cert

 

[INSTALL EXCHANGE FROM SCRATCH ON VSERV2 - STAGE 4] YouTube

·         SSL

o   EMC -> Server Configuration -> New Exchange Certificate

§  ExchangePublic

§  OWA -> Check Internet and Intranet

§  Exchange ActiveSync -> defaults

§  Webservices -> mail.macroconnect.co

§  Webservices second area -> autodiscover.macroconnect.local,autodiscover.macroconnect.co

o   Intermediate via mmc

o   Complete Pending in EMC

o   Assign IIS to the new cert

 

[INSTALL EXCHANGE FROM SCRATCH ON VSERV2 - STAGE 5] YouTube

·         EMC -> Organization Configuration -> Hub Transport -> Global Settings -> Transport Settings -> postmaster@macroconnect.co

·         EMC -> Organization Configuration -> Hub Transport -> Send Connector -> New Send Connector

o   "Send Connector", Custom

o   Address Space = *

o   Accept defaults for everything else

·         EMC -> Server Configuration -> Hub Transport -> Receive Connector -> Default VSERV2 -> Permission Groups = Check Anonymous

·         EMC -> Organization Configuration -> Hub Transport -> Accepted Domains -> New Accepted Domain -> "macroconnect.co" + "macroconnect.co"

o   Set macroconnect.co as the default accepted domain

·         EMC -> Organization Configuration -> Hub Transport -> Email Address Policy

o   Add new accepted domain and set it as the Set as Reply

·         Restart Microsoft Exchange Transport

·         https://10.0.1.202/owa

·         Test outbound flow

·         Configure DNS

o   MX record as mail.macroconnect.co

o   mail.macroconnect.co as 173.162.52.171

o   autodiscover.macroconnect.co as 173.162.52.171

o   v=spf1 mx -all

·         Create two NAT rules to Any port via the wizard for 10.0.1.202/173.162.52.171

·         https://mail.macroconnect.co/owa

·         Test inbound flow

·         EMC -> Server Configuration -> Client Access -> Enable Outlook Anywhere with mail.macroconnect.co

·         Test SSL via GoDaddy Tools

·         Delete temporary certificate files

·         Reboot

 

[INSTALL EXCHANGE FROM SCRATCH ON VSERV2 - STAGE 6] YouTube

·         EMC - Organization Configuration -> New Federated Trust -> Accept defaults of the wizard

·         Exchange Management Shell -> get-federateddomainproof -domainname macroconnect.co > c:\temp.txt

·         Copy c:\temp.txt "proof" line to DNS as TXT record

·         EMC - Organization Configuration -> Manage Federation Wizard

o   macroconnect.co

 

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 1] YouTube

·         DNS to 10.0.1.201

·         Disable IPv6

·         Join domain

o   Server Manager -> Change System Properties : MACROCONNECT.LOCAL

·         Install roles and features

o   Feature:3.5.1

o   Feature:Remote Server Administration Tools

o   Feature:Message Queuing

§  Message Queuing Server + Directory Service Integration

o   Restart server

o   Role:File Services

o   Role:IIS (add Role Services)

§  Static Content

§  Default Document

§  Directory Browsing

§  HTTP Errors

§  ASP.Net

§  .NET Extensibility

§  ISAPI Extensions

§  ISAPI Filters

§  HTTP Logging

§  Logging Tools            

§  Request Monitor

§  Tracing

§  Windows Authentication

§  Client Certificate Mapping

§  Request Filtering

§  Static Content Compression

§  IIS Management Console

§  IIS Management Scripts

·         Silverlight

o   http://www.microsoft.com/getsilverlight/get-started/install/default.aspx

·         Unified Communications Managed API 3.0

o   http://www.microsoft.com/download/en/confirmation.aspx?id=20958

·         Install Deployment Manager via the .iso

o   D:\Setup\amd64\setup.exe

 

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 2] YouTube

·         Prepare Active Directory (three steps)

·         Raise functional level (if necessary)

o   Active Directory Domains and Trusts -> Right Click at the very top level and Raise Domain Functional Level

o   Right click on the domain level and make sure it has been upgraded too

·         Add Administrator to CSAdministrator and RTCUniversalServerAdmins

·         Prepare first Standard Edition server (takes 10 minutes)

·         Create file share named "LyncShare" to c:\LyncShare

·         Setup DNS on SITE000VSERV005

o   lync.macroconnect.co to 173.162.52.172

o   webservice.macroconnect.co to 173.162.52.172

o   access.macroconnect.co to 173.162.52.173

o   lyncdiscover.macroconnect.co to webservice.macroconnect.co

o   _ntp

§  _udp, 123, pool.ntp.org

o   _sipinternaltls

§  _tcp, 5061, vserv3.macroconnect.local

o   _sipfederationtls

§  _tcp, 5061, access.macroconnect.co

o   _sip

§  _tls, 443, access.macroconnect.co

 

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 3] YouTube

·         Install the Topology Builder

·         Run Topology Builder / Import the published Planning Tool topology (including cleanup of errors)

o   New Topology

o   SIP = macroconnect.co

o   Site name = FirstSite

o   Front End FQDN = vserv3.macroconnect.local

o   Standard Edition

o   "Use all configured IP Addresses"

o   Features = Conferencing, PSTN, Enterprise Voice

o   Collocate Mediation Server

o   Associate server roles -> Enable an Edge pool

o   File share = "LyncShare"

o   External Base Url = webservice.macroconnect.co

o   PSTN Gateway = 68.68.120.62 / 5060 / TCP

o   New Edge Pool vserv4.macroconnect.co / Single Computer

§  Single IP

§  Federation

§  NAT

o   External FQDN access.macroconnet.co / 443, 4431, 4432

o   10.0.1.204 (primary IP on vserv4)

o   10.0.1.214 (secondary IP on vserv4)

o   173.162.52.173

§  The external IP matching the internal IP of the Access Edge server (access.macroconnect.co)

o   Edit properties

§  Setup urls of https://lync.macroconnect.co/admin /meet /dialin

§  Setup vserv3.macroconnect.local as Central Management Server

o   Publish Topology

 

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 4] YouTube

·         Run "Install or Update Lync Server System"

o   Install Local Configuration Store

o   Setup or Remove Lync Server Components

§  If you get an error with WMF2008R2, %systemroot%\system32\dism.exe /online /add-package /packagepath:%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum /ignorecheck

o   Request, Install, or Assign certificates

§  Create a certificate from VSERV1 via:

·         Request

·         Online authority->Next

·         VSERV1->Next

·         Friendly Name of LyncPrivate

·         Mark key as exportable

·         Macro Connect / IT / US / Michigan / Detroit

·         Check for Lync Server updates -> http://www.microsoft.com/download/en/details.aspx?id=11551

o   LyncServerUpdateInstaller.exe to test for all updates (Always current)

o   OR

o   Use either Microsoft Update (Delay about 1 month usually)

·         Run update cmdlet

·         Install-CsDatabase -Update -ConfiguredDatabases -SqlServerFqdn vserv3.macroconnect.local -UseDefaultSqlPaths

·         Start Services

·         Get-Service | Where-Object { $_.DisplayName -match "^Lync Server*" } | Restart-Service

 

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 5] YouTube

·         Enable users via LCP or CmdLet

·         enable-csuser -identity administrator -sipaddresstype emailaddress -registrarpool vserv3.macroconnect.local

·         set-csuser -identity administrator -enterprisevoiceenabled $true -lineuri "tel:+16504256811;ext=801"

·         Test lync client

o   administrator@macroconnect.co

o   macroconnect\administrator

 

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 6] YouTube

·         Create two NAT rules to Any port via the wizard for 10.0.1.203/173.162.52.172 and 10.0.1.214/173.162.52.173

·         Intelepeer First Stage

o   If not already configured from earlier step, Topology Builder -> Mediation Pool -> Added 68.68.120.62:5060 as a SIP Trunk

o   Topology Builder -> Mediation Pool -> Set mediation TCP to 5060

o   Control Panel -> Voice Routing -> Dial Plan

§  Region = "US"

§  Normalization (DirectToAutoAttendant)

·         If using ;ext=xxx for phone numbers or if inbound calls should ring to the attendant

o   This only works if Intelepeer drops "+1" from inbound calls (otherwise normalization rules don't run).  Intelepeer refers to this as 10 digit format instead of e.164 format

·         This can also be simulated via Route -> Suppress Callerid -> Alternate Callerid, but this option changes all outbound calls to have the same callerid

·         ^6504256811$

·         +16504256807

§  Normalization (PrefixAll)

·         \+?[\s()\-\./]*1?[\s()\-\./]*\(?\s*([2-9]\d\d)\s*\)?[\s()\-\./]*(\d\d\d)[\s()\-\./]*(\d\d\d\d)[\s]*

·         +1$1$2$3

·         INSTEAD OF

·         ^(\d{11})$

·         +$1

§  Normalization (ConvertToExtension)

·         ^(\d{3})$

·         +16504256811;ext=$1

o   Commit All

 

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 6B] YouTube

·         Intelepeer First Stage

o   Control Panel -> Voice Routing -> Voice Policy

§  Check CallPark

§  Select -> Associate all PSTN usages listed

o   Control Panel -> Voice Routing -> Route -> PstnGateway:68.68.120.62

o   Control Panel -> Voice Routing -> Route -> Associate all PSTN usages listed

o   Commit All

o   Control Panel -> Voice Routin -> Trunk Configuration -> Uncheck refer

§  http://technet.microsoft.com/en-us/library/gg398792.aspx

o   Commit All

o   If Lync 2013, run PowerShell script to address Intelepeer disconnect issues with calls on hold, Set-CsTrunkConfiguration -EnableSessionTimer $True -RTCPActiveCalls $false -RTCPCallsOnHold $false

o   Restart Lync Mediation service

 

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 7] YouTube

·         Voice Features-> Call Park : "Call Park" | 20 - 25

o   If test server is not high end, set Call Park service to be "Automatic Delayed Start"

·         Enable Conferencing

o   Conferencing -> Dialin Conferencing -> Dial-in Access Number

§  +16504256809

§  +16504256809

§  tel:+16504256809

§  sip:dialin@macroconnect.co

§  English

§  Associated Regions: US

·         Enable Response Group

o   Response Groups -> Group -> New

§  HuntGroup1 / Agent=Administrator

o   Response Groups -> Queue -> New

§  Queue1 / Group=HuntGroup1

o   Workflow -> Create Hunt Group

§  HuntGroup1@macroconnect.co / Hunt Group 1 / +16504256810 / +16504256810

§  Check Play a welcome message / Hunt Group 1

§  Queue1

·         Test phone call from outside phone to 6504256810 will be answered by the Response Group

·         Set client policy via http://207.46.16.252/en-us/library/gg398806.aspx and http://207.46.16.252/en-us/library/gg398300.aspx

·         set-csclientpolicy -enablecalllogautoarchiving $true -enableclientmusiconhold $true -enableexchangecontactsync $false -enableimautoarchiving $true

·         get-csclientpolicy

 

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 8] YouTube

·         Create link to Lync Control Panel from VSERV2

o   https://vserv3.macroconnect.local/cscp

o   Silverlight

·         Configure UM on VSERV2 via http://blog.schertz.name/2010/11/lync-and-exchange-um-integration/

o   If not already configured from earlier step, EMC -> Server Configuration -> UM : Security set to TLS

o   EMC -> Organization Configuration -> UM : "DefaultDialPlan" / 3 / "SIP URI" / "Secured" / 1

§  Make sure the plan name doesn't have spaces

o   Default Dial Plan

§  Create Subscriber access +16504256808

§  Dialing Restrictions->Allow calls to extensions

o   Create AutoAttendant access "AutoAttendant" +16504256807

§  Enabled

§  Speech enabled

o   Exchange Powershell (need to run this twice)

§  cd "C:\Program Files\Microsoft\Exchange Server\v14\Scripts"

§  .\ExchUCUtil.ps1

o   Restart-Service MsExchangeUM -Force

·         Configure UM on VSERV3

o   C:\Program Files\Common Files\Microsoft Lync Server 2010\Support\OcsUmUtil.exe

§  Make new OU called "Lync"

§  "SubscriberAccess" and "AutoAttendant"

o   Restart Lync Front End service and Lync Mediation

·         Configure Administrator as UM user on VSERV2

o   EMC -> Recipient Configuration -> Enabled UM -> administrator for UM x801

·         Test call to 6504256808

·         Test call to 6504256807 plus extension 801

 

[CONFIGURING LYNC FRONT END ON VSERV3 - STAGE 9] YouTube

·         Configure new user kevin.morin as UM user on VSERV2

o   EMC -> Recipient Configuration -> Create new user -> kevin.morin, Test123

o   LCP -> Users -> Create tel:+16504256811;ext=802, assign 802

o   EMC -> Recipient Configuration ->Enable UM with 802 extension

·         Test call to 6504256807 plus extension 802

 

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 1] YouTube

·         DNS to 10.0.1.201

·         Disable IPv6

·         IP to 10.0.1.204 and 10.0.1.214

·         Set DNS Suffix (NOT DOMAIN)

o   Server Manager -> Change System Properties : MACROCONNECT.LOCAL

·         Install roles and features

o   Feature:3.5.1

·         Install Deployment Manager via the .iso

o   D:\Setup\amd64\setup.exe

·         Set VSERV1 dns for VSERV4.MACROCONNECT.LOCAL to 10.0.1.204

 

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 2] YouTube

·         From VSERV3, Export-CsConfiguration -FileName c:\configuration.zip

·         Run "Install or Update Lync Server System"

o   Install Local Configuration Store

o   Setup or Remove Lync Server Components

§  If you get an error with WMF2008R2, %systemroot%\system32\dism.exe /online /add-package /packagepath:%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum /ignorecheck

o   MMC import from \\VSERV1.macroconnect.local\CertEnroll in to Trusted Certification Authorities

o   Request, Install, or Assign certificates

§  Create a certificate from VSERV1 via:

·         Request

·         Online authority->Next

·         VSERV1.macroconnect.local\macroconnect-VSERV1-CA -> Next

·         Friendly Name of LyncPrivateEdge

·         Mark key as exportable

·         Macro Connect / IT / US / Michigan / Detroit

 

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 3] YouTube

·         LCP -> External User Access -> External Access Policy : Remote User Access

·         LCP -> External User Access -> Access Edge : Remote User Access

·         Lync Deployment -> Install or Update -> Certificates

o   External Edge cert (make sure you do SHA1 and not SHA2 because older Lync Phone Edition devices cannot use SHA2 until they get new firmware)

o   LyncPublic

o   access.macroconnect.co, lync.macroconnect.co, webservice.macroconnect.co, sip.macroconnect.co, lyncdiscover.macroconnect.co

 

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 3B] YouTube

·         Lync Deployment -> Install or Update -> Certificates

o   Intermediate via mmc

o   Complete Pending in mmc

o   Assign Lync to it

·         Restart Services

 

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 4] YouTube

·         Check for Lync Server updates -> http://www.microsoft.com/download/en/details.aspx?id=11551

o   LyncServerUpdateInstaller.exe to test for all updates (Always current)

o   OR

o   Use either Microsoft Update (Delay about 1 month usually)

·         Restart Services

·         Test Lync Client from outside world

 

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 5] YouTube

·         If used phones, reset them first

o   For CX600 : Unplug power, wait 10 seconds, hold * # while powering up, accept prompt to clear data

o   For CX700 : Insert paper clip in to reset hole by USB port

·         Configure via USB cable

·         Polycom CX600 and CX700 phone update push

o   Download : http://www.microsoft.com/download/en/details.aspx?id=21644

o   Download : http://www.microsoft.com/download/en/details.aspx?id=23866

o   import-csdeviceupdate -identity service:WebServer:vserv3.macroconnect.local -filename c:\ucupdates.cab

o   From Lync Control Panel -> Clients ->  Device Update -> Approve Update

 

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 6] YouTube

·         To enable external anonymous access to conferences

o   LCP -> External User Access -> Access Edge Configuration -> Enable anonymous users

o   Restart Access Edge on VSERV4

·         To enable federation with Office 365

o   LCP -> External User Access -> External Access Policy -> Enable federated users

o   LCP -> External User Access -> Access Edge Configuration -> Enable federation and domain discover

o   If not already configured from earlier step, configure DNS

§  _sipfederationtls._tcp to access.macroconnect.co

o   If not already configured from earlier step, allow 5061 through on the firewall to 10.0.1.214/access.macroconnect.co

o   Allow federation via cmdlet

§  New-CsHostingProvider -Identity "LyncOnline" -Enabled $True -ProxyFqdn "sipfed.online.lync.com" -VerificationLevel UseSourceVerification

o   Restart Front End on VSERV3

o   Restart Access Edge on VSERV4

o   Allow federation in Office 365 Portal via Lync Management

·         To enable Public IM (i.e. AOL), pic.lync.com

o   LCP -> External User Access -> External Access Policy -> Enable public users

o   LCP -> External User Access -> Provider -> Enable AOL

o   Up to a 30 day delay

o   Need one of the following

§  Microsoft Volume Licensing Agreement

§  Microsoft Partner Network

§  Service Provider Licensing Agreement

§  High Volume Services

o   Restart Front End on VSERV3

o   Restart Access Edge on VSERV4

 

[CONFIGURING LYNC ACCESS EDGE ON VSERV4 - STAGE 7] YouTube

·         Configure SSL for lync.macroconnect.co and webservice.macroconnect.co and lyncdiscover.macroconnect.co

o   Export certificate with extending properties from VSERV4

o   Move VSERV4 certificate to desktop on VSERV3

o   Download godaddy intermediate certificate

o   Import intermediate certificate

o   Import Exported certificate

o   Use Lync Deployment Wizard to add it to VSERV3 external web services only

o   Configure Sonicwall for 443 redirection to 4443

§  If necessary, disable popup blocker on Sonicwall 10.0.1.21

§  Create service HTTPS (4443)

§  Create NAT rule: Any, Original, 10.0.1.203 Public, 10.0.1.203 Private, HTTPS, HTTPS (4443)

§  Create NAT rule: Firewalled, 10.0.1.203 Public, 10.0.1.203 Public, 10.0.1.203 Private, HTTPS, HTTPS (4443)

 

[CONFIGURING LYNC MOBILE] YouTube

·         Enable Lync Mobile : http://www.microsoft.com/download/en/confirmation.aspx?id=28355

o   Lync Cumulative Update 4 (CU4)

o   Set-CsWebServer -Identity vserv3.macroconnect.local -McxSipPrimaryListeningPort 5086 -McxSipExternalListeningPort 5087

o   Enable-CsTopology -verbose

o   Install Role-IIS RoleService -> Dynamic Content Compression

o   Lync Mobility : http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=28356

§  Save to C:\ProgramData\Microsoft\Lync Server\Deployment\cache\4.0.7577.0\setup

o   Lync Deployment Wizard

o   To automate login configure autodiscover : http://msunified.net/2011/12/12/enabling-lync-mobility/

§  In DNS setup both lyncdiscover.macroconnect.co CNAME webservice.macroconnect.co and lyncdiscoverinternal.macroconnect.co cname to vserv3.macroconnect.local

§  On Acess Edge server, restart Services

o   Download Lync App from Marketplace

§  If lyndiscover DNS isn't setup, set url to : https://<ExtPoolFQDN>/Autodiscover/autodiscoverservice.svc/Root

o   To allow for push notifications : http://msunified.net/2011/12/12/enabling-lync-mobility/

§  Set-CsPushNotificationConfiguration -EnableApplePushNotificationService $True -EnableMicrosoftPushNotificationService $True

§  If not already completed, New-CsHostingProvider -Identity "LyncOnline" -Enabled $True -ProxyFqdn "sipfed.online.lync.com" -VerificationLevel UseSourceVerification

§  New-CsAllowedDomain -Identity "push.lync.com"

§  In Lync Mobile, enable push notifications

 

[LOCKING DOWN THE ENVIRONMENT] YouTube

·         Lock down firewall rules

o   Address Object : "68.68.120.58-68.68.120.63"

o   "Lync Intelepeer SIP" = TCP 5060 - 5061

o   "Lync Intelepeer RTP" = UDP 5000-65535

o   "Lync SIP Federation" = TCP 5061

o   "Lync STUN" = UDP 3478

o   "Lync AV over TCP" = TCP 50000 - 59999

o   "Lync AV over UDP" = UDP 50000 - 59999

o   "Lync XMPP" = TCP 5269

o   "Lync SIP 4431-4432" = TCP 4431-4432

o   "Lync SIP 443" = TCP 443

o   "Lync Edge Service Group" = Lync AV over TCP + Lync AV over UDP + Lync SIP 443 + Lync SIP 4431-4432 + Lync SIP Federation + Lync STUN (Set 120 minute firewall rule timeout)

o   "Lync Intelepeer Service Group" = Lync SIP + Lync RTP

o   10.0.1.202=173.162.52.171

§  HTTPS to all IPs

§  SMTP to all IPs

o   10.0.1.203=173.162.52.172

§  HTTPS  to all IPs

§  Lync Intelepeer Service Group

o   10.0.1.214=173.162.52.173

§  Lync Edge Service Group

·         For Added security you can configure a Reverse Proxy like ARR or Forefront Threat Management Gateway.  This is recommended but costs more than what has been laid out.

o   Configure ARR with a regular Windows 2008 R2 server OR use Microsoft Forefront Threat Management Gateway

o   Switch 10.0.1.203 NAT rules from VSERV3 to the ARR machine OR the Forefront Threat Management Gateway

 

[CUSTOM PROGRAMMING] YouTube

·         Install Visual Studio 2010 Pro via d:\setup.exe

·         Download UCMA 3.0 SDK : http://www.microsoft.com/download/en/details.aspx?id=10566

·         Download Lync Server SDK (not necessary but has samples in it) : http://www.microsoft.com/download/en/confirmation.aspx?id=19675

·         New Project -> Visual Basic -> .Net 3.5 -> Communications Workflow

·         "Inbound"

·         English United States

·         Program.vb

o   Change : Dim cert as X509Certificate2 = GetLocalCertificate("vserv3.macroconnect.local","MACROCONNECT")

§  If you have any problems compiling, add a break point to this line and step in to it.  It is usually a case sensitivity issue with the certificate name or the issuer.

o   Change : Dim certIssuedTo as String = certificate.GetNameInfo(X509NameTyper.SimpleName, False)

o   Change : 5060 to 5059 (5059 can be any available port to listen with on the server)

o   Change : Dim applicationUri As String = "sip:inbound@macroconnect.co"

o   Change : Dim ocsFqdn As String = "vserv3.macroconnect.local"

·         Create user in AD and Lync named inbound@macroconnect.co

o   "Inbound" "Lync", Test123, No password expiration

o   Specify a SIP URL as sip:inbound@macroconnect.co, Enterprise Voice

·         Drag Speech Statement that says "Welcome to Macro Connect"

·         Test

·         Build

·         Convert program to Windows Service

o   In project properties, switch the project to a Windows Service

o   Add OnStart and OnEnd routines and copy Initialize() and Cleanup() in to them

§  Protected Overrides Sub OnStart(ByVal args() as String)

§  Protected Overrides Sub OnStop()

o   Replace MAIN() routine with the following

§  Dim ServicesToRun() As System.ServiceProcess.ServiceBase

§  ServicesToRun = New System.ServiceProcess.ServiceBase() {New Program}

§  System.ServiceProcess.ServiceBase.Run(ServicesToRun)

o   Copy text below "NotInheritable Class Program"

§  Inherits System.ServiceProcess.ServiceBase

o   Save All to commit to file system

·         From command line run, SC create "Lync Workflow Inbound" binPath= "c:\users\administrator.MACROCONNECT\documents\visual studio 2010\projects\inbound\inbound\bin\inbound.exe"

o   A space is mandatory after the equals sign